os-extended-server-attributes failed with credentials did anyone knows about this error ???

asked 2017-04-01 01:06:14 -0600

nitin gautam gravatar image

while launching my instance in a fresh installation of Newton openstack i got below error and i am unable to find a solution of that.

2017-03-31 01:32:01.524 4213 DEBUG nova.policy [req-79d293e6-d0fb-4013-a036-730dda3fc085 - - - - -] Policy check for os_compute_api:os-extended-server-attributes failed with credentials {'service_roles': [], 'user_id': u'a9ae63d0839c4ea98704793d8641f73f', 'roles': [u'user'], 'user_domain_id': u'default', 'service_project_id': None, 'service_user_id': None, 'service_user_domain_id': None, 'service_project_domain_id': None, 'is_admin_project': True, 'is_admin': False, 'project_id': u'44860bacef444434b2d5c85921e2fc9f', 'project_domain_id': u'default'} authorize /usr/lib/python2.7/site-packages/nova/policy.py:168
edit retag flag offensive close merge delete


If this were an error, it would say ERROR instead of DEBUG. Is anything not working?

Bernd Bausch gravatar imageBernd Bausch ( 2017-04-01 02:54:18 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2017-06-09 09:21:20 -0600

cshen gravatar image

Me too.

We enabled Nova Debug=True option, and we see similar in our logfile.

2017-06-09 13:04:51.046 8463 DEBUG nova.policy [req-1d15ce11-483d-4f28-a609-838a6e08ce88 2e96928e2f064808945168124a779dda e3afbb5dfe31457c9d8577396029bb0c - default default] Policy check for os_compute_api:os-extended-server-attributes failed with credentials {'domain': None, 'project_name': u'abc', 'project_domain': u'default', 'timestamp': '2017-06-09T13:04:39.148985', 'remote_address': '', 'quota_class': None, 'resource_uuid': None, 'is_admin': False, 'user': u'2e96928e2f064808945168124a779dda', 'service_catalog': [{u'endpoints': [{u'adminURL': u'http://xxx.cloud:8776/v1/e3afbb5dfe31457c9d8577396029bb0c', u'region': u'RegionOne', u'internalURL': u'http://xxx.cloud:8776/v1/e3afbb5dfe31457c9d8577396029bb0c', u'publicURL': u'https://xxx.cloud:8776/v1/e3afbb5dfe31457c9d8577396029bb0c'}], u'type': u'volume', u'name': u'cinder'}, {u'endpoints': [{u'adminURL': u'http://xxx.cloud:8776/v2/e3afbb5dfe31457c9d8577396029bb0c', u'region': u'RegionOne', u'internalURL': u'http://xxx.cloud:8776/v2/e3afbb5dfe31457c9d8577396029bb0c', u'publicURL': u'https://xxx.cloud:8776/v2/e3afbb5dfe31457c9d8577396029bb0c'}], u'type': u'volumev2', u'name': u'cinderv2'}], 'tenant': u'e3afbb5dfe31457c9d8577396029bb0c', 'read_only': False, 'project_id': u'e3afbb5dfe31457c9d8577396029bb0c', 'user_id': u'2e96928e2f064808945168124a779dda', 'show_deleted': False, 'roles': [u'_member_', u'heat_stack_owner'], 'user_identity': u'2e96928e2f064808945168124a779dda e3afbb5dfe31457c9d8577396029bb0c - default default', 'is_admin_project': True, 'read_deleted': 'no', 'request_id': 'req-1d15ce11-483d-4f28-a609-838a6e08ce88', 'instance_lock_checked': False, 'user_domain': u'default', 'user_name': u'admin'} authorize /openstack/venvs/nova-14.1.0/lib/python2.7/site-packages/nova/policy.py:169

and it seemed that the policy check took a few seconds to complete.

edit flag offensive delete link more


Why do you think it's an error?

Bernd Bausch gravatar imageBernd Bausch ( 2017-06-09 10:42:44 -0600 )edit

I just want to understand wy this policy check (os_compute_api:os-extended-server-attributes) failed.

cshen gravatar imagecshen ( 2017-06-09 16:24:41 -0600 )edit

Extended server attributes like the hypervisor host of an instance are not visible to normal users. This is by design, and I guess it's enforced by policy. Run openstack server show as admin and as normal user and compare the outputs.

Bernd Bausch gravatar imageBernd Bausch ( 2017-06-09 18:38:22 -0600 )edit

Thanks Bernd. You're right. os-extended-server-attributes is an admin api. Need admin role.

cshen gravatar imagecshen ( 2017-10-13 08:44:17 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-04-01 01:06:14 -0600

Seen: 1,003 times

Last updated: Jun 09 '17