Ask Your Question
0

ERROR: Policy doesn't allow compute_extension:services to be performed. (HTTP 403) (Request-ID: req-47b04f9c-07ae-4352-9f48-1073907175bf)

asked 2013-03-09 12:33:25 -0600

antonio-tirri gravatar image

I installed OpenStack through DevStack.

When I try to type the nova service-list command, I obtain the following error:

stack@controllerubuntuvirtualbox:~/devstack$ source openrc stack@controllerubuntuvirtualbox:~/devstack$ source stackrc stack@controllerubuntuvirtualbox:~/devstack$ nova service-list ERROR: Policy doesn't allow compute_extension:services to be performed. (HTTP 403) (Request-ID: req-47b04f9c-07ae-4352-9f48-1073907175bf)

How is it possible to solve the problem?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2013-10-05 09:04:48 -0600

alfredcs gravatar image

Another possibility is to check /etc/nova/policy.jason to make this file is correct. Default one should work just fine.

edit flag offensive delete link more
0

answered 2016-05-11 19:41:16 -0600

stewie925 gravatar image

updated 2016-05-13 14:41:32 -0600

I have been looking for an answer too for this policy error - my issue was I encountered an error when I tried to execute 'nova service-list'. Like the original poster I sourced my stack credentials by running

source openrc          (no username was expressedly entered)

By default, devstack will set your username to 'demo' if no [username] is specified.

Error message I got was:

 "ERROR (Forbidden): Policy doesn't allow os_compute_api:os-services to be performed. (HTTP 403)"

I was finally able to fix the 'policy error' by re-sourcing my stack credentials by adding username 'admin'

source openrc admin

I believe that way devstack switched me to 'admin' role - and I was able to run the "nova service-list" command successfully (no more issues at all).

To check which username you're using run

source openrc $OS_USERNAME

Hope this would help the others with this issue.

edit flag offensive delete link more
0

answered 2013-03-10 13:04:51 -0600

keith-tobin gravatar image

It seems that you are not authorised to get the service-list, this would happen if the user configured by openerc is not a admin. Can you check that the user is a admin. Figure what user openrc is using and use keystone cli to ge the user roles.

To get the user openrc as configured run,

ecgo $USERNAME

This wil give you the username you are using

Then use keystone cli to figure if user has admin roles by getting a list of roles

http://docs.openstack.org/cli/quick-start/content/keystone_client.html#keystone_client_commands (http://docs.openstack.org/cli/quick-s...)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-03-09 12:33:25 -0600

Seen: 3,589 times

Last updated: May 13 '16