[openstack-dev] [Keystone] Removed admin role from admin user/tenant, can't add back
Jamie Lennox
jamielennox at redhat.com
Fri Jul 25 00:27:36 UTC 2014
On Thu, 2014-07-24 at 22:44 +0000, Pendergrass, Eric wrote:
> In an effort to test ceilometer roles I removed the admin role from
> the admin tenant and user. Now I can’t add it back since I don’t have
> a user/tenant combo with the admin role:
>
>
>
> keystone user-role-add --role e4252b63c308470b8cb7f77c37d27632 --user
> 8c678720fb5b4e3bb18dee222d7d7933 --tenant
> 9229d9ffed3d4fe2aa00d7575acd7ada
>
> You are not authorized to perform the requested action: admin_required
> (Disable debug mode to suppress these details.) (HTTP 403)
>
>
>
> Is there a way to do this in the mysql database if I know the
> user/tenant/role IDs? Or, is there another way with keystone client?
You could do it via the database, creating the role is simple enough to
follow via the other examples in the role table. Then follow the other
examples in the assignment table to assign the role to a user to
associate user with role on project.
The easier way would be to use the admin_token you can define in
keystone.conf and you should have the permissions required to recreate
everything via the CLI.
Jamie
>
> Thanks,
>
> Eric
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list