Hi Jay, Wanted to clarify a few things around this:
1. are you using --is_public or --is-public option? 2. are you using stable/juno branch or it is a rc(1/2/3) from ubuntu packages? After trying out: glance image-create --is-public=True --disk-format qcow2 --container-format bare --name foobar --name foobar --file /opt/stack/data/glance/images/5be32fc4-e063-4032-b248-516c7ab7116b the command seems to be working on the latest devstack setup with the branch stable/juno used for glance. The policy file in your paste looks fine too. As nothing out of the ordinary seems to be wrong, hope this intuitive suggestion helps: the filesystem store config may be mismatched (possibly there are 2 options). Thanks, -Nikhil ________________________________________ From: Tom Fifield [t...@openstack.org] Sent: Monday, October 27, 2014 9:26 PM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [glance] Permissions differences for glance image-create between Icehouse and Juno Sorry, early morning! I can confirm that in your policy.json there is: "publicize_image": "role:admin", which seems to match what's needed :) Regards, Tom On 28/10/14 10:18, Jay Pipes wrote: > Right, but as you can read below, I'm using an admin to do the operation... > > Which is why I'm curious what exactly I'm supposed to do :) > > -jay > > On 10/27/2014 09:04 PM, Tom Fifield wrote: >> This was covered in the release notes for glance, under "Upgrade notes": >> >> https://wiki.openstack.org/wiki/ReleaseNotes/Juno#Upgrade_Notes_3 >> >> * The ability to upload a public image is now admin-only by default. To >> continue to use the previous behaviour, edit the publicize_image flag in >> etc/policy.json to remove the role restriction. >> >> Regards, >> >> >> Tom >> >> On 28/10/14 01:22, Jay Pipes wrote: >>> Hello Glancers, >>> >>> Peter and I are having issues working with a Juno Glance endpoint. >>> Specifically, a glance image-create ... --is_public=True CLI command >>> that *was* working in our Icehouse cloud is now failing in our Juno >>> cloud with a 403 Forbidden. >>> >>> The specific command in question is: >>> >>> glance image-create --name "cirros-0.3.2-x86_64" --file >>> /var/tmp/cirros-0.3.2-x86_64-disk.img --disk-format qcow2 >>> --container-format bare --is_public=True >>> >>> If we take off the is_public=True, everything works just fine. We are >>> executing the above command as a user with a user called "admin" having >>> the role "admin" in a project called "admin". >>> >>> We have enabled debug=True conf option in both glance-api.conf and >>> glance-registry.conf, and unfortunately, there is no log output at all, >>> other than spitting out the configuration option settings on daemon >>> startup and a few messages like "Loaded policy rules: ..." which don't >>> actually provide any useful information about policy *decisions* that >>> are made... :( >>> >>> Any help is most appreciated. Our policy.json file is the stock one that >>> comes in the Ubuntu Cloud Archive glance packages, i.e.: >>> >>> http://paste.openstack.org/show/125420/ >>> >>> Best, >>> -jay >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev