Ask Your Question
0

nova live-migration = AdminRequired: User does not have admin privileges

asked 2012-06-07 06:30:27 -0500

jcherkas gravatar image

Hello,

I am trying to test live migration of a running instances and keep getting:

raise exception.AdminRequired() AdminRequired: User does not have admin privileges

In nova-schedular.log

Here is the command I use to initiate the migration:

nova live-migration --block_migrate 86cc9f9b-872d-4342-8c83-d529e06b2f4e inap48-45

Returns and errors immediately.

Here is the trace back from nova-scheduler:

2012-06-06 23:21:58 WARNING nova.scheduler.manager [req-447f7ca7-a225-4063-b05c-0e0e614b02e6 jcherkas demo] Failed to sc hedule_live_migration: User does not have admin privileges 2012-06-06 23:21:58 ERROR nova.rpc.amqp [req-447f7ca7-a225-4063-b05c-0e0e614b02e6 jcherkas demo] Exception during messag e handling 2012-06-06 23:21:58 TRACE nova.rpc.amqp Traceback (most recent call last): 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py", line 252, in _process_data 2012-06-06 23:21:58 TRACE nova.rpc.amqp rval = node_func(context=ctxt, *node_args) 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/scheduler/manager.py", line 97, in _schedule 2012-06-06 23:21:58 TRACE nova.rpc.amqp context, ex, *args, *kwargs) 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ 2012-06-06 23:21:58 TRACE nova.rpc.amqp self.gen.next() 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/scheduler/manager.py", line 92, in _schedule 2012-06-06 23:21:58 TRACE nova.rpc.amqp return driver_method(args, *kwargs) 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/scheduler/driver.py", line 213, in schedule_live_migration 2012-06-06 23:21:58 TRACE nova.rpc.amqp self._live_migration_src_check(context, instance_ref) 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/scheduler/driver.py", line 263, in _live_migration_src_check 2012-06-06 23:21:58 TRACE nova.rpc.amqp services = db.service_get_all_compute_by_host(context, src) 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/db/api.py", line 122, in service_get_all_compute_by_host 2012-06-06 23:21:58 TRACE nova.rpc.amqp return IMPL.service_get_all_compute_by_host(context, host) 2012-06-06 23:21:58 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/api.py", line 101, in wrapper 2012-06-06 23:21:58 TRACE nova.rpc.amqp raise exception.AdminRequired() 2012-06-06 23:21:58 TRACE nova.rpc.amqp AdminRequired: User does not have admin privileges 2012-06-06 23:21:58 TRACE nova.rpc.amqp

There is no error or even a log message created on the remote compute node.

I add cloudadmin role to the user and still same issue so at this point not exactly sure what the issue is.

Any help would be greatly appreciated.

Thanks,

JC

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2012-06-07 21:48:44 -0500

vishvananda gravatar image

Yes with deprecated auth adminness is set based on that flag. You also might be able to create a role called 'admin' and use that. BTW, stop using deprecated auth!!!!

:)

edit flag offensive delete link more
0

answered 2012-06-07 21:58:00 -0500

jcherkas gravatar image

Thanks Vish.

Appreciate the response.

But I love deprecated auth ;)

Switching to keystone soon. Testing in dev env before rolling out in to prod....

edit flag offensive delete link more
0

answered 2012-06-07 18:42:08 -0500

vishvananda gravatar image

You need an administrative user in keystone, i.e. a user with the role 'admin'.

edit flag offensive delete link more
0

answered 2012-06-07 19:21:41 -0500

jcherkas gravatar image

Thanks for update Vish.

The challenge is that we are NOT using keystone right now but deprecated auth.

I did some looking around and found that in the user table there is the "is_admin" flag that is set to 0. If I set that flag to 1 for my user account I can get live-migration to work.

Trying to understand what the is_admin flag denotes. Is that equivalent to cloudadmin? If not then admin of what?

'nova-manage user admin' has this flag which you can set outside of directly editing the DB.

va-manage user admin <args> [options]

Options: -h, --help show this help message and exit --name=<admin name=""> Admin name --access=<access> Access --secret=<secret> Secret

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-06-07 06:30:27 -0500

Seen: 81 times

Last updated: Jun 07 '12