yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #83823
[Bug 1894975] [NEW] Cannot overwrite policy rule for 'os_compute_api:servers:create:forced_host:'
Public bug reported:
Description
===========
Change the rule of 'os_compute_api:servers:create:forced_host'
to 'rule:admin_or_owner' in policy file.
But when creating one server with member role, still got
"Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)"
Steps to reproduce
==================
* Change policy file
os_compute_api:servers:create:forced_host: rule:admin_or_owner
* Reboot nova-api service
* Create one server with specified host in member role
openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1
Expected result
===============
Create server successfully
Actual result
=============
Got "Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)"
Environment
===========
git log
commit 0d1fd02b301bbc25c75cb2476b24f3be5d7cda77 (HEAD -> stable/rocky, origin/stable/rocky)
Merge: 837baac9fd c438fd9a0e
Author: Zuul <zuul@xxxxxxxxxxxxxxxxxx>
Date: Thu Sep 3 15:15:47 2020 +0000
Merge "libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live
migration" into stable/rocky
Logs & Configs
==============
/etc/nova/policy.yaml
os_compute_api:servers:create:forced_host: rule:admin_or_owner
/etc/nova/nova.conf
[oslo_policy]
policy_file = /etc/nova/policy.yaml
root@mgt01:~# openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1
Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1894975
Title:
Cannot overwrite policy rule for
'os_compute_api:servers:create:forced_host:'
Status in OpenStack Compute (nova):
New
Bug description:
Description
===========
Change the rule of 'os_compute_api:servers:create:forced_host'
to 'rule:admin_or_owner' in policy file.
But when creating one server with member role, still got
"Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)"
Steps to reproduce
==================
* Change policy file
os_compute_api:servers:create:forced_host: rule:admin_or_owner
* Reboot nova-api service
* Create one server with specified host in member role
openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1
Expected result
===============
Create server successfully
Actual result
=============
Got "Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)"
Environment
===========
git log
commit 0d1fd02b301bbc25c75cb2476b24f3be5d7cda77 (HEAD -> stable/rocky, origin/stable/rocky)
Merge: 837baac9fd c438fd9a0e
Author: Zuul <zuul@xxxxxxxxxxxxxxxxxx>
Date: Thu Sep 3 15:15:47 2020 +0000
Merge "libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live
migration" into stable/rocky
Logs & Configs
==============
/etc/nova/policy.yaml
os_compute_api:servers:create:forced_host: rule:admin_or_owner
/etc/nova/nova.conf
[oslo_policy]
policy_file = /etc/nova/policy.yaml
root@mgt01:~# openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1
Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1894975/+subscriptions
Follow ups
