Dear all, I'm running OpenStack Caracal on AlmaLinux 9.5 and I'm trying to modify the nova policy file to allow the reboot of a server only to the admin and to the owner of the VM (but not to all members of the same project). I have updated the policy (as I already dis for other actions like stop) as follows: "os_compute_api:servers:reboot": "rule:context_is_admin or user_id:%(user_id)s" But the owner is unable to perform the reboot. When I try to reboot one of my own instances I get the following error:
openstack server reboot 97a32e4c-2e56-4d75-b0c4-5ac4da278421 --debug
Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/cliff/app.py", line 410, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python3.9/site-packages/osc_lib/command/command.py", line 38, in run return super(Command, self).run(parsed_args) File "/usr/lib/python3.9/site-packages/cliff/command.py", line 181, in run return_code = self.take_action(parsed_args) or 0 File "/usr/lib/python3.9/site-packages/openstackclient/compute/v2/server.py", line 3279, in take_action compute_client.reboot_server(server_id, parsed_args.reboot_type) File "/usr/lib/python3.9/site-packages/openstack/compute/v2/_proxy.py", line 879, in reboot_server server.reboot(self, reboot_type) File "/usr/lib/python3.9/site-packages/openstack/compute/v2/server.py", line 353, in reboot self._action(session, body) File "/usr/lib/python3.9/site-packages/openstack/compute/v2/server.py", line 318, in _action exceptions.raise_from_response(response) File "/usr/lib/python3.9/site-packages/openstack/exceptions.py", line 247, in raise_from_response raise cls( openstack.exceptions.ForbiddenException: ForbiddenException: 403: Client Error for url: https://cloud-areapd-test.pd.infn.it:8774/v2.1/servers/97a32e4c-2e56-4d75-b0..., Policy doesn't allow os_compute_api:servers:reboot to be performed. clean_up RebootServer: ForbiddenException: 403: Client Error for url: https://cloud-areapd-test.pd.infn.it:8774/v2.1/servers/97a32e4c-2e56-4d75-b0..., Policy doesn't allow os_compute_api:servers:reboot to be performed. END return value: 1 Do you know what could be causing this? I’m able to start and stop this same VM without any issues, so I expected reboot to work with the same policy. Thanks, cheers Federica -- Federica Fanzago INFN Sezione di Padova Via Marzolo, 8 35131 Padova - Italy Tel: +39 049.967.7367 --