Well, I had spawned instance on master only, and policy has been applied without service restart:
(openstackclient) root@aio1:~# openstack server list
(openstackclient) root@aio1:~# openstack server list --all-projects
Policy doesn't allow os_compute_api:servers:detail:get_all_tenants to be performed. (HTTP 403) (Request-ID: req-4f41008e-566c-4be2-be3d-5a56a2d551f7)
(openstackclient) root@aio1:~# stat /var/lib/lxc/aio1_nova_api_container-a32981bc/rootfs/etc/nova/policy.yaml
stat: cannot stat '/var/lib/lxc/aio1_nova_api_container-a32981bc/rootfs/etc/nova/policy.yaml': No such file or directory
(openstackclient) root@aio1:~# echo '"os_compute_api:servers:detail:get_all_tenants": "rule:system_reader_api or rule:project_member_api"' > /var/lib/lxc/aio1_nova_api_container-a32981bc/rootfs/etc/nova/policy.yaml
(openstackclient) root@aio1:~# openstack server list --all-projects
+--------------------------------------+------+--------+-----------------------+--------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+-----------------------+--------+--------+
| 03167f5d-0ef1-47bf-8a04-80672ca437e1 | test | ACTIVE | private=192.168.74.10 | cirros | test |
+--------------------------------------+------+--------+-----------------------+--------+--------+
(openstackclient) root@aio1:~#
Well, I had spawned instance on master only, and policy has been applied without service restart:
(openstackclient) root@aio1:~# openstack server list
(openstackclient) root@aio1:~# openstack server list --all-projects api:servers: detail: get_all_ tenants to be performed. (HTTP 403) (Request-ID: req-4f41008e- 566c-4be2- be3d-5a56a2d551 f7) lxc/aio1_ nova_api_ container- a32981bc/ rootfs/ etc/nova/ policy. yaml lxc/aio1_ nova_api_ container- a32981bc/ rootfs/ etc/nova/ policy. yaml': No such file or directory api:servers: detail: get_all_ tenants" : "rule:system_ reader_ api or rule:project_ member_ api"' > /var/lib/ lxc/aio1_ nova_api_ container- a32981bc/ rootfs/ etc/nova/ policy. yaml ------- ------- ------- ------- ----+-- ----+-- ------+ ------- ------- ------- --+---- ----+-- ------+ ------- ------- ------- ------- ----+-- ----+-- ------+ ------- ------- ------- --+---- ----+-- ------+ 0ef1-47bf- 8a04-80672ca437 e1 | test | ACTIVE | private= 192.168. 74.10 | cirros | test | ------- ------- ------- ------- ----+-- ----+-- ------+ ------- ------- ------- --+---- ----+-- ------+
Policy doesn't allow os_compute_
(openstackclient) root@aio1:~# stat /var/lib/
stat: cannot stat '/var/lib/
(openstackclient) root@aio1:~# echo '"os_compute_
(openstackclient) root@aio1:~# openstack server list --all-projects
+------
| ID | Name | Status | Networks | Image | Flavor |
+------
| 03167f5d-
+------
(openstackclient) root@aio1:~#
Will spawn 22.1.2 and see how things are there.