OpenStack Compute (nova)

Bug #745309
Comment #1

Comment 1 for bug 745309

Revision history for this message

Vish Ishaya (vishvananda) wrote on 2011-03-29: Re: [Bug 745309] [NEW] LocalImageService images only accessable by admin user

Interesting.

It looks like owner_id isn't being set properly on the image when it is converted. I'm investigating how this might happen.

Vish

On Mar 29, 2011, at 3:09 PM, Tom vN wrote:

> Public bug reported:
>
> I have revno: 905 installed using nova.sh, using a mysql database, which
> created an admin user and installed a ttylinux image locally on the node
> for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
>
> running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
> nova-api reports the following when euca-describe-images fails:
> 2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
> (nova.api): TRACE: Traceback (most recent call last):
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
> (nova.api): TRACE: result = api_request.invoke(context)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
> (nova.api): TRACE: result = method(context, **args)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
> (nova.api): TRACE: images = self.image_service.detail(context)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 78, in detail
> (nova.api): TRACE: return self._filter(context, images)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 90, in _filter
> (nova.api): TRACE: if not cls._is_visible(context, image):
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
> (nova.api): TRACE: or context.project_id == image['properties']['owner_id']
> (nova.api): TRACE: KeyError: 'owner_id'
>
> euca-run-instance fails with the same error. Any commands that do not
> require access to the image store seem to run fine.
>
> If I set is_admin to 1 on the users table in the nova database for
> test_user euca-describe-images runs fine.
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/745309
>
> Title:
> LocalImageService images only accessable by admin user
>
> Status in OpenStack Compute (Nova):
> New
>
> Bug description:
> I have revno: 905 installed using nova.sh, using a mysql database,
> which created an admin user and installed a ttylinux image locally on
> the node for me.
>
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
>
> running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
> nova-api reports the following when euca-describe-images fails:
> 2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
> (nova.api): TRACE: Traceback (most recent call last):
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
> (nova.api): TRACE: result = api_request.invoke(context)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
> (nova.api): TRACE: result = method(context, **args)
> (nova.api): TRACE: File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
> (nova.api): TRACE: images = self.image_service.detail(context)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 78, in detail
> (nova.api): TRACE: return self._filter(context, images)
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 90, in _filter
> (nova.api): TRACE: if not cls._is_visible(context, image):
> (nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
> (nova.api): TRACE: or context.project_id == image['properties']['owner_id']
> (nova.api): TRACE: KeyError: 'owner_id'
>
> euca-run-instance fails with the same error. Any commands that do not
> require access to the image store seem to run fine.
>
> If I set is_admin to 1 on the users table in the nova database for
> test_user euca-describe-images runs fine.

Interesting.

It looks like owner_id isn't being set properly on the image when it is converted.  I'm investigating how this might happen.

Vish

On Mar 29, 2011, at 3:09 PM, Tom vN wrote:

> Public bug reported:
> 
> I have revno: 905 installed using nova.sh, using a mysql database, which
> created an admin user and installed a ttylinux image locally on the node
> for me.
> 
> I created user test_user and added roles of sysadmin and netadmin.
> Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
> running euca-describe-images as the admin user reports the available ttylinux images as public.
> 
> running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
> nova-api reports the following when euca-describe-images fails:
> 2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
> (nova.api): TRACE: Traceback (most recent call last):
> (nova.api): TRACE:   File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
> (nova.api): TRACE:     result = api_request.invoke(context)
> (nova.api): TRACE:   File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
> (nova.api): TRACE:     result = method(context, **args)
> (nova.api): TRACE:   File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
> (nova.api): TRACE:     images = self.image_service.detail(context)
> (nova.api): TRACE:   File "/opt/nova/nova/image/s3.py", line 78, in detail
> (nova.api): TRACE:     return self._filter(context, images)
> (nova.api): TRACE:   File "/opt/nova/nova/image/s3.py", line 90, in _filter
> (nova.api): TRACE:     if not cls._is_visible(context, image):
> (nova.api): TRACE:   File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
> (nova.api): TRACE:     or context.project_id == image['properties']['owner_id']
> (nova.api): TRACE: KeyError: 'owner_id'
> 
> euca-run-instance fails with the same error. Any commands that do not
> require access to the image store seem to run fine.
> 
> If I set is_admin to 1 on the users table in the nova database for
> test_user euca-describe-images runs fine.
> 
> ** Affects: nova
>     Importance: Undecided
>         Status: New
> 
> -- 
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/745309
> 
> Title:
>  LocalImageService images only accessable by admin user
> 
> Status in OpenStack Compute (Nova):
>  New
> 
> Bug description:
>  I have revno: 905 installed using nova.sh, using a mysql database,
>  which created an admin user and installed a ttylinux image locally on
>  the node for me.
> 
>  I created user test_user and added roles of sysadmin and netadmin.
>  Various documents suggested adding a projectmanager role but nova-manage returned "CRITICAL nova [-] The projectmanager role can not be found" when I tried.
>  running euca-describe-images as the admin user reports the available ttylinux images as public.
> 
>  running euca-describe-images as test_user fails with "UnknownError: An unknown error has occurred. Please try your request again."
>  nova-api reports the following when euca-describe-images fails:
>  2011-03-29 22:03:57,674 ERROR nova.api [1GKQEYMPB17VO2BYBREO test_user test_users_project] Unexpected error raised: 'owner_id'
>  (nova.api): TRACE: Traceback (most recent call last):
>  (nova.api): TRACE:   File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
>  (nova.api): TRACE:     result = api_request.invoke(context)
>  (nova.api): TRACE:   File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
>  (nova.api): TRACE:     result = method(context, **args)
>  (nova.api): TRACE:   File "/opt/nova/nova/api/ec2/cloud.py", line 912, in describe_images
>  (nova.api): TRACE:     images = self.image_service.detail(context)
>  (nova.api): TRACE:   File "/opt/nova/nova/image/s3.py", line 78, in detail
>  (nova.api): TRACE:     return self._filter(context, images)
>  (nova.api): TRACE:   File "/opt/nova/nova/image/s3.py", line 90, in _filter
>  (nova.api): TRACE:     if not cls._is_visible(context, image):
>  (nova.api): TRACE:   File "/opt/nova/nova/image/s3.py", line 83, in _is_visible
>  (nova.api): TRACE:     or context.project_id == image['properties']['owner_id']
>  (nova.api): TRACE: KeyError: 'owner_id'
> 
>  euca-run-instance fails with the same error. Any commands that do not
>  require access to the image store seem to run fine.
> 
>  If I set is_admin to 1 on the users table in the nova database for
>  test_user euca-describe-images runs fine.