This is in a non-voting job in the nova experimental queue, but it's testing a boot from volume scenario where the volume is retyped, which triggers a volume migration and swap volume operation on the nova side.
http://logs.openstack.org/45/470645/5/experimental/gate-tempest-dsvm-neutron-scenario-multinode-lvm-multibackend-ubuntu-xenial-nv/0b421c5/console.html#_2017-06-06_02_21_43_757566
That's failing because of a policy check:
http://logs.openstack.org/45/470645/5/experimental/gate-tempest-dsvm-neutron-scenario-multinode-lvm-multibackend-ubuntu-xenial-nv/0b421c5/logs/screen-c-vol.txt.gz?level=TRACE#_Jun_06_02_18_21_110268
Jun 06 02:18:21.110268 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager [None req-8fa9a3f4-8a63-4bab-9631-453e54bb06d1 test_creds-1578445804 None] Failed to copy volume af82b615-3c15-4069-9573-70700c452713 to 6af6a035-55e7-41e4-8b0b-c26d86d94c1f: Forbidden: Policy doesn't allow os_compute_api:os-volumes-attachments:update to be performed. (HTTP 403) (Request-ID: req-fd23d488-cb10-4728-850f-6178c4704a8d)
Jun 06 02:18:21.110354 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager Traceback (most recent call last):
Jun 06 02:18:21.110428 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager File "/opt/stack/new/cinder/cinder/volume/manager.py", line 1957, in _migrate_volume_generic
Jun 06 02:18:21.110516 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager new_volume.id)
Jun 06 02:18:21.110592 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager File "/opt/stack/new/cinder/cinder/compute/nova.py", line 160, in update_server_volume
Jun 06 02:18:21.110698 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager new_volume_id)
Jun 06 02:18:21.110769 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/volumes.py", line 68, in update_server_volume
Jun 06 02:18:21.110838 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager body, "volumeAttachment")
Jun 06 02:18:21.110905 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager File "/usr/local/lib/python2.7/dist-packages/novaclient/base.py", line 375, in _update
Jun 06 02:18:21.110973 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager resp, body = self.api.client.put(url, body=body)
Jun 06 02:18:21.111065 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 232, in put
Jun 06 02:18:21.111146 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager return self.request(url, 'PUT', **kwargs)
Jun 06 02:18:21.111220 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 80, in request
Jun 06 02:18:21.111290 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager raise exceptions.from_response(resp, body, url, method)
Jun 06 02:18:21.111357 ubuntu-xenial-2-node-osic-cloud1-s3500-9149309 cinder-volume[30588]: ERROR cinder.volume.manager Forbidden: Policy doesn't allow os_compute_api:os-volumes-attachments:update to be performed. (HTTP 403) (Request-ID: req-fd23d488-cb10-4728-850f-6178c4704a8d)
The policy is by default admin-only:
https://github.com/openstack/nova/blob/master/nova/policies/volumes_attachments.py#L54
It looks like the Tempest test might be creating the volume types with admin credentials, but doing everything else as non-admin, which is probably why it fails.
Fix proposed to branch: master /review. openstack. org/474789
Review: https:/