On Mon, Sep 08, 2014 at 11:07:57PM +0000, David Hill wrote: > Hi guys, > > > > I have 2 environments that are almost identical but one of > them gives me this: > > > > keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are > not authorized to perform the requested action, identity:create_domain. > (HTTP 403) > > > > When I try to run: > > > > heat-keystone-setup-domain --stack-domain-admin stack_admin > --stack-domain-admin-password $password --stack-user-domain-name heat > > > > The problem is that I'm using the same policy everywhere and one works but > the other doesn't. I'm out of ideas!
I think heat-keystone-setup-domain is just the messenger here, and that either the credentials used lack sufficient roles to create the domain, or you have issues with the keystone configuration. I'd suggest installing python-openstackclient and testing creating a domain with that: openstack --os-token atoken --os-url=http://127.0.0.1:5000/v3 \ --os-identity-api-version=3 domain create test123 You can actually use python-openstackclient to do all the domain configuration, heat-keystone-setup-domain is just a convenience script for some folks who didn't have it in their environments, instructions here: http://hardysteven.blogspot.co.uk/2014/04/heat-auth-model-updates-part-2-stack.html Steve _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
