Ask Your Question
1

After accidentally deleting a role I can't do anything

asked 2015-07-19 22:11:13 -0500

estebarb gravatar image

I accidentally delete the wrong role in openstack, and now I can't do any command. What should I do to recover that and get admin permissions again.

[root@machine]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 5994235b18c24cfc9d3ea11724aa1ef9 | user  |
| 7a1a4175c9e848118e8602897e943213 | admin |
+----------------------------------+-------+
[root@machine]# openstack role add --project service --user nova admin
ERROR: openstack Conflict occurred attempting to store role grant - User 0675a612e0f64bd89f8511ce0e612b27 already has role 7a1a4175c9e848118e8602897e943213 in tenant f4022aa377364e15ae70dd07f075e515 (HTTP 409) (Request-ID: req-4211dca2-6ee1-4aff-8fb4-bb7c0bdf2bf8)
[root@machine]# openstack role delete 7a1a4175c9e848118e8602897e943213
[root@machine]# openstack role add --project service --user nova admin
ERROR: openstack The request you have made requires authentication. (HTTP 401) (Request-ID: req-f80ae80d-db73-4352-9d18-240f5b1e9710)
[root@machine]# source admin-openrc.sh
[root@machine]# openstack role add --project service --user nova admin
ERROR: openstack The request you have made requires authentication. (HTTP 401) (Request-ID: req-7f2b1943-6a85-41b4-a39f-afcfc2f8be6f)
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-07-27 05:12:47 -0500

RAHUL1603 gravatar image

Hi Mate,

Remember the admin token = "value"you have in keystone.conf. Use the admin token instead of username and password.

If you have no entry for admin token, then just add a line for the same. example -- admin_token = 123456 Suppose you have admin token = "123456". Then follow the below mentioned steps.

export OS_TOKEN=123456 export OS_URL=http://controller:35357/v2.0

openstack role add --project admin --user admin admin

once done you will be able to relogin via admin adn work as usual. You can also source the admin credentials and password after this and all will work as usual

Regards Rahul Singh

edit flag offensive delete link more
0

answered 2015-07-27 02:57:47 -0500

foexle gravatar image

You delete the admin role from nova user, i think you try to use the nova credentials to add the new "admin" role. :) this cannot work. Just try to use the auth token instead of username/pw and add the admin role again.

Cheers Heiko

edit flag offensive delete link more
0

answered 2015-07-27 02:45:06 -0500

Did you delete the "_member_" role ?

# keystone role-get _member_
+-------------+-------------------------------------+
|   Property  |                Value                |
+-------------+-------------------------------------+
| description | Default role for project membership |
|   enabled   |                 True                |
|      id     |   afe2ff9ee6664b1fafa90878d3e666aa  |
|     name    |               _member_              |
+-------------+-------------------------------------+
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-07-19 22:11:13 -0500

Seen: 1,132 times

Last updated: Jul 27 '15