subject:"\[Yahoo\-eng\-team\] \[Bug 1596927\] Re\: Glance installation does not appear to detect admin role"

[Yahoo-eng-team] [Bug 1596927] Re: Glance installation does not appear to detect admin role

2018-01-31 Thread Brian Rosmaita

Looks like this was a configuration problem, closing as invalid.

** Changed in: glance
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1596927

Title:
  Glance installation does not appear to detect admin role

Status in Glance:
  Invalid
Status in openstack-manuals:
  Invalid

Bug description:
  
  Following the installation guide on Ubuntu 16.04 and using the provided 
Mitaka packages on new clean VM installation. Once I attempt to upload an image 
with the --public flag glance reports 403 Forbidden when using the admin 
account. (debug output at the end of the bug). Again this is using the ADMIN 
account who is in the ADMIN role of both the admin and service projects. 

  I'm guessing this is a documentation issue and somewhere along the
  instructions something's not happenig in the right order.

  It seems that glance is not properly detecting the admin-ness of the
  admin account, i.e. resolving that admin is in the role admin. If I
  remove the "role:admin" from publicize_image in
  /etc/glance/policy.json, the above command works.

  The username and password for the glance account in /etc/glance
  /glance-api.conf and glance-registry.conf are correct. It seems that
  only those operations that require the admin role are broken.

  The admin user environment is set as:

  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=admin
  export OS_AUTH_URL=http://controller:35357/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2

  The documented roles/projects/users are defined:

  root@controller:~# openstack user list
  +--++
  | ID   | Name   |
  +--++
  | 2c2f877dad19415aa2f3c410cc23f7f5 | glance |
  | 4200ae4f41a24e1195f1fa1f2a6bc7c8 | admin  |
  | df223dbfc8534f089677da8002f084a2 | demo   |
  +--++
  root@controller:~# openstack role list
  +--+---+
  | ID   | Name  |
  +--+---+
  | 5958a2db1dec48a3ae8e01a2b5704080 | admin |
  | d75766b685a943cca51c7869fe39ee09 | user  |
  +--+---+
  root@controller:~# openstack project list
  +--+-+
  | ID   | Name|
  +--+-+
  | 0e53ec33b2dd45adcd0a4d432512 | admin   |
  | 24178e2444634949a96877a906ddc6f5 | demo|
  | 62ce2aaa1a3b4c7c855d11af43eb26a9 | service |
  +--+-+
  root@controller:~# openstack  role assignment list --names
  +---++---+-++---+
  | Role  | User   | Group | Project | Domain | Inherited |
  +---++---+-++---+
  | admin | glance@default |   | service@default || False |
  | admin | admin@default  |   | admin@default   || False |
  | admin | admin@default  |   | service@default || False |
  | user  | demo@default   |   | demo@default|| False |
  +---++---+-++---+

  Debug output:

  root@controller:~# openstack --debug  image create "cirros"   --file 
cirros-0.3.4-x86_64-disk.img   --disk-format qcow2 --container-format bare   
--public
  START with options: ['--debug', 'image', 'create', 'cirros', '--file', 
'cirros-0.3.4-x86_64-disk.img', '--disk-format', 'qcow2', '--container-format', 
'bare', '--public']
  options: Namespace(access_token_endpoint='', auth_type='', 
auth_url='http://controller:35357/v3', cacert='', client_id='', 
client_secret='***', cloud='', debug=True, default_domain='default', 
deferred_help=False, domain_id='', domain_name='', endpoint='', 
identity_provider='', identity_provider_url='', insecure=None, interface='', 
log_file=None, os_compute_api_version='', os_identity_api_version='3', 
os_image_api_version='2', os_network_api_version='', os_object_api_version='', 
os_project_id=None, os_project_name=None, os_volume_api_version='', 
password='***', profile=None, project_domain_id='', 
project_domain_name='default', project_id='', project_name='admin', 
protocol='', region_name='', scope='', service_provider_endpoint='', 
timing=False, token='***', trust_id='', url='', user_domain_id='', 
user_domain_name='default', user_id='', username='admin', verbose_level=3, 
verify=None)
  defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': 
None, u'database_api_version': u'1.0', 'api_timeout': None, 
u'baremetal_api_version': u'1', u'image_api_version': u'2', 'cacert':

[Yahoo-eng-team] [Bug 1596927] Re: Glance installation does not appear to detect admin role

2017-01-24 Thread Alexandra Settle

Hi everyone,

Launchpad is for bug reports and fixes. I recommend you go to
ask.openstack.org or perhaps address your question in #openstack on
Freenode.

