[Openstack-operators] Folsom ERROR: Policy doesn't allow xxx to be performed

Jesse Pretorius jesse.pretorius at gmail.com
Fri May 17 19:06:39 UTC 2013


Hi everyone,

I have a rather odd error which has me flummoxed. I'm hoping that someone
can point me in the right direction before I rebuild the environment, yet
again.

The environment I've built has been using the rcbops (folsom branch)
chef-cookbooks and is multi-node. While everything has deployed properly
I'm stuck with a situation that while keystone responds to my queries, nova
refuses.

Sample queries are noted here: http://paste.openstack.org/show/37411/

I've removed the irrelevant tenants/users. They key is that the admin user
is in the admin tenant the same user/tenant is in the admin role for the
entire system. And yet somehow I'm stuck with the nova policy errors:

root at ctpknc001:~# nova flavor-list
ERROR: Policy doesn't allow compute_extension:flavorextraspecs to be
performed. (HTTP 403) (Request-ID: req-bd265806-1a10-44df-826d-4546857920b9)
root at ctpknc001:~# nova host-list
ERROR: Policy doesn't allow compute_extension:hosts to be performed. (HTTP
403) (Request-ID: req-4f6e4025-b489-4c79-9679-90cbaeb3377f)

The flavor-list policy, on inspection, allows listing regardless of who the
user is. This is particularly perplexing!

If someone has a hint/clue for where the problem might be, please let me
know asap.

Best regards,

Jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130517/da4f413b/attachment.html>


More information about the OpenStack-operators mailing list