subject:"\[Openstack\] \[heat\] identity\:create

Re: [Openstack] [heat] identity:create_domain failed (403)

2015-04-28 Thread David Hill

Hi guys,

In order to set the domains in icehouse, we needed the following patch:


--- heat-keystone-setup-domain  2015-04-23 17:50:08.0 +
+++ heat-keystone-setup-domain.patch2015-04-28 16:27:25.358901215 +
@@ -25,6 +25,7 @@
DEBUG = False
USERNAME = os.environ.get('OS_USERNAME', None)
PASSWORD = os.environ.get('OS_PASSWORD', None)
+TENANT_NAME = os.environ.get('OS_TENANT_NAME', None)
AUTH_URL = os.environ.get('OS_AUTH_URL', '').replace('v2.0', 'v3')

opts = [
@@ -64,10 +65,15 @@
 c = client.Client(debug=DEBUG,
   username=USERNAME,
   password=PASSWORD,
+  tenant_name=TENANT_NAME,
   auth_url=AUTH_URL,
   endpoint=AUTH_URL)
 c.authenticate()

+try:
+heat_domain = c.domains.delete(name=HEAT_DOMAIN_NAME)
+except:
+print "error"
 # Create the heat domain
 logger.info("Creating domain %s" % HEAT_DOMAIN_NAME)
 try:



From: David Hill
Sent: 8-Sep-14 7:08 PM
To: openstack (openstack@lists.openstack.org)
Subject: [Openstack] [heat] identity:create_domain failed (403)

Hi guys,

I have 2 environments that are almost identical but one of them 
gives me this:

keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not 
authorized to perform the requested action, identity:create_domain. (HTTP 403)

When I try to run:

heat-keystone-setup-domain --stack-domain-admin stack_admin 
--stack-domain-admin-password $password --stack-user-domain-name heat

The problem is that I'm using the same policy everywhere and one works but the 
other doesn't. I'm out of ideas!

Any hints?

Dave

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [heat] identity:create_domain failed (403)

2014-09-09 Thread Steven Hardy

On Mon, Sep 08, 2014 at 11:07:57PM +, David Hill wrote:
>Hi guys,
> 
> 
> 
>I have 2 environments that are almost identical but one of
>them gives me this:
> 
> 
> 
>keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are
>not authorized to perform the requested action, identity:create_domain.
>(HTTP 403)
> 
> 
> 
>When I try to run:
> 
> 
> 
>heat-keystone-setup-domain --stack-domain-admin stack_admin
>--stack-domain-admin-password $password --stack-user-domain-name heat
> 
> 
> 
>The problem is that I'm using the same policy everywhere and one works but
>the other doesn't. I'm out of ideas!

I think heat-keystone-setup-domain is just the messenger here, and that
either the credentials used lack sufficient roles to create the domain, or
you have issues with the keystone configuration.

I'd suggest installing python-openstackclient and testing creating a domain
with that:

openstack --os-token atoken --os-url=http://127.0.0.1:5000/v3 \
--os-identity-api-version=3 domain create test123

You can actually use python-openstackclient to do all the domain
configuration, heat-keystone-setup-domain is just a convenience script for
some folks who didn't have it in their environments, instructions here:

http://hardysteven.blogspot.co.uk/2014/04/heat-auth-model-updates-part-2-stack.html

Steve

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [heat] identity:create_domain failed (403)

2014-09-08 Thread 严超

I think Keystone got error itself. Check keystone service and troubleshot.
Last time I got this error is because the Ntp is not configured , then the
keystone got wrong without time sync.

*Best Regards！*


*Chao Yan--**My twitter：Andy Yan @yanchao727
*


*My Weibo：http://weibo.com/herewearenow
--*


2014-09-09 7:07 GMT+08:00 David Hill :

>  Hi guys,
>
>
>
> I have 2 environments that are almost identical but one of
> them gives me this:
>
>
>
> keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are
> not authorized to perform the requested action, identity:create_domain.
> (HTTP 403)
>
>
>
> When I try to run:
>
>
>
> heat-keystone-setup-domain --stack-domain-admin stack_admin
> --stack-domain-admin-password $password --stack-user-domain-name heat
>
>
>
> The problem is that I’m using the same policy everywhere and one works but
> the other doesn’t. I’m out of ideas!
>
>
>
> Any hints?
>
>
>
> Dave
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [heat] identity:create_domain failed (403)

2014-09-08 Thread David Hill

Hi guys,

I have 2 environments that are almost identical but one of them 
gives me this:

keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not 
authorized to perform the requested action, identity:create_domain. (HTTP 403)

When I try to run:

heat-keystone-setup-domain --stack-domain-admin stack_admin 
--stack-domain-admin-password $password --stack-user-domain-name heat

The problem is that I'm using the same policy everywhere and one works but the 
other doesn't. I'm out of ideas!

Any hints?

Dave

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [heat] identity:create_domain failed (403)

Re: [Openstack] [heat] identity:create_domain failed (403)

Re: [Openstack] [heat] identity:create_domain failed (403)

[Openstack] [heat] identity:create_domain failed (403)

4 matches

Site Navigation

Mail list logo

Footer information