Cannot deploy stable/ocata keystone due to missing policy.json
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned | ||
devstack |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I tried to deploy stable/ocata environment for following 2 ways in Ubuntu 16.04.2 LTS. Both ways were failed to deploy. Am I missing something?
Pattern A: using master devstack and following local.conf
REQUIREMENTS_
KEYSTONE_
NOVA_
NEUTRON_
GLANCE_
CINDER_
IRONIC_
SWIFT_
disable_service n-net
disable_service horizon
disable_service tempest
disable_service c-api
disable_service c-vol
disable_service c-sch
enable_service neutron
enable_plugin ironic https:/
enable_service s-proxy
enable_service s-object
enable_service s-container
enable_service s-account
..(snip)...
Pattern B: using stable/ocata devstack and same local.conf with above definition.
[Error for Pattern A] /opt/stack/
...(snip)...
2017-06-12 13:21:57.118 | ++lib/keystone:
2017-06-12 13:22:00.598 | You are not authorized to perform the requested action: identity:
I executed 'source devstack/openrc admin admin; openstack --debug endpoint list' and got an error:
REQ: curl -g -i -X GET http://
-H "Accept: application/json" -H "X-Auth-Token: {SHA1}23dde272e
Resetting dropped connection: 192.168.122.198 http://
HTTP/1.1" 403 141
RESP: [403] Date: Mon, 12 Jun 2017 13:22:54 GMT Server: Apache/2.4.18 (Ubuntu) Vary: X-Auth-Token Content-Type: application/json Content-Length: 141 x-openstack-
RESP BODY: {"error": {"message": "You are not authorized to perform the requested action: identity:
[Error for Pattern B] /opt/stack/
2017-06-12 13:52:53.474 | ++:: curl -g -k --noproxy '*' -s -o /dev/null -w '%{http_code}' http://
2017-06-12 13:52:53.498 | +:: [[ 503 == 503 ]]
2017-06-12 13:52:53.505 | +:: sleep 1
2017-06-12 13:52:54.517 | ++:: curl -g -k --noproxy '*' -s -o /dev/null -w '%{http_code}' http://
2017-06-12 13:52:54.537 | +:: [[ 503 == 503 ]]
2017-06-12 13:52:54.544 | +:: sleep 1
...(snip)...
2017-06-12 13:52:55.363 | [ERROR] /home/stack/
2017-06-12 13:52:56.371 | Error on exit
I also checked /var/log/
[Mon Jun 12 22:56:01.868120 2017] [proxy:error] [pid 32263:tid 140048708118272] (111)Connection refused: AH02454: uwsgi: attempt to connect to Unix domain socket /var/run/
[Mon Jun 12 22:56:01.868214 2017] [proxy:error] [pid 32263:tid 140048708118272] AH00959: ap_proxy_
[Mon Jun 12 22:56:01.868232 2017] [:error] [pid 32263:tid 140048708118272] [client 192.168.
Changed in keystone: | |
status: | Invalid → Confirmed |
summary: |
- Cannot deploy stable/ocata + Cannot deploy stable/ocata keystone due to missing policy.json |
The error from pattern A is certainly a policy traceback. I'd be curious to know what user or what the state of the identity/assignment tables are when devstack is making that call.
The error from pattern B looks like keystone is having a hard time connecting to the database or backend store. Are you able to double check the keystone configuration files to ensure it can actually talk to the database?
Both of these sound like issues related to how keystone was configured, which means it could be something with devstack causing this and not keystone.