OpenStack DBaaS (Trove)

Policy doesn't allow os_compute_api:servers:detail:get_all_tenants to be performed

Bug #1780686 reported by men on 2018-07-09

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack DBaaS (Trove)	New	Undecided	Unassigned

Bug Description

openstack Q
[root@controller ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

/var/log/trove/trove-taskmanager.log:
2018-07-09 16:59:29.831 32180 ERROR oslo_service.periodic_task
2018-07-09 17:00:29.802 32180 DEBUG oslo_service.periodic_task [-] Running periodic task Manager.publish_exists_event run_periodic_tasks /usr/lib/python2.7/site-packages/oslo_service/periodic_task.py:215
2018-07-09 17:00:29.804 32180 DEBUG novaclient.v2.client [-] REQ: curl -g -i -X GET http://controller:8774/v2.1/servers/detail?all_tenants=1 -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "
X-OpenStack-Nova-API-Version: 2.12" -H "X-Auth-Token: {SHA1}07fb922b85bf790986c127bf80e5f13acccc6e48" _http_log_request /usr/lib/python2.7/site-packages/keystoneauth1/session.py:3722018-07-09 17:00:29.834 32180 DEBUG novaclient.v2.client [-] RESP: [403] Openstack-Api-Version: compute 2.12 X-Openstack-Nova-Api-Version: 2.12 Vary: OpenStack-API-Version, X-OpenStack-Nova-API-Version Content-
Type: application/json; charset=UTF-8 Content-Length: 126 X-Openstack-Request-Id: req-e048a32b-d490-487d-905e-c6306fa59a6e X-Compute-Request-Id: req-e048a32b-d490-487d-905e-c6306fa59a6e Date: Mon, 09 Jul 2018 09:00:29 GMT Connection: keep-alive RESP BODY: {"forbidden": {"message": "Policy doesn't allow os_compute_api:servers:detail:get_all_tenants to be performed.", "code": 403}}
_http_log_response /usr/lib/python2.7/site-packages/keystoneauth1/session.py:419
2018-07-09 17:00:29.835 32180 DEBUG novaclient.v2.client [-] GET call to compute for http://controller:8774/v2.1/servers/detail?all_tenants=1 used request id req-e048a32b-d490-487d-905e-c6306fa59a6e request /us
r/lib/python2.7/site-packages/keystoneauth1/session.py:7222018-07-09 17:00:29.836 32180 ERROR oslo_service.periodic_task [-] Error during Manager.publish_exists_event: Forbidden: Policy doesn't allow os_compute_api:servers:detail:get_all_tenants to be performed. (HTTP
403) (Request-ID: req-e048a32b-d490-487d-905e-c6306fa59a6e)2018-07-09 17:00:29.836 32180 ERROR oslo_service.periodic_task Traceback (most recent call last):
2018-07-09 17:00:29.836 32180 ERROR oslo_service.periodic_task File "/us
........................................................................................

[root@controller ~]# egrep -v "^#|^$" /etc/trove/trove-taskmanager.conf
[DEFAULT]
rpc_backend = rabbit
debug = yes
log_dir = /var/log/trove
log_file = trove-taskmanager.log
trove_auth_url = http://controller:5000/v3
nova_compute_url = http://controller:8774/v2.1
cinder_url = http://controller:8776/v2
update_status_on_fail = True
control_exchange = trove
db_api_implementation = trove.db.sqlalchemy.api
trove_volume_support = True
block_device_mapping = vdb
device_path = /dev/vdb
mount_point = /var/lib/mysql
volume_time_out=30
server_delete_time_out=480
use_nova_server_config_drive = True
nova_proxy_admin_user = admin
nova_proxy_admin_pass = 123456
nova_proxy_admin_tenant_name = service
taskmanager_manager = trove.taskmanager.manager.Manager
exists_notification_transformer = trove.extensions.mgmt.instances.models.NovaNotificationTransformer
notification_service_id = mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b
trove_dns_support = False
network_driver = trove.network.nova.NovaNetwork
default_neutron_networks =
trove_security_groups_support = True
trove_security_group_rule_cidr = 0.0.0.0/0
agent_heartbeat_time = 10
agent_call_low_timeout = 5
agent_call_high_timeout = 150
agent_replication_snapshot_timeout = 36000
use_nova_server_volume = False
network_label_regex=.*
template_path = /etc/trove/templates/
pydev_debug = disabled
[database]
connection = mysql+pymysql://trove:123456@controller/trove
idle_timeout = 3600
[profiler]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[mysql]
icmp = True
tcp_ports = 3306
volume_support = True
device_path = /dev/vdb
[redis]
tcp_ports = 6379, 16379
volume_support = True
device_path = /dev/vdb
[cassandra]
tcp_ports = 7000, 7001, 9042, 9160
volume_support = True
device_path = /dev/vdb
[couchbase]
tcp_ports = 8091, 8092, 4369, 11209-11211, 21100-21199
volume_support = True
device_path = /dev/vdb
[mongodb]
volume_support = True
device_path = /dev/vdb
[vertica]
tcp_ports = 5433, 5434, 22, 5444, 5450, 4803
udp_ports = 5433, 4803, 4804, 6453
volume_support = True
device_path = /dev/vdb
mount_point = /var/lib/vertica
taskmanager_strategy = trove.common.strategies.cluster.experimental.vertica.taskmanager.VerticaTaskManagerStrategy

need to configure nova Policy ?http://controller:8774/v2.1/servers/detail?all_tenants=1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.