[Openstack-operators] Non-admin users and euca-allocate-address
Luis D. Pedrosa
luis.pedrosa at usc.edu
Fri Sep 23 01:12:48 UTC 2011
I am operating a small OpenStack cluster for my Research Lab and a
Cloud Computing class at my University. I am setting things up so that
the students in the class have limited accounts under tight quotas
that they can use to run their class projects.
So far I got everything running and it works fine for my account with
admin privileges. However, I am having trouble with the students'
Specifically, the euca-allocate-address command fails with the
Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
EC2ResponseError: 401 Unauthorized
This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.
nova-api.log further adds:
2011-09-22 18:08:19,934 AUDIT nova.api [W6NJIUHVM6FZMD5UR9QN
cs694-proj10 cs694-proj10] Authenticated Request For
2011-09-22 18:08:19,935 DEBUG nova.api [-] action: AllocateAddress
from (pid=8560) __call__
2011-09-22 18:08:20,000 AUDIT nova.api [W6NJIUHVM6FZMD5UR9QN
cs694-proj10 cs694-proj10] Unauthorized request for
controller=CloudController and action=AllocateAddress
2011-09-22 18:08:20,002 INFO nova.api [W6NJIUHVM6FZMD5UR9QN
cs694-proj10 cs694-proj10] 0.249850s 22.214.171.124 GET
/services/Cloud/ CloudController:AllocateAddress 401 [Boto/1.9b
(linux2)] text/plain text/plain
The floating IPs are properly configured since everything works fine
with my admin account. Permissions should also not be an issue as I
have set each student account as project developer, netadmin, and
sysadmin for their respective projects.
Am I missing something? Does anyone have any thoughts on how to fix this?
-- Luis D. Pedrosa
More information about the Openstack-operators