[keystone] presence of policy.json breaks Keystone?
Bernd Bausch
berndbausch at gmail.com
Tue Sep 24 03:46:37 UTC 2019
This is on a stable Stein Devstack. Problem description:
ubuntu at devstack:~$ oslopolicy-sample-generator --namespace keystone
>/etc/keystone/policy.json
ubuntu at devstack:~$ openstack user list
Internal Server Error (HTTP 500)
Note that I did not modify the policy.json file above. It's mere
presence is sufficient to cause the problem. When I remove it and
restart Keystone, the problem goes away.
The Keystone log contains a huge stacktrace with two methods in
oslopolicy/_checks.py playing ping-pong with each other until they give
up with RuntimeError: maximum recursion depth exceeded.
This only happens with Keystone. Nova and Cinder (which also keep policy
in code) are fine.
This looks like a bug, but I didn't find it in launchpad. Is there a
workaround? I would like to use a modified Keystone policy in a training
course.
Thanks for any feedback.
Bernd.
More information about the openstack-discuss
mailing list