I’ve run into a problem with the gnocchi CLI. Whenever I run ‘gnocchi status’ I get a 403 Forbidden, but I can run other commands like 'gnocchi resource create’ no problem.
I’ve checked the policy.json and it looks like “admin” has rights to get status, the same as create resources. I cannot figure out why get status would show a 403 forbidden, but I can run other commands just fine. [root ~] # gnocchi status --debug REQ: curl -g -i -X GET http://keystone:35357/v3 -H "Accept: application/json" -H "User-Agent: keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5" Starting new HTTP connection (1): keystone "GET /v3 HTTP/1.1" 200 277 RESP: [200] Content-Type: application/json Content-Length: 277 Connection: keep-alive Date: Thu, 23 Feb 2017 16:52:40 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 Vary: X-Auth-Token x-openstack-request-id: req-189a8db8-6210-4735-bc66-b2dc90b00a38 RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "http://keystone:35357/v3/";, "rel": "self"}]}} Making authentication request to http://keystone:35357/v3/auth/tokens "POST /v3/auth/tokens HTTP/1.1" 201 3874 REQ: curl -g -i -X GET http://gnocchi:8041/v1/status -H "User-Agent: keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5" -H "Accept: application/json, */*" -H "X-Auth-Token: {SHA1}AAA" Starting new HTTP connection (1): gnocchi "GET /v1/status HTTP/1.1" 403 54 RESP: [403] Content-Type: application/json; charset=UTF-8 Content-Length: 54 Connection: keep-alive Server: Werkzeug/0.9.1 Python/2.7.5 Date: Thu, 23 Feb 2017 16:52:40 GMT RESP BODY: {"code": 403, "description": "", "title": "Forbidden"} Forbidden (HTTP 403) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/cliff/app.py", line 346, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python2.7/site-packages/cliff/display.py", line 79, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status_cli.py", line 21, in take_action status = self.app.client.status.get() File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status.py", line 21, in get return self._get(self.url).json() File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/base.py", line 37, in _get return self.client.api.get(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/gnocchiclient/client.py", line 38, in request raise exceptions.from_response(resp, method) Forbidden: Forbidden (HTTP 403) Traceback (most recent call last): File "/usr/bin/gnocchi", line 10, in <module> sys.exit(main()) File "/usr/lib/python2.7/site-packages/gnocchiclient/shell.py", line 211, in main return GnocchiShell().run(args) File "/usr/lib/python2.7/site-packages/cliff/app.py", line 226, in run result = self.run_subcommand(remainder) File "/usr/lib/python2.7/site-packages/cliff/app.py", line 346, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python2.7/site-packages/cliff/display.py", line 79, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status_cli.py", line 21, in take_action status = self.app.client.status.get() File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/status.py", line 21, in get return self._get(self.url).json() File "/usr/lib/python2.7/site-packages/gnocchiclient/v1/base.py", line 37, in _get return self.client.api.get(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/gnocchiclient/client.py", line 38, in request raise exceptions.from_response(resp, method) gnocchiclient.exceptions.Forbidden: Forbidden (HTTP 403)
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
