[Openstack-operators] Gnocchi, keystone, and Openstack Mitaka
Tracy Comstock Roesler
tracycomstock at overstock.com
Thu Feb 23 16:54:59 UTC 2017
I’ve run into a problem with the gnocchi CLI. Whenever I run ‘gnocchi status’ I get a 403 Forbidden, but I can run other commands like 'gnocchi resource create’ no problem.
I’ve checked the policy.json and it looks like “admin” has rights to get status, the same as create resources. I cannot figure out why get status would show a 403 forbidden, but I can run other commands just fine.
[root ~] # gnocchi status --debug
REQ: curl -g -i -X GET http://keystone:35357/v3 -H "Accept: application/json" -H "User-Agent: keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5"
Starting new HTTP connection (1): keystone
"GET /v3 HTTP/1.1" 200 277
RESP: [200] Content-Type: application/json Content-Length: 277 Connection: keep-alive Date: Thu, 23 Feb 2017 16:52:40 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 Vary: X-Auth-Token x-openstack-request-id: req-189a8db8-6210-4735-bc66-b2dc90b00a38
RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "http://keystone:35357/v3/", "rel": "self"}]}}
Making authentication request to http://keystone:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 3874
REQ: curl -g -i -X GET http://gnocchi:8041/v1/status -H "User-Agent: keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5" -H "Accept: application/json, */*" -H "X-Auth-Token: {SHA1}AAA"
Starting new HTTP connection (1): gnocchi
"GET /v1/status HTTP/1.1" 403 54
RESP: [403] Content-Type: application/json; charset=UTF-8 Content-Length: 54 Connection: keep-alive Server: Werkzeug/0.9.1 Python/2.7.5 Date: Thu, 23 Feb 2017 16:52:40 GMT
RESP BODY: {"code": 403, "description": "", "title": "Forbidden"}
Forbidden (HTTP 403)
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 346, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/site-packages/cliff/display.py", line 79, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status_cli.py", line 21, in take_action
status = self.app.client.status.get()
File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status.py", line 21, in get
return self._get(self.url).json()
File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/base.py", line 37, in _get
return self.client.api.get(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/gnocchiclient/client.py", line 38, in request
raise exceptions.from_response(resp, method)
Forbidden: Forbidden (HTTP 403)
Traceback (most recent call last):
File "/usr/bin/gnocchi", line 10, in <module>
sys.exit(main())
File "/usr/lib/python2.7/site-packages/gnocchiclient/shell.py", line 211, in main
return GnocchiShell().run(args)
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 226, in run
result = self.run_subcommand(remainder)
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 346, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/site-packages/cliff/display.py", line 79, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status_cli.py", line 21, in take_action
status = self.app.client.status.get()
File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status.py", line 21, in get
return self._get(self.url).json()
File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/base.py", line 37, in _get
return self.client.api.get(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/gnocchiclient/client.py", line 38, in request
raise exceptions.from_response(resp, method)
gnocchiclient.exceptions.Forbidden: Forbidden (HTTP 403)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170223/7603878c/attachment.html>
More information about the OpenStack-operators
mailing list