OpenStack Compute (nova)

LocalImageService images only accessable by admin user

Bug #745309 reported by Tom vN
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
High
Vish Ishaya
OpenStack Compute (nova) 2011.2 "cactus"

Bug Description

I have revno: 905 installed using nova.sh, using a mysql database, which created an admin user and installed a ttylinux image locally on the node for me.

I created user test_user and added roles of sysadmin and netadmin.
Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
running euca-describe-images as the admin user reports the available ttylinux images as public.

running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
nova-api reports the following when euca-describe-images fails:
2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
(nova.api): TRACE: Traceback (most recent call last):
(nova.api): TRACE: File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
(nova.api): TRACE: result = api_request.invoke(context)
(nova.api): TRACE: File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
(nova.api): TRACE: result = method(context, **args)
(nova.api): TRACE: File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
(nova.api): TRACE: images = self.image_service.detail(context)
(nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 78, in detail
(nova.api): TRACE: return self._filter(context, images)
(nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 90, in _filter
(nova.api): TRACE: if not cls._is_visible(context, image):
(nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
(nova.api): TRACE: or context.project_id == image['properties']['owner_id']
(nova.api): TRACE: KeyError: 'owner_id'

euca-run-instance fails with the same error. Any commands that do not require access to the image store seem to run fine.

If I set is_admin to 1 on the users table in the nova database for test_user euca-describe-images runs fine.

Related branches

lp:~vishvananda/nova/lp745309
Devin Carlen (community): Approve
Jay Pipes (community): Approve
Diff: 21 lines (+2/-2)
1 file modified
bin/nova-manage (+2/-2)
Revision history for this message
Vish Ishaya (vishvananda) wrote : Re: [Bug 745309] [NEW] LocalImageService images only accessable by admin user
Download full text (4.7 KiB)

Interesting.

It looks like owner_id isn't being set properly on the image when it is converted. I'm investigating how this might happen.

Vish

On Mar 29, 2011, at 3:09 PM, Tom vN wrote:

> Public bug reported:
>
> I have revno: 905 installed using nova.sh, using a mysql database, which
> created an admin user and installed a ttylinux image locally on the node
> for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
>
> running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
> nova-api reports the following when euca-describe-images fails:
> 2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
> (nova.api): TRACE: Traceback (most recent call last):
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
> (nova.api): TRACE: result = api_request.invoke(context)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
> (nova.api): TRACE: result = method(context, **args)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
> (nova.api): TRACE: images = self.image_service.detail(context)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 78, in detail
> (nova.api): TRACE: return self._filter(context, images)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 90, in _filter
> (nova.api): TRACE: if not cls._is_visible(context, image):
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
> (nova.api): TRACE: or context.project_id == image['properties']['owner_id']
> (nova.api): TRACE: KeyError: 'owner_id'
>
> euca-run-instance fails with the same error. Any commands that do not
> require access to the image store seem to run fine.
>
> If I set is_admin to 1 on the users table in the nova database for
> test_user euca-describe-images runs fine.
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/745309
>
> Title:
> LocalImageService images only accessable by admin user
>
> Status in OpenStack Compute (Nova):
> New
>
> Bug description:
> I have revno: 905 installed using nova.sh, using a mysql database,
> which created an admin user and installed a ttylinux image locally on
> the node for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
>
> running euca-describe-im...

Read more...

Revision history for this message
Vish Ishaya (vishvananda) wrote :
Download full text (4.7 KiB)

Fix pushed up.

As a workaround, if you edit the info.json files in your images directory and replace 'owner' with 'owner_id' it will work as expected.

On Mar 29, 2011, at 3:09 PM, Tom vN wrote:

> Public bug reported:
>
> I have revno: 905 installed using nova.sh, using a mysql database, which
> created an admin user and installed a ttylinux image locally on the node
> for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
>
> running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
> nova-api reports the following when euca-describe-images fails:
> 2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
> (nova.api): TRACE: Traceback (most recent call last):
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
> (nova.api): TRACE: result = api_request.invoke(context)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
> (nova.api): TRACE: result = method(context, **args)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
> (nova.api): TRACE: images = self.image_service.detail(context)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 78, in detail
> (nova.api): TRACE: return self._filter(context, images)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 90, in _filter
> (nova.api): TRACE: if not cls._is_visible(context, image):
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
> (nova.api): TRACE: or context.project_id == image['properties']['owner_id']
> (nova.api): TRACE: KeyError: 'owner_id'
>
> euca-run-instance fails with the same error. Any commands that do not
> require access to the image store seem to run fine.
>
> If I set is_admin to 1 on the users table in the nova database for
> test_user euca-describe-images runs fine.
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/745309
>
> Title:
> LocalImageService images only accessable by admin user
>
> Status in OpenStack Compute (Nova):
> New
>
> Bug description:
> I have revno: 905 installed using nova.sh, using a mysql database,
> which created an admin user and installed a ttylinux image locally on
> the node for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
>
> running euca-desc...

Read more...

Vish Ishaya (vishvananda)
Changed in nova:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Vish Ishaya (vishvananda)
OpenStack Infra (hudson-openstack)
Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → 2011.2
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.