LocalImageService images only accessable by admin user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Vish Ishaya |
Bug Description
I have revno: 905 installed using nova.sh, using a mysql database, which created an admin user and installed a ttylinux image locally on the node for me.
I created user test_user and added roles of sysadmin and netadmin.
Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
running euca-describe-
running euca-describe-
nova-api reports the following when euca-describe-
2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2
(nova.api): TRACE: Traceback (most recent call last):
(nova.api): TRACE: File "/opt/nova/
(nova.api): TRACE: result = api_request.
(nova.api): TRACE: File "/opt/nova/
(nova.api): TRACE: result = method(context, **args)
(nova.api): TRACE: File "/opt/nova/
(nova.api): TRACE: images = self.image_
(nova.api): TRACE: File "/opt/nova/
(nova.api): TRACE: return self._filter(
(nova.api): TRACE: File "/opt/nova/
(nova.api): TRACE: if not cls._is_
(nova.api): TRACE: File "/opt/nova/
(nova.api): TRACE: or context.project_id == image['
(nova.api): TRACE: KeyError: 'owner_id'
euca-run-instance fails with the same error. Any commands that do not require access to the image store seem to run fine.
If I set is_admin to 1 on the users table in the nova database for test_user euca-describe-
Related branches
- Devin Carlen (community): Approve
- Jay Pipes (community): Approve
-
Diff: 21 lines (+2/-2)1 file modifiedbin/nova-manage (+2/-2)
Changed in nova: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Vish Ishaya (vishvananda) |
Changed in nova: | |
status: | In Progress → Fix Committed |
Changed in nova: | |
milestone: | none → 2011.2 |
status: | Fix Committed → Fix Released |
Interesting.
It looks like owner_id isn't being set properly on the image when it is converted. I'm investigating how this might happen.
Vish
On Mar 29, 2011, at 3:09 PM, Tom vN wrote:
> Public bug reported: images as the admin user reports the available ttylinux images as public. images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again." images fails: BYBREO test_user test_users_project] Unexpected error raised: 'owner_id' nova/api/ ec2/__init_ _.py", line 321, in __call__ invoke( context) nova/api/ ec2/apirequest. py", line 150, in invoke nova/api/ ec2/cloud. py", line 912, in describe_images service. detail( context) nova/image/ s3.py", line 78, in detail context, images) nova/image/ s3.py", line 90, in _filter visible( context, image): nova/image/ s3.py", line 83, in _is_visible properties' ]['owner_ id'] images runs fine. /bugs.launchpad .net/bugs/ 745309 images as the admin user reports the available ttylinux images as public.
>
> I have revno: 905 installed using nova.sh, using a mysql database, which
> created an admin user and installed a ttylinux image locally on the node
> for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-
>
> running euca-describe-
> nova-api reports the following when euca-describe-
> 2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2
> (nova.api): TRACE: Traceback (most recent call last):
> (nova.api): TRACE: File "/opt/nova/
> (nova.api): TRACE: result = api_request.
> (nova.api): TRACE: File "/opt/nova/
> (nova.api): TRACE: result = method(context, **args)
> (nova.api): TRACE: File "/opt/nova/
> (nova.api): TRACE: images = self.image_
> (nova.api): TRACE: File "/opt/nova/
> (nova.api): TRACE: return self._filter(
> (nova.api): TRACE: File "/opt/nova/
> (nova.api): TRACE: if not cls._is_
> (nova.api): TRACE: File "/opt/nova/
> (nova.api): TRACE: or context.project_id == image['
> (nova.api): TRACE: KeyError: 'owner_id'
>
> euca-run-instance fails with the same error. Any commands that do not
> require access to the image store seem to run fine.
>
> If I set is_admin to 1 on the users table in the nova database for
> test_user euca-describe-
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https:/
>
> Title:
> LocalImageService images only accessable by admin user
>
> Status in OpenStack Compute (Nova):
> New
>
> Bug description:
> I have revno: 905 installed using nova.sh, using a mysql database,
> which created an admin user and installed a ttylinux image locally on
> the node for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-
>
> running euca-describe-im...