Ask Your Question
0

Non admin users unable to create cinder volume backup

asked 2019-01-28 06:35:10 -0500

Deepa gravatar image

updated 2019-01-28 06:37:37 -0500

While trying to create cinder backup as non-admin user i am not able to see the openstack volume backup command itself .

openstack volume --help
    Command "volume" matches:
      volume create
      volume delete
      volume list
      volume qos associate
      volume qos create
      volume qos delete
      volume qos disassociate
      volume qos list
      volume qos set
      volume qos show
      volume qos unset
      volume set
      volume show
      volume type create
      volume type delete
      volume type list
      volume type set
      volume type show
      volume type unset
      volume unset

This doesnst include openstack volume backup create or snapshot create options. Can anyone help to get these enabled for a non-admin user account in Openstack Ocata version

edit retag flag offensive close merge delete

Comments

2

What's the output of grep backup /etc/cinder/policy.json and grep backup /srv/www/openstack-dashboard/openstack_dashboard/conf/cinder_policy.json? These are the policies used by openstack. The respective files in your environment could be located elsewhere.

eblock gravatar imageeblock ( 2019-01-28 08:01:03 -0500 )edit

I can create and list backups as non-admin user, but in Horizon I don't have all these option, e.g. I can't create a backup, only delete one that I created in CLI.

eblock gravatar imageeblock ( 2019-01-28 08:18:23 -0500 )edit

I cant create or list backup as non-admin user either from command line or from Horizon.

Deepa gravatar imageDeepa ( 2019-01-28 23:15:08 -0500 )edit

Which openstack version are you running? Are the packages consistent in their versions? I run Ocata and these are my versions (incomplete): control:~ # rpm -qa | grep cinder openstack-cinder-backup-10.0.7~dev1-1.2.noarch python-cinder-10.0.7~dev1-1.2.noarch python-cinderclient-1.11.0-3.3.noarch

eblock gravatar imageeblock ( 2019-01-29 04:21:39 -0500 )edit

@eblock yes mine is also ocata on ubuntu

Deepa gravatar imageDeepa ( 2019-01-29 23:30:03 -0500 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2019-01-28 23:26:09 -0500

Deepa gravatar image

updated 2019-01-30 03:54:34 -0500

@eblock .Is it something to do with policy.json file ?

openstack volume service list
+------------------+-----------------------+------+---------+-------+----------------------------+
| Binary           | Host                  | Zone | Status  | State | Updated At                 |
+------------------+-----------------------+------+---------+-------+----------------------------+
| cinder-volume    | cinder@backend1       | nova | enabled | up    | 2019-01-30T09:47:43.000000 |
| cinder-scheduler | FGSUSSUCTR01          | nova | enabled | up    | 2019-01-30T09:47:44.000000 |
| cinder-backup    | FGSUSSUCTR01          | nova | enabled | up    | 2019-01-30T09:47:51.000000 

service cinder-backup status
● cinder-backup.service - OpenStack Cinder Backup
   Loaded: loaded (/lib/systemd/system/cinder-backup.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-01-29 12:08:44 UTC; 21h ago
  Process: 25686 ExecStartPre=/bin/chown cinder:adm /var/log/cinder (code=exited, status=0/SUCCESS)
      Process: 25680 ExecStartPre=/bin/chown cinder:cinder /var/lock/cinder /var/lib/cinder (code=exited, status=0/SUCCESS)
      Process: 25674 ExecStartPre=/bin/mkdir -p /var/lock/cinder /var/log/cinder /var/lib/cinder (code=exited, status=0/SUCCESS)
     Main PID: 25691 (cinder-backup)
    Tasks: 22
   Memory: 4.6G
      CPU: 14min 37.243s
   CGroup: /system.slice/cinder-backup.service
           ├─25691 /usr/bin/python /usr/bin/cinder-backup --config-file=/etc/cinder/cinder.conf --log-file=/var/log/cinder/cinder-bac
           └─43345 /usr/bin/python2.7 /usr/bin/privsep-helper --config-file /etc/cinder/cinder.conf --privsep_context os_brick.privil

@eblock Please see the output as below from cinder and Openstack dashboard respectively

 root@FGSUSSUCTR01:~# grep backup /etc/cinder/policy.json
        "volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
        "volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
        "backup:create" : "",
        "backup:delete": "rule:admin_or_owner",
        "backup:get": "rule:admin_or_owner",
        "backup:get_all": "rule:admin_or_owner",
        "backup:restore": "rule:admin_or_owner",
        "backup:backup-import": "rule:admin_api",
        "backup:backup-export": "rule:admin_api",
        "backup:update": "rule:admin_or_owner",
        "backup:backup_project_attribute": "rule:admin_api",
    root@FGSUSSUCTR01:~#

more ./usr/share/openstack-dashboard/openstack_dashboard/conf/cinder_policy.json |grep -i backup

    "volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
    "volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
    "backup:create" : "",
    "backup:delete": "rule:admin_or_owner",
    "backup:get": "rule:admin_or_owner",
    "backup:get_all": "rule:admin_or_owner",
    "backup:restore": "rule:admin_or_owner",
    "backup:backup-import": "rule:admin_api",
    "backup:backup-export": "rule:admin_api",
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2019-01-28 06:35:10 -0500

Seen: 44 times

Last updated: Jan 30