Ask Your Question
3

If policy.json is accidently deleted , is there anyway for admin to login to openstack?

asked 2013-08-26 04:49:29 -0600

Sudheesh gravatar image

updated 2016-02-15 11:18:48 -0600

fifieldt gravatar image

If policy.json is accidently deleted , is there anyway for admin to login to openstack?

I am asking this question based on an incidental experience. policy.json is just an protected file and anybody has access to the directory and able to remove file can actually take the entire openstack cloud down. I was doing some work and the ADMIN_REQUIRED policy was accidently removed and I could not access any of the services after that.

Is there any plan to move RBAC policies to DB sooner?

edit retag flag offensive close merge delete

Comments

You mean to say from all the service locations? like from /etc/nova/ /etc/neutron etc?

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2016-02-16 07:23:35 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-06-28 14:12:22 -0600

ayoung gravatar image

Technically yes, but I htink, theway youare asking it, realistically no.

If there is no policy.json file, I think Keystone denies all.

you can do ADMIN_TOKEN, but in a sane deployment, that should be disabled. You wouldneed the same degree of acces to the machine to enable ADMIN_TOKEN as to replace the policy file.

you could just as easily add a new policy.json file. The policy.json file is protected by operatin system file permissions; make it world readable, but writable only by root is it best approach.

If it could be modified once, it can be modified again.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

subscribe to rss feed

Stats

Asked: 2013-08-26 04:49:29 -0600

Seen: 323 times

Last updated: Jun 28 '16

Related questions

Can someone help me install keystone juno?

Keystone stopped working

Keystone-manage command not found.

Devstack installation failure

Keystone and Nova Users

authorization failed (keystone logs)

How to cleanly remove a user

problem when running command

keystone not following config file

How do I create a Swift only user