Ask Your Question
3

If policy.json is accidently deleted , is there anyway for admin to login to openstack?

asked 2013-08-26 04:49:29 -0500

Sudheesh gravatar image

updated 2016-02-15 11:18:48 -0500

fifieldt gravatar image

If policy.json is accidently deleted , is there anyway for admin to login to openstack?

I am asking this question based on an incidental experience. policy.json is just an protected file and anybody has access to the directory and able to remove file can actually take the entire openstack cloud down. I was doing some work and the ADMIN_REQUIRED policy was accidently removed and I could not access any of the services after that.

Is there any plan to move RBAC policies to DB sooner?

edit retag flag offensive close merge delete

Comments

You mean to say from all the service locations? like from /etc/nova/ /etc/neutron etc?

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2016-02-16 07:23:35 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-06-28 14:12:22 -0500

ayoung gravatar image

Technically yes, but I htink, theway youare asking it, realistically no.

If there is no policy.json file, I think Keystone denies all.

you can do ADMIN_TOKEN, but in a sane deployment, that should be disabled. You wouldneed the same degree of acces to the machine to enable ADMIN_TOKEN as to replace the policy file.

you could just as easily add a new policy.json file. The policy.json file is protected by operatin system file permissions; make it world readable, but writable only by root is it best approach.

If it could be modified once, it can be modified again.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

subscribe to rss feed

Stats

Asked: 2013-08-26 04:49:29 -0500

Seen: 272 times

Last updated: Jun 28 '16

Related questions

The request you have made requires authentication. (HTTP 401)

Unable to install Keystone

how to solve keystone error "No module named oslo.config"? [closed]

nova-status upgrade check fails

Policy.json - Object storage

problem with keystone-manage db_sync

How to debug tests?

How to disable a tenant in keystone(essex4)

how to get an openstack token and validate it?

why my openstackclient doesn't work with keystone v3 API? [closed]