>> Did you test this with an admin user? Yes, did test it with an admin user.
>> may be caused by an upgrade from Icehouse -> Juno. Possibly, good point. Thanks, -Nikhil ________________________________________ From: Flavio Percoco [fla...@redhat.com] Sent: Friday, October 31, 2014 4:03 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [glance] Permissions differences for glance image-create between Icehouse and Juno On 31/10/14 04:57 +0000, Nikhil Komawar wrote: >Hi Jay, > >Wanted to clarify a few things around this: > >1. are you using --is_public or --is-public option? >2. are you using stable/juno branch or it is a rc(1/2/3) from ubuntu packages? > >After trying out: > >glance image-create --is-public=True --disk-format qcow2 --container-format >bare --name foobar --name foobar --file >/opt/stack/data/glance/images/5be32fc4-e063-4032-b248-516c7ab7116b > >the command seems to be working on the latest devstack setup with the branch >stable/juno used for glance. Did you test this with an admin user? >The policy file in your paste looks fine too. > >As nothing out of the ordinary seems to be wrong, hope this intuitive >suggestion helps: the filesystem store config may be mismatched (possibly >there are 2 options). I haven't had the chance to test this but my guess is that Jay's issue may be caused by an upgrade from Icehouse -> Juno. I'll hopefully be able to give this a try today. Fla. > >Thanks, >-Nikhil > >________________________________________ >From: Tom Fifield [t...@openstack.org] >Sent: Monday, October 27, 2014 9:26 PM >To: openstack-dev@lists.openstack.org >Subject: Re: [openstack-dev] [glance] Permissions differences for glance >image-create between Icehouse and Juno > >Sorry, early morning! > >I can confirm that in your policy.json there is: > > "publicize_image": "role:admin", > >which seems to match what's needed :) > >Regards, > > >Tom > >On 28/10/14 10:18, Jay Pipes wrote: >> Right, but as you can read below, I'm using an admin to do the operation... >> >> Which is why I'm curious what exactly I'm supposed to do :) >> >> -jay >> >> On 10/27/2014 09:04 PM, Tom Fifield wrote: >>> This was covered in the release notes for glance, under "Upgrade notes": >>> >>> https://wiki.openstack.org/wiki/ReleaseNotes/Juno#Upgrade_Notes_3 >>> >>> * The ability to upload a public image is now admin-only by default. To >>> continue to use the previous behaviour, edit the publicize_image flag in >>> etc/policy.json to remove the role restriction. >>> >>> Regards, >>> >>> >>> Tom >>> >>> On 28/10/14 01:22, Jay Pipes wrote: >>>> Hello Glancers, >>>> >>>> Peter and I are having issues working with a Juno Glance endpoint. >>>> Specifically, a glance image-create ... --is_public=True CLI command >>>> that *was* working in our Icehouse cloud is now failing in our Juno >>>> cloud with a 403 Forbidden. >>>> >>>> The specific command in question is: >>>> >>>> glance image-create --name "cirros-0.3.2-x86_64" --file >>>> /var/tmp/cirros-0.3.2-x86_64-disk.img --disk-format qcow2 >>>> --container-format bare --is_public=True >>>> >>>> If we take off the is_public=True, everything works just fine. We are >>>> executing the above command as a user with a user called "admin" having >>>> the role "admin" in a project called "admin". >>>> >>>> We have enabled debug=True conf option in both glance-api.conf and >>>> glance-registry.conf, and unfortunately, there is no log output at all, >>>> other than spitting out the configuration option settings on daemon >>>> startup and a few messages like "Loaded policy rules: ..." which don't >>>> actually provide any useful information about policy *decisions* that >>>> are made... :( >>>> >>>> Any help is most appreciated. Our policy.json file is the stock one that >>>> comes in the Ubuntu Cloud Archive glance packages, i.e.: >>>> >>>> http://paste.openstack.org/show/125420/ >>>> >>>> Best, >>>> -jay >>>> >>>> _______________________________________________ >>>> OpenStack-dev mailing list >>>> OpenStack-dev@lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > >_______________________________________________ >OpenStack-dev mailing list >OpenStack-dev@lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >_______________________________________________ >OpenStack-dev mailing list >OpenStack-dev@lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- @flaper87 Flavio Percoco _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
