[Openstack-operators] Help with horizon and v3 auth

Abel Lopez alopgeek at gmail.com
Fri Feb 5 23:00:17 UTC 2016


Actually, "identity:get_project" : "" seems ok, there's plenty of other actions with that lack of restriction.
get_auth_catalog, get_auth_domains, get_region.

> On Feb 5, 2016, at 2:55 PM, Abel Lopez <alopgeek at gmail.com> wrote:
> 
> After digging around and switching my distribution to RDO (I was testing OSP8 beta)
> I saw that the error was 403 forbidden to do "identity:get_project", which by policy is "admin_only"
> I'm currently testing with of the more lax rules allow it to work, as simply setting it to "" worked, but is too open IMO.
> 
>> On Feb 5, 2016, at 7:59 AM, Abel Lopez <alopgeek at gmail.com <mailto:alopgeek at gmail.com>> wrote:
>> 
>> Nah, I had that error previously, and added the keymgr section.
>> Just seeing a bunch of 404s when horizon tries to get the "project Id" using the /tenant URL.
>> 
>> On Friday, February 5, 2016, Matt Fischer <matt at mattfischer.com <mailto:matt at mattfischer.com>> wrote:
>> Are you seeing the cinder Volume limit error?
>> 
>> If that's the issue the work around is here in the bug description.
>> 
>> https://bugs.launchpad.net/tripleo/+bug/1521639 <https://bugs.launchpad.net/tripleo/+bug/1521639>
>> On Feb 4, 2016 10:31 PM, "Abel Lopez" <alopgeek at gmail.com <javascript:_e(%7B%7D,'cvml','alopgeek at gmail.com');>> wrote:
>> Hey everyone,
>> In my liberty testing, I've got keystone v3 setup, and everything seems to work, except certain cinder functions
>> 
>> Using openstack client, I can boot an instance from image to a new volume.
>> Using horizon, this fails. I have followed the v3 guides, having setup local_settings to have OPENSTACK_API_VERSION with 'identity': 3,
>> and also having the /v3 endpoint.
>> 
>> The logs indicate that horizon can't find the tenant id. When I saw this using the CLI, the fix was to add the 'endpoint_template' substituting "tenant_id" with "project_id"
>> 
>> Does anyone know of any additional changes needed to make horizon work with auth v3 backend?
>> 
>> 
>> 
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org <javascript:_e(%7B%7D,'cvml','OpenStack-operators at lists.openstack.org');>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators>
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160205/cc2b5831/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160205/cc2b5831/attachment.pgp>


More information about the OpenStack-operators mailing list