Once the issue "It seems that glance is not properly detecting the
admin-ness of the admin account, i.e. resolving that admin is in the
role admin. If I remove the "role:admin" from publicize_image in
/etc/glance/policy.json, the above command works." has been fixed in
Glance, we can reopen this and address this in the documentation.

Thanks,

Alex



** Changed in: openstack-manuals
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1596927

Title:
  Glance installation does not appear to detect admin role

Status in Glance:
  New
Status in openstack-manuals:
  Invalid

Bug description:
  
  Following the installation guide on Ubuntu 16.04 and using the provided 
Mitaka packages on new clean VM installation. Once I attempt to upload an image 
with the --public flag glance reports 403 Forbidden when using the admin 
account. (debug output at the end of the bug). Again this is using the ADMIN 
account who is in the ADMIN role of both the admin and service projects. 

  I'm guessing this is a documentation issue and somewhere along the
  instructions something's not happenig in the right order.

  It seems that glance is not properly detecting the admin-ness of the
  admin account, i.e. resolving that admin is in the role admin. If I
  remove the "role:admin" from publicize_image in
  /etc/glance/policy.json, the above command works.

  The username and password for the glance account in /etc/glance
  /glance-api.conf and glance-registry.conf are correct. It seems that
  only those operations that require the admin role are broken.

  The admin user environment is set as:

  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=admin
  export OS_AUTH_URL=http://controller:35357/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2

  The documented roles/projects/users are defined:

  root@controller:~# openstack user list
  +--++
  | ID   | Name   |
  +--++
  | 2c2f877dad19415aa2f3c410cc23f7f5 | glance |
  | 4200ae4f41a24e1195f1fa1f2a6bc7c8 | admin  |
  | df223dbfc8534f089677da8002f084a2 | demo   |
  +--++
  root@controller:~# openstack role list
  +--+---+
  | ID   | Name  |
  +--+---+
  | 5958a2db1dec48a3ae8e01a2b5704080 | admin |
  | d75766b685a943cca51c7869fe39ee09 | user  |
  +--+---+
  root@controller:~# openstack project list
  +--+-+
  | ID   | Name|
  +--+-+
  | 0e53ec33b2dd45adcd0a4d432512 | admin   |
  | 24178e2444634949a96877a906ddc6f5 | demo|
  | 62ce2aaa1a3b4c7c855d11af43eb26a9 | service |
  +--+-+
  root@controller:~# openstack  role assignment list --names
  +---++---+-++---+
  | Role  | User   | Group | Project | Domain | Inherited |
  +---++---+-++---+
  | admin | glance@default |   | service@default || False |
  | admin | admin@default  |   | admin@default   || False |
  | admin | admin@default  |   | service@default || False |
  | user  | demo@default   |   | demo@default|| False |
  +---++---+-++---+

  Debug output:

  root@controller:~# openstack --debug  image create "cirros"   --file 
cirros-0.3.4-x86_64-disk.img   --disk-format qcow2 --container-format bare   
--public
  START with options: ['--debug', 'image', 'create', 'cirros', '--file', 
'cirros-0.3.4-x86_64-disk.img', '--disk-format', 'qcow2', '--container-format', 
'bare', '--public']
  options: Namespace(access_token_endpoint='', auth_type='', 
auth_url='http://controller:35357/v3', cacert='', client_id='', 
client_secret='***', cloud='', debug=True, default_domain='default', 
deferred_help=False, domain_id='', domain_name='', endpoint='', 
identity_provider='', identity_provider_url='', insecure=None, interface='', 
log_file=None, os_compute_api_version='', os_identity_api_version='3', 
os_image_api_version='2', os_network_api_version='', os_object_api_version='', 
os_project_id=None, os_project_name=None, os_volume_api_version='', 
password='***', profile=None, project_domain_id='', 
project_domain_name='default', project_id='',

[Yahoo-eng-team] [Bug 1596927] Re: Glance installation does not appear to detect admin role

2016-10-11 Thread Alexander Bashmakov

I am also seeing this issue on Ubuntu Xenial (16.04.1) using the
stable/Newton branch.

