| 2017-01-09 14:01:05 |
Liam Young |
bug |
|
|
added bug |
| 2017-01-09 14:01:43 |
Liam Young |
description |
Creating an instance fails, the instance goes from PENDING to ERROR state after a wait of a few minutes.
The neutron-server logs report it got a 403 back from the nova-cloud-controller. The nova-api-os-compute.log has this entry:
Returning 403 to user: Policy doesn't allow os_compute_api:os-server-external-events:create to be performed. On the nova-cloud-controller the /etc/nova/policy.json contains:
"admin_api": "is_admin:True"
"os_compute_api:os-server-external-events:create": "rule:admin_api"
But the service user does not have the admin on the service project in the service domain.
Granting this role allows the VM to be created (but with not network atm).
openstack domain list
+----------------------------------+----------------+---------+-----------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+-----------------+
| 539d91217e4e4272a9a74907f56d6847 | norwich | True | |
| 88f4d246106d4da0a60fa7603e43507b | default | True | Created by Juju |
| 89c5830014214a0e9c8d87adea2c715b | service_domain | True | Created by Juju |
| c2959b71ab0e4b478133ddd0c99df687 | admin_domain | True | Created by Juju |
| eda4a4cdef904b12926e447bdde7c7f0 | leeds | True | |
+----------------------------------+----------------+---------+-----------------+
openstack role add --user neutron --user-domain 89c5830014214a0e9c8d87adea2c715b --project services --project-domain 89c5830014214a0e9c8d87adea2c715b Admin |
Creating an instance using the master charms fails, the instance goes from PENDING to ERROR state after a wait of a few minutes.
The neutron-server logs report it got a 403 back from the nova-cloud-controller. The nova-api-os-compute.log has this entry:
Returning 403 to user: Policy doesn't allow os_compute_api:os-server-external-events:create to be performed. On the nova-cloud-controller the /etc/nova/policy.json contains:
"admin_api": "is_admin:True"
"os_compute_api:os-server-external-events:create": "rule:admin_api"
But the service user does not have the admin on the service project in the service domain.
Granting this role allows the VM to be created (but with not network atm).
openstack domain list
+----------------------------------+----------------+---------+-----------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+-----------------+
| 539d91217e4e4272a9a74907f56d6847 | norwich | True | |
| 88f4d246106d4da0a60fa7603e43507b | default | True | Created by Juju |
| 89c5830014214a0e9c8d87adea2c715b | service_domain | True | Created by Juju |
| c2959b71ab0e4b478133ddd0c99df687 | admin_domain | True | Created by Juju |
| eda4a4cdef904b12926e447bdde7c7f0 | leeds | True | |
+----------------------------------+----------------+---------+-----------------+
openstack role add --user neutron --user-domain 89c5830014214a0e9c8d87adea2c715b --project services --project-domain 89c5830014214a0e9c8d87adea2c715b Admin |
|
| 2017-01-09 14:14:19 |
Liam Young |
description |
Creating an instance using the master charms fails, the instance goes from PENDING to ERROR state after a wait of a few minutes.
The neutron-server logs report it got a 403 back from the nova-cloud-controller. The nova-api-os-compute.log has this entry:
Returning 403 to user: Policy doesn't allow os_compute_api:os-server-external-events:create to be performed. On the nova-cloud-controller the /etc/nova/policy.json contains:
"admin_api": "is_admin:True"
"os_compute_api:os-server-external-events:create": "rule:admin_api"
But the service user does not have the admin on the service project in the service domain.
Granting this role allows the VM to be created (but with not network atm).
openstack domain list
+----------------------------------+----------------+---------+-----------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+-----------------+
| 539d91217e4e4272a9a74907f56d6847 | norwich | True | |
| 88f4d246106d4da0a60fa7603e43507b | default | True | Created by Juju |
| 89c5830014214a0e9c8d87adea2c715b | service_domain | True | Created by Juju |
| c2959b71ab0e4b478133ddd0c99df687 | admin_domain | True | Created by Juju |
| eda4a4cdef904b12926e447bdde7c7f0 | leeds | True | |
+----------------------------------+----------------+---------+-----------------+
openstack role add --user neutron --user-domain 89c5830014214a0e9c8d87adea2c715b --project services --project-domain 89c5830014214a0e9c8d87adea2c715b Admin |
Creating an instance using the master charms to deploy xenial/newton fails, the instance goes from PENDING to ERROR state after a wait of a few minutes.
The neutron-server logs report it got a 403 back from the nova-cloud-controller. The nova-api-os-compute.log has this entry:
Returning 403 to user: Policy doesn't allow os_compute_api:os-server-external-events:create to be performed. On the nova-cloud-controller the /etc/nova/policy.json contains:
"admin_api": "is_admin:True"
"os_compute_api:os-server-external-events:create": "rule:admin_api"
But the service user does not have the admin on the service project in the service domain.
