Unfortunately, I don't have any other idea at the moment, and for some
reason I can't get application credentials to work either, but it's
not related to an unfound image. But I assume you can launch instances
withtout application credentials with the mentioned image or does that
fail as well? Not sure if that was already answered in previous
messages.
Zitat von Naveen <naveen@zybisys.com>:
> Hi Eugen,
>
>
>
> Thank you for your response. You are correct; an image cannot be
> public and private at the same time. I apologize for any confusion.
> I meant to convey that I have tried setting the image to all
> possible visibility levels (public, shared, and community) one at a
> time.
>
>
>
> I have attached a screenshot for your reference. Could you please
> help me resolve this issue?
>
>
>
>
>
>
>
> ---- On Tue, 30 Jul 2024 18:48:45 +0530 Thamanna Farhath
> <thamanna.f@zybisys.com> wrote ---
>
>
>
>
>
>
>
>
>
>
>
> ---- On Tue, 30 Jul 2024 16:50:15 +0530 Eugen Block
> <mailto:eblock@nde.ag> wrote ---
>
>
>
>> Visibility Settings: I confirmed that the image is set to all
>> visibility levels (public, shared, community, and private).
>
> What do you mean by that? Your image can't be public and private at
> the same time. Can you paste the output of 'openstack image show
> <image>'?
>
>
> Zitat von Naveen <mailto:naveen@zybisys.com>:
>
>> hey Jadon, Thanks for your response.
>>
>>
>>
>> I have checked all the suggested areas:
>>
>>
>>
>> Image Access: I verified that the image is accessible by running
>> openstack image show <image-name>, and it appears to be available.
>>
>>
>>
>> Visibility Settings: I confirmed that the image is set to all
>> visibility levels (public, shared, community, and private).
>>
>>
>>
>> Credentials and Policies: The application credential access rule and
>> the Nova policy file rule appear to be correctly configured.
>>
>>
>>
>> Despite these checks, I am still encountering the same error
>> message: "Can not find requested image."
>>
>>
>> is any other way to solve this problem?
>>
>>
>>
>>
>>
>>
>> ---- On Mon, 29 Jul 2024 19:45:40 +0530 Jadon Naas
>> <mailto:jadon.naas@canonical.com> wrote ---
>>
>>
>>
>> Hello Naveen!
>>
>> That error message "Can not find requested image" sounds like
>> OpenStack cannot find the image you are passing in as the image to
>> use when creating an instance. Can you check to make sure that you
>> can access the image (such as by running openstack image show
>> <image-name> with the name of the image in place of <image-name>) as
>> the user account that created the application credential?
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Jadon
>>
>>
>>
>> On Sat, Jul 27, 2024 at 8:01 AM Naveen
>> <mailto:mailto:naveen@zybisys.com> wrote:
>>
>>
>>
>>
>>
>> Hello, Thanks for your Support i got a result but im facing a new
>> issue if i tried to create a server getting error like this
>>
>>
>>
>> {
>>
>> "badRequest": {
>>
>> "code": 400,
>>
>> "message": "Can not find requested image"
>>
>> }
>>
>> }
>>
>>
>>
>> This is my application credential access rule with member role.
>>
>>
>>
>> "service": "compute",
>>
>> "path": "/v2.1/servers",
>>
>> "method": "POST"
>>
>>
>>
>> and also checked this in all(public,shared,community,private) visibility
>>
>>
>>
>> this is my rule given in nova policy file
>> "os_compute_api:servers:create": "rule:project_member_or_admin"
>>
>>
>>
>> Thanks in advance
>>
>>
>>
>>
>>
>>
>>
>> ---- On Sat, 27 Jul 2024 17:29:34 +0530 Naveen
>> <mailto:mailto:naveen@zybisys.com> wrote ---
>>
>>
>>
>>
>>
>> Hello, Thanks for your Support i got a result but im facing a new
>> issue if i tried to create a server getting error like this
>>
>>
>>
>>
>>
>> {
>>
>> "badRequest": {
>>
>> "code": 400,
>>
>> "message": "Can not find requested image"
>>
>> }
>>
>> }
>>
>>
>>
>> This is my application credential access rule with member role.
>>
>>
>>
>> "service": "compute",
>>
>> "path": "/v2.1/servers",
>>
>> "method": "POST"
>>
>>
>>
>> and also checked this in all(public,shared,community,private) visibility
>>
>>
>>
>> this is my rule given in nova policy file
>> "os_compute_api:servers:create": "rule:project_member_or_admin"
>>
>>
>>
>>
>>
>> Thanks in advance
>>
>>
>>
>> ---- On Thu, 25 Jul 2024 16:03:16 +0530 <mailto:mailto:smooney@redhat.com>
>> wrote ---
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thu, 2024-07-25 at 05:13 +0000, mailto:mailto:openstack@tr.id.au wrote:
>>> Hi Naveen,
>>>
>>> A few things come to mind:
>>>
>>> - Do an openstack application credential show on the AC to verify
>>> it picked up any necessary roles. Also check the --
>>> role option when creating the AC.
