[Openstack] Unable to launch instance: BadRequest: Specifying 'tenant_id' other than authenticated tenant in request requires admin privileges
Marco Antonio Carcano
mc at carcano.ch
Sat Oct 31 10:29:26 UTC 2015
Hi all,
I'm a total newbie to openstack, and I'm trying to install a testing
environment to study it.
I installed Openstack Juno on CentOS 7 following "Openstack
Installation Guide for Red Hat 7, CentOS 7 and Fedora 20" - I'm working
on CentOS 7
I'm not able to launch the CirrOS instance: here is what I got in logs
in the compute node:
==> nova/nova-compute.log <==
2015-10-31 10:10:56.066 923 INFO oslo.messaging._drivers.impl_rabbit [-]
Connecting to AMQP server on l1host001.mgmt.carcano.local:5672
2015-10-31 10:10:56.082 923 INFO oslo.messaging._drivers.impl_rabbit [-]
Connected to AMQP server on l1host001.mgmt.carcano.local:5672
2015-10-31 10:10:56.841 923 ERROR nova.network.neutronv2.api [-]
[instance: d69de1bf-4d74-424f-ad7e-573d082f4174] Neutron error creating
port on network 59cef3db-9548-47db-9b18-486e8796e45e
...
2015-10-31 10:10:56.841 923 TRACE nova.network.neutronv2.api [instance:
d69de1bf-4d74-424f-ad7e-573d082f4174] BadRequest: Specifying 'tenant_id'
other than authenticated tenant in request requires admin privileges
2015-10-31 10:10:56.841 923 TRACE nova.network.neutronv2.api [instance:
d69de1bf-4d74-424f-ad7e-573d082f4174]
2015-10-31 10:10:56.855 923 ERROR nova.compute.manager [-] Instance
failed network setup after 1 attempt(s)
...
2015-10-31 10:10:56.855 923 TRACE nova.compute.manager BadRequest:
Specifying 'tenant_id' other than authenticated tenant in request
requires admin privileges
2015-10-31 10:10:56.855 923 TRACE nova.compute.manager
2015-10-31 10:12:45.702 923 WARNING nova.virt.disk.vfs.guestfs [-]
Failed to close augeas aug_close: do_aug_close: you must call 'aug-init'
first to initialize Augeas
2015-10-31 10:12:45.783 923 ERROR nova.compute.manager [-] [instance:
d69de1bf-4d74-424f-ad7e-573d082f4174] Instance failed to spawn
...
2015-10-31 10:12:45.783 923 TRACE nova.compute.manager [instance:
d69de1bf-4d74-424f-ad7e-573d082f4174] BadRequest: Specifying 'tenant_id'
other than authenticated tenant in request requires admin privileges
2015-10-31 10:12:45.783 923 TRACE nova.compute.manager [instance:
d69de1bf-4d74-424f-ad7e-573d082f4174]
2015-10-31 10:12:45.813 923 WARNING nova.virt.libvirt.driver [-]
[instance: d69de1bf-4d74-424f-ad7e-573d082f4174] During wait destroy,
instance disappeared.
2015-10-31 10:18:36.886 923 WARNING nova.compute.manager [-] While
synchronizing instance power states, found 1 instances in the database
and 0 instances on the hypervisor.
OK, it is a user privilege related error, but as I told you I'm a
totally newbie to openstack and I've no idea on how to solve it - by the
way I'm just wondering where I went wrong, since I followed the
mentioned guide, .. probably I forgot something or wrote something
wrong, but there're lots of steps and although I tried two times to redo
I've not been able to got my mistake.
By the way the involved users (nova and neutron) seems to have the right
role (admin) on the involved tenant (service):
6f89f3a64d424fd98683591916c6ea5b is user "nova",
d16691642f54471880f3405c5223a06e is tenant "service"
keystone user-role-list --user-id 6f89f3a64d424fd98683591916c6ea5b
--tenant-id d16691642f54471880f3405c5223a06e
+----------------------------------+-------+----------------------------------+----------------------------------+
| id | name | user_id
| tenant_id |
+----------------------------------+-------+----------------------------------+----------------------------------+
| 396f0d18b6904ce7aa70fbd3b13b289b | admin |
6f89f3a64d424fd98683591916c6ea5b | d16691642f54471880f3405c5223a06e |
+----------------------------------+-------+----------------------------------+----------------------------------+
so user "nova" has role "admin" for tenant "service"
and e4e3d46b099a42bf8dbb73e7b22666f8 is user "neutron"
keystone user-role-list --user-id e4e3d46b099a42bf8dbb73e7b22666f8
--tenant-id d16691642f54471880f3405c5223a06e
+----------------------------------+-------+----------------------------------+----------------------------------+
| id | name | user_id
| tenant_id |
+----------------------------------+-------+----------------------------------+----------------------------------+
| 396f0d18b6904ce7aa70fbd3b13b289b | admin |
e4e3d46b099a42bf8dbb73e7b22666f8 | d16691642f54471880f3405c5223a06e |
+----------------------------------+-------+----------------------------------+----------------------------------+
so user "neutron" has role "admin" for tenant "service"
May someone of you help me, please? I really have not idea on how todeal
with this.
Here are some other info:
keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| c9cbc3bf3ca34418b61a3f210693b67c | admin | True |
| 180d36a7b5de4d3b90b33ae35ca29ca5 | demo | True |
| d16691642f54471880f3405c5223a06e | service | True |
+----------------------------------+---------+---------+
keystone user-list
+----------------------------------+---------+---------+------------------+
| id | name | enabled | email |
+----------------------------------+---------+---------+------------------+
| 1c42cc834b344eb69dbd5d0efb300ea2 | admin | True | me at foo.local|
| b2cbb39f8d96463e85637d5abe541867 | cinder | True | |
| d2443d423e434337845d07f7706cea6d | demo | True | me at foo.local |
| bbb1b9da6f8148be9468c8f4ca85b66e | glance | True | |
| a1f0348557dd4c97bb79b208dc1aa721 | heat | True | |
| e4e3d46b099a42bf8dbb73e7b22666f8 | neutron | True | |
| 6f89f3a64d424fd98683591916c6ea5b | nova | True | |
| c2a7cc93d3094035bb641d99d9c69a53 | swift | True | |
+----------------------------------+---------+---------+------------------+
keystone role-list
+----------------------------------+------------------+
| id | name |
+----------------------------------+------------------+
| ddc70e0694a04f30914a0e6ea17b0875 | _member_ |
| 396f0d18b6904ce7aa70fbd3b13b289b | admin |
| 659b46a8516b49379debc2cb8b1ebc73 | heat_stack_owner |
| 6fac7371dc404e6391f98d0513b72502 | heat_stack_user |
+----------------------------------+------------------+
Kind regards
Marco
More information about the Openstack
mailing list