Ask Your Question
3

If policy.json is accidently deleted , is there anyway for admin to login to openstack?

asked 2013-08-26 04:49:29 -0500

Sudheesh gravatar image

updated 2016-02-15 11:18:48 -0500

fifieldt gravatar image

If policy.json is accidently deleted , is there anyway for admin to login to openstack?

I am asking this question based on an incidental experience. policy.json is just an protected file and anybody has access to the directory and able to remove file can actually take the entire openstack cloud down. I was doing some work and the ADMIN_REQUIRED policy was accidently removed and I could not access any of the services after that.

Is there any plan to move RBAC policies to DB sooner?

edit retag flag offensive close merge delete

Comments

You mean to say from all the service locations? like from /etc/nova/ /etc/neutron etc?

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2016-02-16 07:23:35 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-06-28 14:12:22 -0500

ayoung gravatar image

Technically yes, but I htink, theway youare asking it, realistically no.

If there is no policy.json file, I think Keystone denies all.

you can do ADMIN_TOKEN, but in a sane deployment, that should be disabled. You wouldneed the same degree of acces to the machine to enable ADMIN_TOKEN as to replace the policy file.

you could just as easily add a new policy.json file. The policy.json file is protected by operatin system file permissions; make it world readable, but writable only by root is it best approach.

If it could be modified once, it can be modified again.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

subscribe to rss feed

Stats

Asked: 2013-08-26 04:49:29 -0500

Seen: 300 times

Last updated: Jun 28 '16

Related questions

How to create my own rule in Policy.json

keystone API history page has disappeared

publicURL endpoint for orchestration not found [closed]

Openstack Newton RBAC/ policy.json not enforcing

nova list shows printt as response

Gnocchi API responses 401 Unauthorised

HTTP 500 error while installing the keystone identity service (Mitaka)

openstack mitaka ubuntu identity v2 401

No connection adapters were found

keystone token flushing