kolla-ansible

ironic-inspector: Access was denied to baremetal:port:create

Bug #2064655 reported by Marius L
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
New
Undecided
Unassigned

Bug Description

ironic-inspector user is not allowed by the ironic policy to manage ports.
After inspection is done, it can't create the discovered bare-metal ports.

Kolla-Ansible: 17.1.0
OpenStack images: master-ubuntu-jammy (Caracal)

```
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process [-] Unexpected exception during processing: openstack.exceptions.ForbiddenException: ForbiddenException: 403: Client Error for url: http://10.10.0.100:6385/v1/ports, Access was denied to the following resource: baremetal:port:create
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process Traceback (most recent call last):
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/process.py", line 237, in process
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process result = _process_node(node_info, node, introspection_data)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/node_cache.py", line 582, in inner
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process return func(node_info, *args, **kwargs)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/node_cache.py", line 552, in inner
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process with excutils.save_and_reraise_exception():
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_utils/excutils.py", line 227, in __exit__
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process self.force_reraise()
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_utils/excutils.py", line 200, in force_reraise
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process raise self.value
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/node_cache.py", line 544, in inner
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process ret = func(node_info, *args, **kwargs)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/process.py", line 271, in _process_node
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process _run_post_hooks(node_info, introspection_data)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/process.py", line 263, in _run_post_hooks
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process hook_ext.obj.before_update(introspection_data, node_info)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/plugins/standard.py", line 293, in before_update
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process node_info.create_ports(list(interfaces.values()))
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/node_cache.py", line 340, in create_ports
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process self._create_port(mac, ironic=ironic, extra=extra,
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/ironic_inspector/node_cache.py", line 365, in _create_port
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process port = ironic.create_port(
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/openstack/baremetal/v1/_proxy.py", line 769, in create_port
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process return self._create(_port.Port, **attrs)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/openstack/proxy.py", line 644, in _create
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process return res.create(self, base_path=base_path)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/openstack/resource.py", line 1533, in create
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process self._translate_response(response, **response_kwargs)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/openstack/resource.py", line 1285, in _translate_response
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process exceptions.raise_from_response(response, error_message=error_message)
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process File "/var/lib/kolla/venv/lib/python3.10/site-packages/openstack/exceptions.py", line 247, in raise_from_response
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process raise cls(
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process openstack.exceptions.ForbiddenException: ForbiddenException: 403: Client Error for url: http://10.10.0.100:6385/v1/ports, Access was denied to the following resource: baremetal:port:create
2024-05-02 15:46:23.568 7 ERROR ironic_inspector.process

```

Tags: ironic
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.