OpenStack Compute (nova)

non-admin user cannot unshelve a server

Bug #1245312 reported by Ken'ichi Ohmichi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Ken'ichi Ohmichi
OpenStack Compute (nova) 2014.1 "icehouse"
Havana
Fix Released
Undecided
Unassigned
OpenStack Compute (nova) 2013.2.4

Bug Description

If non-admin user try to unshelve a server, nova-compute fails due to "User does not have admin privileges".

The nova-compute log likes the following: (http://logs.openstack.org/92/49892/9/check/check-tempest-devstack-vm-full/aff2152/logs/screen-n-cpu.txt.gz)
2013-10-21 06:14:24.894 ERROR nova.openstack.common.rpc.amqp [req-32fb62d3-f520-4fef-b116-9855066b28d4 ServerActionsTestJSON-tempest-54235254-user ServerActionsTestJSON-tempest-54235254-tenant] Exception during message handling
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp Traceback (most recent call last):
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/amqp.py", line 461, in _process_data
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp **args)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/dispatcher.py", line 172, in dispatch
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp result = getattr(proxyobj, method)(ctxt, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/exception.py", line 90, in wrapped
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp payload)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/exception.py", line 73, in wrapped
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return f(self, context, *args, **kw)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 244, in decorated_function
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp pass
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 230, in decorated_function
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return function(self, context, *args, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 295, in decorated_function
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp function(self, context, *args, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 272, in decorated_function
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp e, sys.exc_info())
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 259, in decorated_function
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return function(self, context, *args, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 3426, in unshelve_instance
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp do_unshelve_instance()
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/lockutils.py", line 246, in inner
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return f(*args, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 3425, in do_unshelve_instance
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp self._unshelve_instance(context, instance, image)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 3443, in _unshelve_instance
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp compute_info = self._get_compute_info(context, self.host)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/compute/manager.py", line 3908, in _get_compute_info
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp context, host)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/conductor/api.py", line 221, in service_get_by_compute_host
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp result = self._manager.service_get_all_by(context, 'compute', host)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/conductor/rpcapi.py", line 332, in service_get_all_by
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp topic=topic, host=host, binary=binary)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/rpcclient.py", line 85, in call
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return self._invoke(self.proxy.call, ctxt, method, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/rpcclient.py", line 63, in _invoke
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return cast_or_call(ctxt, msg, **self.kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/proxy.py", line 126, in call
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp result = rpc.call(context, real_topic, msg, timeout)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/__init__.py", line 139, in call
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return _get_impl().call(CONF, context, topic, msg, timeout)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/impl_kombu.py", line 816, in call
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp rpc_amqp.get_connection_pool(conf, Connection))
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/amqp.py", line 574, in call
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp rv = list(rv)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/amqp.py", line 539, in __iter__
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp raise result
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp AdminRequired_Remote: User does not have admin privileges
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp Traceback (most recent call last):
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/amqp.py", line 461, in _process_data
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp **args)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/dispatcher.py", line 172, in dispatch
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp result = getattr(proxyobj, method)(ctxt, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/common.py", line 439, in inner
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return catch_client_exception(exceptions, func, *args, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/openstack/common/rpc/common.py", line 420, in catch_client_exception
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return func(*args, **kwargs)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/conductor/manager.py", line 419, in service_get_all_by
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp result = self.db.service_get_by_compute_host(context, host)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/db/api.py", line 140, in service_get_by_compute_host
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp return IMPL.service_get_by_compute_host(context, host)
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/db/sqlalchemy/api.py", line 106, in wrapper
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp nova.context.require_admin_context(args[0])
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp File "/opt/stack/new/nova/nova/context.py", line 195, in require_admin_context
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp raise exception.AdminRequired()
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp AdminRequired: User does not have admin privileges
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp
2013-10-21 06:14:24.894 26229 TRACE nova.openstack.common.rpc.amqp

Ken'ichi Ohmichi (oomichi)
Changed in nova:
assignee: nobody → Ken'ichi Ohmichi (oomichi)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/54051

Changed in nova:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/54051
Committed: http://github.com/openstack/nova/commit/13fa2caaad796ee66c432e0d19fd6f759234a964
Submitter: Jenkins
Branch: master

commit 13fa2caaad796ee66c432e0d19fd6f759234a964
Author: Ken'ichi Ohmichi <email address hidden>
Date: Mon Oct 28 11:16:48 2013 +0900

    Make non-admin users can unshelve a server

    If non-admin users try to unshelve a server, nova-compute fails due to
    "User does not have admin privileges" while getting hypervisor_hostname.
    This patch changes the user context to admin's one temporarily to get the
    hypervisor_hostname.

    Closes-Bug: 1245312
    Change-Id: I84dce1f7694d09c1281da13c6008bb3aa5940f85

Changed in nova:
status: In Progress → Fix Committed
Vish Ishaya (vishvananda)
Changed in nova:
importance: Undecided → Medium
tags: added: havana-backport-potential
Russell Bryant (russellb)
Changed in nova:
milestone: none → icehouse-1
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/havana)

Fix proposed to branch: stable/havana
Review: https://review.openstack.org/77734

Thierry Carrez (ttx)
Changed in nova:
milestone: icehouse-1 → 2014.1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/havana)

Reviewed: https://review.openstack.org/77734
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=83d739892e7826c4b377786cfa7432c9fecffe98
Submitter: Jenkins
Branch: stable/havana

commit 83d739892e7826c4b377786cfa7432c9fecffe98
Author: Ken'ichi Ohmichi <email address hidden>
Date: Mon Oct 28 11:16:48 2013 +0900

    Make non-admin users can unshelve a server

    If non-admin users try to unshelve a server, nova-compute fails due to
    "User does not have admin privileges" while getting hypervisor_hostname.
    This patch changes the user context to admin's one temporarily to get the
    hypervisor_hostname.

    Closes-Bug: 1245312
    Change-Id: I84dce1f7694d09c1281da13c6008bb3aa5940f85
    (cherry picked from commit 13fa2caaad796ee66c432e0d19fd6f759234a964)

tags: added: in-stable-havana
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.