[Openstack-operators] [gnocchi] Gnocchi, keystone, and Openstack Mitaka

gordon chung gord at live.ca
Mon Feb 27 20:17:37 UTC 2017 

can you add what version of gnocchi, gnocchiclient and oslo.policy you 
have? might be easier if open a bug[1]. i don't see anything wrong at 
first glance and i don't recall there being a similar issue in past.

[1] https://bugs.launchpad.net/gnocchi

On 23/02/17 11:54 AM, Tracy Comstock Roesler wrote:
> I’ve run into a problem with the gnocchi CLI.  Whenever I run ‘gnocchi
> status’ I get a 403 Forbidden, but I can run other commands like
> 'gnocchi resource create’ no problem.
>
> I’ve checked the policy.json and it looks like “admin” has rights to get
> status, the same as create resources.  I cannot figure out why get
> status would show a 403 forbidden, but I can run other commands just fine.
>
> [root ~] # gnocchi status --debug
> REQ: curl -g -i -X GET http://keystone:35357/v3 -H "Accept:
> application/json" -H "User-Agent: keystoneauth1/2.4.1
> python-requests/2.10.0 CPython/2.7.5"
> Starting new HTTP connection (1): keystone
> "GET /v3 HTTP/1.1" 200 277
> RESP: [200] Content-Type: application/json Content-Length: 277
> Connection: keep-alive Date: Thu, 23 Feb 2017 16:52:40 GMT Server:
> Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 Vary: X-Auth-Token
> x-openstack-request-id: req-189a8db8-6210-4735-bc66-b2dc90b00a38
> RESP BODY: {"version": {"status": "stable", "updated":
> "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json",
> "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6",
> "links": [{"href": "http://keystone:35357/v3/", "rel": "self"}]}}
>
> Making authentication request to http://keystone:35357/v3/auth/tokens
> "POST /v3/auth/tokens HTTP/1.1" 201 3874
> REQ: curl -g -i -X GET http://gnocchi:8041/v1/status -H "User-Agent:
> keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5" -H "Accept:
> application/json, */*" -H "X-Auth-Token: {SHA1}AAA"
> Starting new HTTP connection (1): gnocchi
> "GET /v1/status HTTP/1.1" 403 54
> RESP: [403] Content-Type: application/json; charset=UTF-8
> Content-Length: 54 Connection: keep-alive Server: Werkzeug/0.9.1
> Python/2.7.5 Date: Thu, 23 Feb 2017 16:52:40 GMT
> RESP BODY: {"code": 403, "description": "", "title": "Forbidden"}
>
> Forbidden (HTTP 403)
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/cliff/app.py", line 346, in
> run_subcommand
>     result = cmd.run(parsed_args)
>   File "/usr/lib/python2.7/site-packages/cliff/display.py", line 79, in run
>     column_names, data = self.take_action(parsed_args)
>   File
> "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status_cli.py", line
> 21, in take_action
>     status = self.app.client.status.get()
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status.py",
> line 21, in get
>     return self._get(self.url).json()
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/base.py", line
> 37, in _get
>     return self.client.api.get(*args, **kwargs)
>   File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line
> 173, in get
>     return self.request(url, 'GET', **kwargs)
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/client.py", line
> 38, in request
>     raise exceptions.from_response(resp, method)
> Forbidden: Forbidden (HTTP 403)
> Traceback (most recent call last):
>   File "/usr/bin/gnocchi", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/shell.py", line
> 211, in main
>     return GnocchiShell().run(args)
>   File "/usr/lib/python2.7/site-packages/cliff/app.py", line 226, in run
>     result = self.run_subcommand(remainder)
>   File "/usr/lib/python2.7/site-packages/cliff/app.py", line 346, in
> run_subcommand
>     result = cmd.run(parsed_args)
>   File "/usr/lib/python2.7/site-packages/cliff/display.py", line 79, in run
>     column_names, data = self.take_action(parsed_args)
>   File
> "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status_cli.py", line
> 21, in take_action
>     status = self.app.client.status.get()
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status.py",
> line 21, in get
>     return self._get(self.url).json()
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/base.py", line
> 37, in _get
>     return self.client.api.get(*args, **kwargs)
>   File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line
> 173, in get
>     return self.request(url, 'GET', **kwargs)
>   File "/usr/lib/python2.7/site-packages/gnocchiclient/client.py", line
> 38, in request
>     raise exceptions.from_response(resp, method)
> gnocchiclient.exceptions.Forbidden: Forbidden (HTTP 403)
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

-- 
gord

More information about the OpenStack-operators mailing list