Hi,
When creating a demo user / project and assigning the _member_ role users
can create networks but errors when trying to create a subnet.
As the admin user I have full functionality.
Openstack: Liberty
Neutron: 2:7.0.0-0ubuntu1~cloud0
Contrail: 2.21
I have tried altering parts of neutron's policy.json file, but have
restored the defaults as this isn't the same error as when a user is not
authorized for something. My policy.json for the subnet portion is below:
"default": "rule:admin_or_owner",
"create_subnet": "rule:admin_or_network_owner",
"get_subnet": "rule:admin_or_owner or rule:shared",
"update_subnet": "rule:admin_or_network_owner",
"delete_subnet": "rule:admin_or_network_owner",
"create_subnetpool": "",
"create_subnetpool:shared": "rule:admin_only",
"get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
"update_subnetpool": "rule:admin_or_owner",
"delete_subnetpool": "rule:admin_or_owner",
"create_address_scope": "",
"create_address_scope:shared": "rule:admin_only",
"get_address_scope": "rule:admin_or_owner or
rule:shared_address_scopes",
"update_address_scope": "rule:admin_or_owner",
"update_address_scope:shared": "rule:admin_only",
"delete_address_scope": "rule:admin_or_owner",
The error in contrail seems to be the same from a previous bug with
creating floating IPs:
http://lists.opencontrail.org/pipermail/dev_lists.opencontrail.org/2015-December/002659.html
# Neutron debug log
2016-01-27 11:03:17.097 4105 INFO neutron.wsgi [-] (4105) accepted
('127.0.0.1', 52299)
2016-01-27 11:03:17.222 4105 ERROR neutron.policy
[req-33d14f5f-3973-4188-9a7d-bd407fe4ed77 13ab6379d8b348c29792c787cf981d77
d1833458701448c2aa74f3c461fef376 - - -] Policy check error while calling
<bound me
thod NeutronPluginContrailCoreV2.get_network of
<neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
object at 0x7fe3e1879b90>>!
2016-01-27 11:03:17.222 4105 ERROR neutron.policy Traceback (most recent
call last):
2016-01-27 11:03:17.222 4105 ERROR neutron.policy File
"/usr/lib/python2.7/dist-packages/neutron/policy.py", line 262, in __call__
2016-01-27 11:03:17.222 4105 ERROR neutron.policy fields=[parent_field])
2016-01-27 11:03:17.222 4105 ERROR neutron.policy File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 373, in get_network
2016-01-27 11:03:17.222 4105 ERROR neutron.policy return
self._get_network(context, network_id, fields)
2016-01-27 11:03:17.222 4105 ERROR neutron.policy File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 363, in _get_network
2016-01-27 11:03:17.222 4105 ERROR neutron.policy return
self._get_resource('network', context, id, fields)
2016-01-27 11:03:17.222 4105 ERROR neutron.policy File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 303, in _get_resource
2016-01-27 11:03:17.222 4105 ERROR neutron.policy fields=fields,
obj_name=res_type)
2016-01-27 11:03:17.222 4105 ERROR neutron.policy File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 255, in _transform_response
2016-01-27 11:03:17.222 4105 ERROR neutron.policy
self._raise_contrail_error(info, obj_name)
2016-01-27 11:03:17.222 4105 ERROR neutron.policy File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 270, in _raise_contrail_error
2016-01-27 11:03:17.222 4105 ERROR neutron.policy raise
exc.NeutronException(**info)
2016-01-27 11:03:17.222 4105 ERROR neutron.policy NeutronException: An
unknown exception occurred.
2016-01-27 11:03:17.222 4105 ERROR neutron.policy
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
[req-33d14f5f-3973-4188-9a7d-bd407fe4ed77 13ab6379d8b348c29792c787cf981d77
d1833458701448c2aa74f3c461fef376 - - -] create failed
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource Traceback (most
recent call last):
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron/api/v2/resource.py", line 83, in
resource
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource result =
method(request=request, **args)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_db/api.py", line 146, in wrapper
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource ectxt.value
= e.inner_exc
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 195, in
__exit__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
six.reraise(self.type_, self.value, self.tb)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_db/api.py", line 136, in wrapper
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource return
f(*args, **kwargs)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 435, in
create
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
pluralized=self._collection)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron/policy.py", line 391, in enforce
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
do_raise=True)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_policy/policy.py", line 492, in
enforce
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource result =
rule(target, creds, self)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_policy/_checks.py", line 238, in
__call__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource return
enforcer.rules[self.match](target, creds, enforcer)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_policy/_checks.py", line 191, in
__call__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource if
rule(target, cred, enforcer):
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_policy/_checks.py", line 238, in
__call__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource return
enforcer.rules[self.match](target, creds, enforcer)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_policy/_checks.py", line 191, in
__call__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource if
rule(target, cred, enforcer):
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron/policy.py", line 267, in __call__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource f)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 195, in
__exit__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
six.reraise(self.type_, self.value, self.tb)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron/policy.py", line 262, in __call__
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
fields=[parent_field])
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 373, in get_network
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource return
self._get_network(context, network_id, fields)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 363, in _get_network
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource return
self._get_resource('network', context, id, fields)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 303, in _get_resource
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
fields=fields, obj_name=res_type)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 255, in _transform_response
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
self._raise_contrail_error(info, obj_name)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource File
"/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py",
line 270, in _raise_contrail_error
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource raise
exc.NeutronException(**info)
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
NeutronException: An unknown exception occurred.
