OpenStack Dashboard (Horizon)

cloud_admin not work in Horizon

Bug #1553904 reported by Phelim Xue
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Invalid
Undecided
Dan Nguyen

Bug Description

1)
I download and build environment Horizon with Github
https://github.com/openstack/horizon

2)
I configure my horizon with URL below
https://wiki.openstack.org/wiki/Horizon/DomainWorkFlow

If my keystone policy use origin policy, it's OKay.
But when I change policy to policy.v3cloudsample.json

the domain/project/user/group function not work.

seems like auth_token not domain scope

3)
In this commit https://review.openstack.org/#/c/141153/
the problem looks like resolved.
why I got this failure, what do I missed?

Tags: keystone
Rob Cresswell (robcresswell-deactivatedaccount)
tags: added: keystone
Dan Nguyen (daniel-a-nguyen)
Changed in horizon:
assignee: nobody → Dan Nguyen (daniel-a-nguyen)
Revision history for this message
Dan Nguyen (daniel-a-nguyen) wrote :

Hello,

This sounds like might be a configuration issue.
Here are things you need to do enable domain support and Keystone v3 in Horizon in devstack.

[Keystone]

1) copy or link the v3 policy file to /etc/keystone/policy.json

2) edit the 'cloud_admin', set the default_admin_id to 'default'

3) restart keystone
    $ sudo service apache2 restart

4) grant the admin user an admin role on the default admin domain
    $ curl -s -H "X-Auth-Token: <ADMIN_TOKEN>" -X PUT http://127.0.0.1:5000/v3/domains/default/users/<ADMIN_ID>/roles/<ADMIN_ROLE_ID>

--> Note 1: Refer to keystone docs regarding the ADMIN_TOKEN as this has changed a bit recently
--> Note 2: There is also a local_user table in the keystone database now where the admin user is stored

[Horizon]

5) enable the following configs in your local_settings.py

# We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use
# memcached set CACHES to something like
CACHES = {
   'default': {
       'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
       'LOCATION': '127.0.0.1:11211',
   }
}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
...
OPENSTACK_API_VERSIONS = { "identity": 3, }
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
...
POLICY_FILES = {
#'identity': 'keystone_policy.json',
'identity': 'policy.v3cloudsample.json',

--> Note: the copy of the policy.v3cloudsample.json should omit this string:

token.is_admin_project:True

There is an issue here about that https://bugs.launchpad.net/horizon/+bug/1564851

Give that a shot and let me know if you still run into issues. You also hit me up on irc.

Revision history for this message
Dan Nguyen (daniel-a-nguyen) wrote :

Also Brad, wrote this up http://www.symantec.com/connect/blogs/domain-support-horizon-here

Revision history for this message
Phelim Xue (phelim1234) wrote :

Hello, Dan Nguyen

Thank you for your reply
I remove policy "token.is_admin_project:True" and change "
The Horizon can browsed domain/project/user/group function
but have other error, when I managed project option (ex. manage member, edit project etc...)
get exception "Recoverable error: Invalid service catalog service: compute"

Revision history for this message
Gary W. Smith (gary-w-smith) wrote :

Since this is old and appears to be a configuration issue, marking as invalid. If you can still reproduce this on a current version when following the procedures outlined in the comments, feel free to reopen the bug.

Changed in horizon:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.