在admin租户下使用 nova boot –availability-zone 在指定的节点上启动虚拟机正常
可是当在非admin租户下指定 –availability-zone 启动虚拟机报错
复制
# nova boot --flavor m1.tiny --image cirros --nic net-id=65758d11-4027-4b33-9a8f-a5a215bb89c0 --availability-zone nova:vgw test-vgw
ERROR: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-42f48090-e0eb-4ed0-8493-99b06d1ce02d)
加–debug选项,看到如下报错信息
复制
INFO (connectionpool:203) Starting new HTTP connection (1): 172.16.85.129
DEBUG (connectionpool:295) "POST /v1.1/bdd28cc0c15245adae5455a67118bb17/servers HTTP/1.1" 403 107
RESP: [403] {'date': 'Fri, 19 Jun 2015 04:45:54 GMT', 'content-length': '107', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0'}
RESP BODY: {"forbidden": {"message": "Policy doesn't allow compute:create:forced_host to be performed.", "code": 403}}
DEBUG (shell:783) Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0)
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 780, in main
OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 716, in main
args.func(self.cs, args)
File "/usr/lib/python2.6/site-packages/novaclient/v1_1/shell.py", line 433, in do_boot
server = cs.servers.create(*boot_args, **boot_kwargs)
File "/usr/lib/python2.6/site-packages/novaclient/v1_1/servers.py", line 871, in create
**boot_kwargs)
File "/usr/lib/python2.6/site-packages/novaclient/v1_1/servers.py", line 534, in _boot
return_raw=return_raw, **kwargs)
File "/usr/lib/python2.6/site-packages/novaclient/base.py", line 152, in _create
_resp, body = self.api.client.post(url, body=body)
File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 312, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 286, in _cs_request
**kwargs)
File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 268, in _time_request
resp, body = self.request(url, method, **kwargs)
File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 262, in request
raise exceptions.from_response(resp, body, url, method)
Forbidden: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0)
ERROR: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0)
解决方法如下
复制
# vim /etc/nova/policy.json
#change
"compute:create:forced_host": "is_admin:True",
#to
"compute:create:forced_host": "",
重启 nova 服务即可
复制
# openstack-service restart nova