[Openstack-operators] Non-admin users and euca-allocate-address
Luis D. Pedrosa
luis.pedrosa at usc.edu
Fri Sep 23 01:12:48 UTC 2011
Hi everyone,
I am operating a small OpenStack cluster for my Research Lab and a
Cloud Computing class at my University. I am setting things up so that
the students in the class have limited accounts under tight quotas
that they can use to run their class projects.
So far I got everything running and it works fine for my account with
admin privileges. However, I am having trouble with the students'
non-admin accounts.
Specifically, the euca-allocate-address command fails with the
following message:
----
Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
EC2ResponseError: 401 Unauthorized
401 Unauthorized
This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.
----
nova-api.log further adds:
----
2011-09-22 18:08:19,934 AUDIT nova.api [W6NJIUHVM6FZMD5UR9QN
cs694-proj10 cs694-proj10] Authenticated Request For
cs694-proj10:cs694-proj10)
2011-09-22 18:08:19,935 DEBUG nova.api [-] action: AllocateAddress
from (pid=8560) __call__
/usr/lib/pymodules/python2.7/nova/api/ec2/__init__.py:216
2011-09-22 18:08:20,000 AUDIT nova.api [W6NJIUHVM6FZMD5UR9QN
cs694-proj10 cs694-proj10] Unauthorized request for
controller=CloudController and action=AllocateAddress
2011-09-22 18:08:20,002 INFO nova.api [W6NJIUHVM6FZMD5UR9QN
cs694-proj10 cs694-proj10] 0.249850s 128.125.124.106 GET
/services/Cloud/ CloudController:AllocateAddress 401 [Boto/1.9b
(linux2)] text/plain text/plain
----
The floating IPs are properly configured since everything works fine
with my admin account. Permissions should also not be an issue as I
have set each student account as project developer, netadmin, and
sysadmin for their respective projects.
Am I missing something? Does anyone have any thoughts on how to fix this?
Thanks!
-- Luis D. Pedrosa
More information about the Openstack-operators
mailing list