[Openstack-operators] Non-admin users and euca-allocate-address

Luis D. Pedrosa luis.pedrosa at usc.edu
Fri Sep 23 01:12:48 UTC 2011

Hi everyone,

I am operating a small OpenStack cluster for my Research Lab and a  
Cloud Computing class at my University. I am setting things up so that  
the students in the class have limited accounts under tight quotas  
that they can use to run their class projects.

So far I got everything running and it works fine for my account with  
admin privileges. However, I am having trouble with the students'  
non-admin accounts.

Specifically, the euca-allocate-address command fails with the  
following message:
Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
EC2ResponseError: 401 Unauthorized
401 Unauthorized

This server could not verify that you are authorized to access the  
document you requested. Either you supplied the wrong credentials  
(e.g., bad password), or your browser does not understand how to  
supply the credentials required.

nova-api.log further adds:
2011-09-22 18:08:19,934 AUDIT nova.api [W6NJIUHVM6FZMD5UR9QN  
cs694-proj10 cs694-proj10] Authenticated Request For  
2011-09-22 18:08:19,935 DEBUG nova.api [-] action: AllocateAddress  
from (pid=8560) __call__  
2011-09-22 18:08:20,000 AUDIT nova.api [W6NJIUHVM6FZMD5UR9QN  
cs694-proj10 cs694-proj10] Unauthorized request for  
controller=CloudController and action=AllocateAddress
2011-09-22 18:08:20,002 INFO nova.api [W6NJIUHVM6FZMD5UR9QN  
cs694-proj10 cs694-proj10] 0.249850s GET  
/services/Cloud/ CloudController:AllocateAddress 401 [Boto/1.9b  
(linux2)] text/plain text/plain

The floating IPs are properly configured since everything works fine  
with my admin account. Permissions should also not be an issue as I  
have set each student account as project developer, netadmin, and  
sysadmin for their respective projects.

Am I missing something? Does anyone have any thoughts on how to fix this?


-- Luis D. Pedrosa

More information about the Openstack-operators mailing list