Yes, user1 created this cluster. I am user1 and I did it myself. How do I check the user_id of the cluster? I am not able to see cluster status. (venv-openstack) root@os-eng-ctrl-01:~# openstack coe cluster show dev2 +----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ | status | CREATE_COMPLETE | | health_status | HEALTHY | | cluster_template_id | a998b58d-fcf5-4cf8-84fb-3febd368e321 | | node_addresses | [] | | uuid | e08d6cd5-fe99-4311-a167-077d2c024827 | | stack_id | kube-3cm4o | | status_reason | None | | created_at | 2024-04-23T19:15:02+00:00 | | updated_at | 2024-04-23T19:20:44+00:00 | | coe_version | v1.27.4 | | labels | {'kube_tag': 'v1.27.4', 'ingress_controller': 'octavia', 'cloud_provider_enabled': 'true', 'availability_zone': 'general', 'auto_scaling_enabled': | | | 'False', 'auto_healing_enabled': 'False'} | | labels_overridden | {} | | labels_skipped | {} | | labels_added | {'auto_scaling_enabled': 'False', 'auto_healing_enabled': 'False'} | | fixed_network | None | | fixed_subnet | None | | floating_ip_enabled | True | | faults | | | keypair | user1-sshkey | | api_address | https://10.0.27.218:6443 | | master_addresses | [] | | master_lb_enabled | False | | create_timeout | 60 | | node_count | 2 | | discovery_url | | | docker_volume_size | None | | master_count | 1 | | container_version | None | | name | dev2 | | master_flavor_id | gen.c4-m8-d40 | | flavor_id | gen.c4-m8-d40 | | health_status_reason | {'kube-3cm4o-default-worker-47w4d-8ml4f-n2sjh.Ready': 'True', 'kube-3cm4o-default-worker-47w4d-8ml4f-n4jb4.Ready': 'True', 'kube-3cm4o-zxxwk- | | | lqvdh.Ready': 'True'} | | project_id | 65261738576843ce92d21899a5f86621 | +----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ On Wed, Apr 24, 2024 at 3:12 AM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Satish,
Does user1 own the cluster? there is a check for user_id.
Regards, Jake
On 24/4/2024 6:13 am, Satish Patel wrote:
Folks,
I have recently deployed openstack 2023.1 using kolla-ansible and after setting up magnum I noticed the following policy error when obtaining cards. After reading [1] the policy file looks like it needs a reader role to obtain a certificate. I have assigned the "reader" role to the user but still getting the same error message and no luck.
$ openstack role add --user user1 --user-domain mydomain1 --project myproject1 reader
# Reload User Creds RC file.
$ openstack coe cluster config dev2 Policy doesn't allow certificate:get to be performed (HTTP 403) (Request-ID: req-7445ef3c-52a3-4911-97f6-1fb25d9fac1f)
What else could be wrong here?
1.
https://docs.openstack.org/magnum/latest/configuration/sample-policy.html <https://docs.openstack.org/magnum/latest/configuration/sample-policy.html