← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1414252] [NEW] Horizon throws unauthorized 403 error for cloud admin in domain setup

 

Public bug reported:

I have a devstack running following components
1.keystone
2.heat 
3.nova
4.horizon
5.cinder
 
For this open stack setup I wanted to enable domain feature, define admin boundaries.  To enable the domains, these changes were made : 
1. Changed the token format from PKI to UUID
2. added auth_version = v3.0  under [auth_token:fillter] section of all the api-paste.ini file of all the services 
3. updated the endpoints to point to v3 
4. restarted all the services 
5. Changed the default keystone policy.json with policy.v3sample.json and set the admin_domain_id to default 

I horizons local_settings.py file 
1. set the OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT to True
2. updated the enpoint to point to localhost:5000/v3
 

after all these changes when I try to login into the default domain with
admin credentials , i get ubale retirve domain list , unable retrive
project list errors horizons dashboard.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1414252

Title:
  Horizon throws unauthorized 403 error for cloud admin in domain setup

Status in OpenStack Identity (Keystone):
  New

Bug description:
  I have a devstack running following components
  1.keystone
  2.heat 
  3.nova
  4.horizon
  5.cinder
   
  For this open stack setup I wanted to enable domain feature, define admin boundaries.  To enable the domains, these changes were made : 
  1. Changed the token format from PKI to UUID
  2. added auth_version = v3.0  under [auth_token:fillter] section of all the api-paste.ini file of all the services 
  3. updated the endpoints to point to v3 
  4. restarted all the services 
  5. Changed the default keystone policy.json with policy.v3sample.json and set the admin_domain_id to default 

  I horizons local_settings.py file 
  1. set the OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT to True
  2. updated the enpoint to point to localhost:5000/v3
   

  after all these changes when I try to login into the default domain
  with admin credentials , i get ubale retirve domain list , unable
  retrive project list errors horizons dashboard.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1414252/+subscriptions


Follow ups

References