The openstack user stored in /var/lib/nagios/nagios.novarc doesn't seem to have enough privilege to run check_octavia.py
```
# Running the check manually
root@juju-8d8c5a-4-lxd-17:/etc/nagios/nrpe.d# /usr/local/lib/nagios/plugins/check_octavia.py --check amphorae
Traceback (most recent call last):
File "/usr/local/lib/nagios/plugins/check_octavia.py", line 358, in <module>
main()
File "/usr/local/lib/nagios/plugins/check_octavia.py", line 352, in main
status, message = process_checks(args)
File "/usr/local/lib/nagios/plugins/check_octavia.py", line 293, in process_checks
return nagios_exit(args, checks[args.check](connection))
File "/usr/local/lib/nagios/plugins/check_octavia.py", line 203, in check_amphorae
items = list(lb_mgr.amphorae())
File "/usr/lib/python3/dist-packages/openstack/resource.py", line 1693, in list
exceptions.raise_from_response(response)
File "/usr/lib/python3/dist-packages/openstack/exceptions.py", line 234, in raise_from_response
raise cls(
openstack.exceptions.HttpException: HttpException: 403: Client Error for url: https://octavia.oam.prd.infra.sicredi.net:9876/v2.0/octavia/amphorae, Forbidden
# Workaround for me was to give the load balancer roles manually to the nagios user
ubuntu@app1maas001p:~$ NAGIOS_USER_ID=$(openstack user list --domain service_domain | grep nagios | awk '{print $2}')
ubuntu@app1maas001p:~$ openstack role add --domain service_domain --user $NAGIOS_USER_ID load-balancer_member
ubuntu@app1maas001p:~$ openstack role add --project-domain service_domain --project services --user $NAGIOS_USER_ID load-balancer_member
ubuntu@app1maas001p:~$ openstack role add --domain service_domain --user $NAGIOS_USER_ID load-balancer_admin
ubuntu@app1maas001p:~$ openstack role add --project-domain service_domain --project services --user $NAGIOS_USER_ID load-balancer_admin
```
The openstack user stored in /var/lib/ nagios/ nagios. novarc doesn't seem to have enough privilege to run check_octavia.py
``` 8d8c5a- 4-lxd-17: /etc/nagios/ nrpe.d# /usr/local/ lib/nagios/ plugins/ check_octavia. py --check amphorae lib/nagios/ plugins/ check_octavia. py", line 358, in <module> lib/nagios/ plugins/ check_octavia. py", line 352, in main checks( args) lib/nagios/ plugins/ check_octavia. py", line 293, in process_checks args.check] (connection) ) lib/nagios/ plugins/ check_octavia. py", line 203, in check_amphorae mgr.amphorae( )) python3/ dist-packages/ openstack/ resource. py", line 1693, in list raise_from_ response( response) python3/ dist-packages/ openstack/ exceptions. py", line 234, in raise_from_response exceptions. HttpException: HttpException: 403: Client Error for url: https:/ /octavia. oam.prd. infra.sicredi. net:9876/ v2.0/octavia/ amphorae, Forbidden
# Running the check manually
root@juju-
Traceback (most recent call last):
File "/usr/local/
main()
File "/usr/local/
status, message = process_
File "/usr/local/
return nagios_exit(args, checks[
File "/usr/local/
items = list(lb_
File "/usr/lib/
exceptions.
File "/usr/lib/
raise cls(
openstack.
# Workaround for me was to give the load balancer roles manually to the nagios user app1maas001p: ~$ NAGIOS_ USER_ID= $(openstack user list --domain service_domain | grep nagios | awk '{print $2}') app1maas001p: ~$ openstack role add --domain service_domain --user $NAGIOS_USER_ID load-balancer_ member app1maas001p: ~$ openstack role add --project-domain service_domain --project services --user $NAGIOS_USER_ID load-balancer_ member app1maas001p: ~$ openstack role add --domain service_domain --user $NAGIOS_USER_ID load-balancer_admin app1maas001p: ~$ openstack role add --project-domain service_domain --project services --user $NAGIOS_USER_ID load-balancer_admin
ubuntu@
ubuntu@
ubuntu@
ubuntu@
ubuntu@
```