Granting this role allows the VM to be created (but with not network atm).
openstack domain list
+----------------------------------+----------------+---------+-----------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+-----------------+
| 539d91217e4e4272a9a74907f56d6847 | norwich | True | |
| 88f4d246106d4da0a60fa7603e43507b | default | True | Created by Juju |
| 89c5830014214a0e9c8d87adea2c715b | service_domain | True | Created by Juju |
| c2959b71ab0e4b478133ddd0c99df687 | admin_domain | True | Created by Juju |
| eda4a4cdef904b12926e447bdde7c7f0 | leeds | True | |
+----------------------------------+----------------+---------+-----------------+
openstack role add --user neutron --user-domain 89c5830014214a0e9c8d87adea2c715b --project services --project-domain 89c5830014214a0e9c8d87adea2c715b Admin |
|
| 2017-01-09 14:20:22 |
Liam Young |
bug task added |
|
nova-cloud-controller (Juju Charms Collection) |
|
| 2017-01-09 14:38:38 |
Frode Nordahl |
summary |
Instance creation fails with keystone v3 and 'master' charms |
Instance creation fails with keystone v3 and 'master' charms for openstack-release >= newton |
|
| 2017-01-09 16:30:58 |
Frode Nordahl |
keystone (Juju Charms Collection): assignee |
|
Frode Nordahl (fnordahl) |
|
| 2017-01-09 16:31:01 |
Frode Nordahl |
nova-cloud-controller (Juju Charms Collection): assignee |
|
Frode Nordahl (fnordahl) |
|
| 2017-01-09 18:52:12 |
Frode Nordahl |
summary |
Instance creation fails with keystone v3 and 'master' charms for openstack-release >= newton |
Instance creation fails with keystone v3 and 'master' charms |
|
| 2017-01-09 19:35:06 |
Frode Nordahl |
tags |
|
openstack sts |
|
| 2017-01-10 11:21:56 |
Liam Young |
keystone (Juju Charms Collection): status |
New |
Confirmed |
|
| 2017-01-10 11:21:57 |
Liam Young |
nova-cloud-controller (Juju Charms Collection): status |
New |
Confirmed |
|
| 2017-01-10 11:22:00 |
Liam Young |
keystone (Juju Charms Collection): importance |
Undecided |
High |
|
| 2017-01-10 11:22:01 |
Liam Young |
nova-cloud-controller (Juju Charms Collection): importance |
Undecided |
High |
|
| 2017-01-10 11:22:07 |
Liam Young |
keystone (Juju Charms Collection): milestone |
|
17.01 |
|
| 2017-01-10 11:22:09 |
Liam Young |
nova-cloud-controller (Juju Charms Collection): milestone |
|
17.01 |
|
| 2017-01-11 14:31:58 |
OpenStack Infra |
keystone (Juju Charms Collection): status |
Confirmed |
In Progress |
|
| 2017-01-11 14:33:41 |
OpenStack Infra |
nova-cloud-controller (Juju Charms Collection): status |
Confirmed |
In Progress |
|
| 2017-01-12 11:44:10 |
OpenStack Infra |
keystone (Juju Charms Collection): status |
In Progress |
Fix Committed |
|
| 2017-01-12 11:45:20 |
OpenStack Infra |
nova-cloud-controller (Juju Charms Collection): status |
In Progress |
Fix Committed |
|
| 2017-02-23 18:52:36 |
James Page |
charm-keystone: importance |
Undecided |
High |
|
| 2017-02-23 18:52:36 |
James Page |
charm-keystone: status |
New |
Fix Committed |
|
| 2017-02-23 18:52:36 |
James Page |
charm-keystone: assignee |
|
Frode Nordahl (fnordahl) |
|
| 2017-02-23 18:52:38 |
James Page |
keystone (Juju Charms Collection): status |
Fix Committed |
Invalid |
|
| 2017-02-23 19:01:27 |
James Page |
charm-nova-cloud-controller: importance |
Undecided |
High |
|
| 2017-02-23 19:01:27 |
James Page |
charm-nova-cloud-controller: status |
New |
Fix Committed |
|
| 2017-02-23 19:01:27 |
James Page |
charm-nova-cloud-controller: assignee |
|
Frode Nordahl (fnordahl) |
|
| 2017-02-23 19:01:28 |
James Page |
nova-cloud-controller (Juju Charms Collection): status |
Fix Committed |
Invalid |
|
| 2017-02-23 19:37:39 |
James Page |
charm-keystone: milestone |
|
17.02 |
|
| 2017-02-23 19:38:02 |
James Page |
charm-nova-cloud-controller: milestone |
|
17.02 |
|
| 2017-02-23 20:37:29 |
James Page |
charm-keystone: status |
Fix Committed |
Fix Released |
|
| 2017-02-23 20:37:42 |
James Page |
charm-nova-cloud-controller: status |
Fix Committed |
Fix Released |
|
