Horizon default policy files not found in ubuntu binary wallaby
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
High
|
Unassigned | ||
Wallaby |
Fix Committed
|
High
|
Unassigned | ||
Xena |
Fix Released
|
High
|
Unassigned |
Bug Description
**Bug Report**
What happened:
error logs in the horizon log reported by the oslo-policy module,
==> /var/log/
[Fri May 28 13:07:42.174630 2021] [wsgi:error] Failed to open the policy file for identity /etc/opes/
the similar logs repeate for cinder.yaml, nova.yaml, glance.yaml, heat.yaml.
This will cause the user can see the admin panels even though they do not have admin role.
What you expected to happen:
No error logs in the horizon log files, and the member can not see the admin dashboard after the deployment.
How to reproduce it:
1. change the main configs in globals.yaml as followed:
kolla_base_distro: "ubuntu"
kolla_install_type: "binary"
openstack_release: "wallaby"
2. kolla-ansible -i all-in-one deploy
3. login the dashboard with admin credentails
4. create a new project test
5. create a new user tester
6. assign the member role for tester to the test project
7. login the dashboard with the tester credentails
**Environment**:
* OS: Ubuntu 20.04
* Kernel: 5.4.0-73
* Docker version: 20.10.2
* Kolla-Ansible version: 12.0.0.0rc1
* Docker image Install type: binary
* Docker image distribution: ubuntu
* Are you using official images from Docker Hub or self built? official images
* Share your inventory file, globals.yml and other configuration files if relevant
kolla_base_distro: "ubuntu"
kolla_install_type: "binary"
openstack_release: "wallaby"
I solved this problem by manually copying the default policy.
# enter the horizon container
docker exec -it horizon bash
# copy the default policy files in the horizon container
cp -r /usr/share/
# exit the container
exit
# restart the horizon container to apply the changes
docker restart horizon
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Possibly due to the switch from JSON to YAML for policy files? I wonder if it affects other type/distro combinations.