[Openstack] [heat] identity:create_domain failed (403)

David Hill david.hill at ubisoft.com
Tue Apr 28 16:53:23 UTC 2015


Hi guys,

    In order to set the domains in icehouse, we needed the following patch:


--- heat-keystone-setup-domain  2015-04-23 17:50:08.000000000 +0000
+++ heat-keystone-setup-domain.patch    2015-04-28 16:27:25.358901215 +0000
@@ -25,6 +25,7 @@
DEBUG = False
USERNAME = os.environ.get('OS_USERNAME', None)
PASSWORD = os.environ.get('OS_PASSWORD', None)
+TENANT_NAME = os.environ.get('OS_TENANT_NAME', None)
AUTH_URL = os.environ.get('OS_AUTH_URL', '').replace('v2.0', 'v3')

opts = [
@@ -64,10 +65,15 @@
     c = client.Client(debug=DEBUG,
                       username=USERNAME,
                       password=PASSWORD,
+                      tenant_name=TENANT_NAME,
                       auth_url=AUTH_URL,
                       endpoint=AUTH_URL)
     c.authenticate()

+    try:
+        heat_domain = c.domains.delete(name=HEAT_DOMAIN_NAME)
+    except:
+        print "error"
     # Create the heat domain
     logger.info("Creating domain %s" % HEAT_DOMAIN_NAME)
     try:



From: David Hill
Sent: 8-Sep-14 7:08 PM
To: openstack (openstack at lists.openstack.org)
Subject: [Openstack] [heat] identity:create_domain failed (403)

Hi guys,

                I have 2 environments that are almost identical but one of them gives me this:

keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not authorized to perform the requested action, identity:create_domain. (HTTP 403)

When I try to run:

heat-keystone-setup-domain --stack-domain-admin stack_admin --stack-domain-admin-password $password --stack-user-domain-name heat

The problem is that I'm using the same policy everywhere and one works but the other doesn't. I'm out of ideas!

Any hints?

Dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150428/e362a31f/attachment.html>


More information about the Openstack mailing list