2016-01-27 11:03:17.225 4105 ERROR neutron.api.v2.resource
# contrail debug log
01/27/2016 11:04:01 AM [ctl03:contrail-api:Config:0]: <type
'exceptions.KeyError'>
Python 2.7.6: /usr/bin/python
Wed Jan 27 11:04:01 2016
A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.
/usr/lib/python2.7/dist-packages/vnc_openstack/__init__.py in
handler_trap_exception(*args=(), **kwargs={})
928 def handler_trap_exception(*args, **kwargs):
929 try:
930 response = handler(*args, **kwargs)
931 return response
932 except Exception as e:
response undefined
handler = <bound method
NeutronPluginInterface.plugin_http..._plugin_interface.NeutronPluginInterface
object>>
args = ()
kwargs = {}
/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py
in
plugin_http_post_network(self=<vnc_openstack.neutron_plugin_interface.NeutronPluginInterface
object>)
232
233 if context['operation'] == 'READ':
234 return self.plugin_get_network(context, network)
235 elif context['operation'] == 'CREATE':
236 return self.plugin_create_network(context, network)
self = <vnc_openstack.neutron_plugin_interface.NeutronPluginInterface
object>
self.plugin_get_network = <bound method
NeutronPluginInterface.plugin_get_..._plugin_interface.NeutronPluginInterface
object>>
context = {'is_admin': True, 'operation': 'READ', 'tenant_id': None,
'type': 'network', 'user_id': None}
network = {'fields': ['tenant_id'], 'filters': None, 'id':
'24ba6301-4846-4eeb-9959-540fea916a67'}
/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py
in
plugin_get_network(self=<vnc_openstack.neutron_plugin_interface.NeutronPluginInterface
object>, context={'is_admin': True, 'oper
ation': 'READ', 'tenant_id': None, 'type': 'network', 'user_id': None},
network={'fields': ['tenant_id'], 'filters': None, 'id':
'24ba6301-4846-4eeb-9959-540fea916a67'})
146
147 try:
148 cfgdb = self._get_user_cfgdb(context)
149 net_info = cfgdb.network_read(network['id'], fields)
150 return net_info
cfgdb undefined
self = <vnc_openstack.neutron_plugin_interface.NeutronPluginInterface
object>
self._get_user_cfgdb = <bound method
NeutronPluginInterface._get_user_c..._plugin_interface.NeutronPluginInterface
object>>
context = {'is_admin': True, 'operation': 'READ', 'tenant_id': None,
'type': 'network', 'user_id': None}
/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py
in
_get_user_cfgdb(self=<vnc_openstack.neutron_plugin_interface.NeutronPluginInterface
object>, context={'is_admin': True, 'operati
on': 'READ', 'tenant_id': None, 'type': 'network', 'user_id': None})
115 return self._cfgdb
116 user_id = context['user_id']
117 role = string.join(context['roles'], ",")
118 if not user_id in self._cfgdb_map:
119 self._cfgdb_map[user_id] = DBInterface(
role undefined
global string = <module 'string' from '/usr/lib/python2.7/string.pyc'>
string.join = <function join>
context = {'is_admin': True, 'operation': 'READ', 'tenant_id': None,
'type': 'network', 'user_id': None}
<type 'exceptions.KeyError'>: 'roles'
__class__ = <type 'exceptions.KeyError'>
__delattr__ = <method-wrapper '__delattr__' of exceptions.KeyError
object>
__dict__ = {}
__doc__ = 'Mapping key not found.'
__format__ = <built-in method __format__ of exceptions.KeyError object>
__getattribute__ = <method-wrapper '__getattribute__' of
exceptions.KeyError object>
__getitem__ = <method-wrapper '__getitem__' of exceptions.KeyError
object>
__getslice__ = <method-wrapper '__getslice__' of exceptions.KeyError
object>
__hash__ = <method-wrapper '__hash__' of exceptions.KeyError object>
__init__ = <method-wrapper '__init__' of exceptions.KeyError object>
__new__ = <built-in method __new__ of type object>
__reduce__ = <built-in method __reduce__ of exceptions.KeyError object>
__reduce_ex__ = <built-in method __reduce_ex__ of exceptions.KeyError
object>
__repr__ = <method-wrapper '__repr__' of exceptions.KeyError object>
__setattr__ = <method-wrapper '__setattr__' of exceptions.KeyError
object>
__setstate__ = <built-in method __setstate__ of exceptions.KeyError
object>
__sizeof__ = <built-in method __sizeof__ of exceptions.KeyError object>
__str__ = <method-wrapper '__str__' of exceptions.KeyError object>
__subclasshook__ = <built-in method __subclasshook__ of type object>
__unicode__ = <built-in method __unicode__ of exceptions.KeyError
object>
args = ('roles',)
message = 'roles'
The above is a description of an error in a Python program. Here is
the original traceback:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/vnc_openstack/__init__.py", line
930, in handler_trap_exception
response = handler(*args, **kwargs)
File
"/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py",
line 234, in plugin_http_post_network
return self.plugin_get_network(context, network)
File
"/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py",
line 148, in plugin_get_network
cfgdb = self._get_user_cfgdb(context)
File
"/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py",
line 117, in _get_user_cfgdb
role = string.join(context['roles'], ",")
KeyError: 'roles'
Has anyone else run into this issue, or do we have to create customer
networks as the admin user?
Thanks in advance,
Max
_______________________________________________
Dev mailing list
[email protected]
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