** Also affects: glance
   Importance: Undecided
   Status: New

** Changed in: openstack-manuals
   Status: Opinion => Confirmed

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1596927

Title:
  Glance installation does not appear to detect admin role

Status in Glance:
  New
Status in openstack-manuals:
  Confirmed

Bug description:
  
  Following the installation guide on Ubuntu 16.04 and using the provided 
Mitaka packages on new clean VM installation. Once I attempt to upload an image 
with the --public flag glance reports 403 Forbidden when using the admin 
account. (debug output at the end of the bug). Again this is using the ADMIN 
account who is in the ADMIN role of both the admin and service projects. 

  I'm guessing this is a documentation issue and somewhere along the
  instructions something's not happenig in the right order.

  It seems that glance is not properly detecting the admin-ness of the
  admin account, i.e. resolving that admin is in the role admin. If I
  remove the "role:admin" from publicize_image in
  /etc/glance/policy.json, the above command works.

  The username and password for the glance account in /etc/glance
  /glance-api.conf and glance-registry.conf are correct. It seems that
  only those operations that require the admin role are broken.

  The admin user environment is set as:

  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=admin
  export OS_AUTH_URL=http://controller:35357/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2

  The documented roles/projects/users are defined:

  root@controller:~# openstack user list
  +--++
  | ID   | Name   |
  +--++
  | 2c2f877dad19415aa2f3c410cc23f7f5 | glance |
  | 4200ae4f41a24e1195f1fa1f2a6bc7c8 | admin  |
  | df223dbfc8534f089677da8002f084a2 | demo   |
  +--++
  root@controller:~# openstack role list
  +--+---+
  | ID   | Name  |
  +--+---+
  | 5958a2db1dec48a3ae8e01a2b5704080 | admin |
  | d75766b685a943cca51c7869fe39ee09 | user  |
  +--+---+
  root@controller:~# openstack project list
  +--+-+
  | ID   | Name|
  +--+-+
  | 0e53ec33b2dd45adcd0a4d432512 | admin   |
  | 24178e2444634949a96877a906ddc6f5 | demo|
  | 62ce2aaa1a3b4c7c855d11af43eb26a9 | service |
  +--+-+
  root@controller:~# openstack  role assignment list --names
  +---++---+-++---+
  | Role  | User   | Group | Project | Domain | Inherited |
  +---++---+-++---+
  | admin | glance@default |   | service@default || False |
  | admin | admin@default  |   | admin@default   || False |
  | admin | admin@default  |   | service@default || False |
  | user  | demo@default   |   | demo@default|| False |
  +---++---+-++---+

  Debug output:

  root@controller:~# openstack --debug  image create "cirros"   --file 
cirros-0.3.4-x86_64-disk.img   --disk-format qcow2 --container-format bare   
--public
  START with options: ['--debug', 'image', 'create', 'cirros', '--file', 
'cirros-0.3.4-x86_64-disk.img', '--disk-format', 'qcow2', '--container-format', 
'bare', '--public']
  options: Namespace(access_token_endpoint='', auth_type='', 
auth_url='http://controller:35357/v3', cacert='', client_id='', 
client_secret='***', cloud='', debug=True, default_domain='default', 
deferred_help=False, domain_id='', domain_name='', endpoint='', 
identity_provider='', identity_provider_url='', insecure=None, interface='', 
log_file=None, os_compute_api_version='', os_identity_api_version='3', 
os_image_api_version='2', os_network_api_version='', os_object_api_version='', 
os_project_id=None, os_project_name=None, os_volume_api_version='', 
password='***', profile=None, project_domain_id='', 
project_domain_name='default', project_id='', project_name='admin', 
protocol='', region_name='', scope='', service_provider_endpoint='', 
timing=False, token='***', trust_id='', url='', user_domain_id='', 
user_domain_name='default', user_id='', username='admin', verbose_level=3, 
verify=None)
  defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': 
None,

[Yahoo-eng-team] [Bug 1596927] Re: Glance installation does not appear to detect admin role

[Yahoo-eng-team] [Bug 1596927] Re: Glance installation does not appear to detect admin role

[Yahoo-eng-team] [Bug 1596927] Re: Glance installation does not appear to detect admin role

3 matches

Site Navigation

Mail list logo

Footer information