>> so it might be related to SRBAC and https://launchpad.net/bugs/2030061
>> https://review.opendev.org/c/openstack/keystone/+/893737
>> so yes you man need to ensure you have the correcct reader role in
>> addtion to member if appropriate.
>>
>>> - Try adding an additional rule similar to the first but with
>>> "path": "/v2.1/servers/detail". The openstack server
>>> list command seems to use the detail endpoint; it failed for my
>>> AC until the extra rule was added.
>>> - The nova-api service for your openstack cloud needs to have
>>> service_type set before access rules will be
>>> understood. This is documented at
>>> https://docs.openstack.org/keystone/latest/user/application_credentials.html#access-rules. If you don't
>>> have
>>> admin
>>> access to your cloud, you may need to raise a support ticket with
>>> your service provider and ask them to check that
>>> this has been done.
>>>
>>> Cheers,
>>>
>>> Tim
>>>
>>> On Thursday, 25 July 2024 at 14:16, Naveen Anbarasu
>>> <mailto:mailto:nawin8056@gmail.com> wrote:
>>>
>>> > Hi team,
>>> >
>>> > I have created an application credential for the compute service
>>> and successfully obtained a token.
>>> > Access rule:
>>> > "service": "compute",
>>> > "method": "GET",
>>> > "path": "/v2.1/servers"
>>> >
>>> > However, when using the token to retrieve the server list, I
>>> receive a Error 403 Forbidden error with the message:
>>> > 'Policy doesn't allow os_compute_api:servers to be performed.
>>> >
>>> > But i have a necessary permission within the respective project
>>> (member role)
>>> >
>>> > How can I solve this problem?
>>> >
>>> > Thanks in advance
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Disclaimer : The content of this email and any
>> files transmitted with it are confidential and intended solely for
>> the use of
>> the individual or entity to which they are addressed. If you have
>> received this
>> email in error, please notify the sender and remove the messages from your
>> system. If you are not the named addressee, it is strictly forbidden
>> for you to
>> share, circulate, distribute or copy any part of this e-mail to any
>> third party
>> without the written consent of the sender.
>>
>>
>>
>> E-mail transmission cannot be guaranteed to be
>> secured or error free as information could be intercepted, corrupted, lost,
>> destroyed, arrive late, incomplete, or may contain viruses. Therefore, we do
>> not accept liability for any errors or omissions in the contents of this
>> message, which arise as a result of e-mail transmission. The
>> recipient should
>> check this e-mail and any attachments for the presence of viruses.
>> The company
>> accepts no liability for any damage caused by any virus transmitted by this
>> email."
>> Disclaimer : The content of this email and any files transmitted
>> with it are confidential and intended solely for the use of the
>> individual or entity to which they are addressed. If you have
>> received this email in error, please notify the sender and remove
>> the messages from your system. If you are not the named addressee,
>> it is strictly forbidden for you to share, circulate, distribute or
>> copy any part of this e-mail to any third party without the written
>> consent of the sender.
>>
>>
>>
>> E-mail transmission cannot be guaranteed to be secured or error free
>> as information could be intercepted, corrupted, lost, destroyed,
>> arrive late, incomplete, or may contain viruses. Therefore, we do
>> not accept liability for any errors or omissions in the contents of
>> this message, which arise as a result of e-mail transmission. The
>> recipient should check this e-mail and any attachments for the
>> presence of viruses. The company accepts no liability for any damage
>> caused by any virus transmitted by this email."
> Disclaimer : The content of this email and any files transmitted
> with it are confidential and intended solely for the use of the
> individual or entity to which they are addressed. If you have
> received this email in error, please notify the sender and remove
> the messages from your system. If you are not the named addressee,
> it is strictly forbidden for you to share, circulate, distribute or
> copy any part of this e-mail to any third party without the written
> consent of the sender.
>
>
>
> E-mail transmission cannot be guaranteed to be secured or error free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late, incomplete, or may contain viruses. Therefore, we do
> not accept liability for any errors or omissions in the contents of
> this message, which arise as a result of e-mail transmission. The
> recipient should check this e-mail and any attachments for the
> presence of viruses. The company accepts no liability for any damage
> caused by any virus transmitted by this email."