[Openstack] [heat] identity:create_domain failed (403)
David Hill
david.hill at ubisoft.com
Tue Apr 28 16:53:23 UTC 2015
Hi guys,
In order to set the domains in icehouse, we needed the following patch:
--- heat-keystone-setup-domain 2015-04-23 17:50:08.000000000 +0000
+++ heat-keystone-setup-domain.patch 2015-04-28 16:27:25.358901215 +0000
@@ -25,6 +25,7 @@
DEBUG = False
USERNAME = os.environ.get('OS_USERNAME', None)
PASSWORD = os.environ.get('OS_PASSWORD', None)
+TENANT_NAME = os.environ.get('OS_TENANT_NAME', None)
AUTH_URL = os.environ.get('OS_AUTH_URL', '').replace('v2.0', 'v3')
opts = [
@@ -64,10 +65,15 @@
c = client.Client(debug=DEBUG,
username=USERNAME,
password=PASSWORD,
+ tenant_name=TENANT_NAME,
auth_url=AUTH_URL,
endpoint=AUTH_URL)
c.authenticate()
+ try:
+ heat_domain = c.domains.delete(name=HEAT_DOMAIN_NAME)
+ except:
+ print "error"
# Create the heat domain
logger.info("Creating domain %s" % HEAT_DOMAIN_NAME)
try:
From: David Hill
Sent: 8-Sep-14 7:08 PM
To: openstack (openstack at lists.openstack.org)
Subject: [Openstack] [heat] identity:create_domain failed (403)
Hi guys,
I have 2 environments that are almost identical but one of them gives me this:
keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not authorized to perform the requested action, identity:create_domain. (HTTP 403)
When I try to run:
heat-keystone-setup-domain --stack-domain-admin stack_admin --stack-domain-admin-password $password --stack-user-domain-name heat
The problem is that I'm using the same policy everywhere and one works but the other doesn't. I'm out of ideas!
Any hints?
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150428/e362a31f/attachment.html>
More information about the Openstack
mailing list