← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #80412

[Bug 1848514] [NEW] Booting from volume providing an image fails

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Trying to create an instance (booting from volume when specifying an image) fails.
Running Stein (19.0.1)

###
When using:
###
nova boot --flavor FLAVOR_ID --block-device source=image,id=IMAGE_ID,dest=volume,size=10,shutdown=preserve,bootindex=0 INSTANCE_NAME

###
nova-compute logs:
###

Instance failed block device setup Forbidden: Policy doesn't allow
volume:update_volume_admin_metadata to be performed. (HTTP 403)
(Request-ID: req-875cc6e1-ffe1-45dd-b942-944166c6040a)

The full trace:
http://paste.openstack.org/raw/784535/


Definitely this is a policy issue!
Our cinder policy: "volume:update_volume_admin_metadata": "rule:admin_api" (default)
Using an user with admin credentials works as expected!

Is this expected? we didn't identified this behaviour previously (before
stein) using the same policy for "update_volume_admin_metadata"

Found an old similar report:
https://bugs.launchpad.net/nova/+bug/1661189

** Affects: nova
     Importance: Undecided
     Assignee: Surya Seetharaman (tssurya)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1848514

Title:
  Booting from volume providing an image fails

Status in OpenStack Compute (nova):
  New

Bug description:
  Trying to create an instance (booting from volume when specifying an image) fails.
  Running Stein (19.0.1)

  ###
  When using:
  ###
  nova boot --flavor FLAVOR_ID --block-device source=image,id=IMAGE_ID,dest=volume,size=10,shutdown=preserve,bootindex=0 INSTANCE_NAME

  ###
  nova-compute logs:
  ###

  Instance failed block device setup Forbidden: Policy doesn't allow
  volume:update_volume_admin_metadata to be performed. (HTTP 403)
  (Request-ID: req-875cc6e1-ffe1-45dd-b942-944166c6040a)

  The full trace:
  http://paste.openstack.org/raw/784535/

  
  Definitely this is a policy issue!
  Our cinder policy: "volume:update_volume_admin_metadata": "rule:admin_api" (default)
  Using an user with admin credentials works as expected!

  Is this expected? we didn't identified this behaviour previously
  (before stein) using the same policy for
  "update_volume_admin_metadata"

  Found an old similar report:
  https://bugs.launchpad.net/nova/+bug/1661189

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1848514/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next