Create Ceilometer alarm from Heat no authorized
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Invalid
|
High
|
MOS Heat | ||
8.0.x |
Fix Released
|
High
|
Oleksii Chuprykov | ||
Mitaka |
Invalid
|
High
|
Peter Razumovsky | ||
Newton |
Invalid
|
High
|
MOS Heat |
Bug Description
After a fresh install of MOS 8.0, a regular user cannot deploy heat templates which create autoscaling alarms.
A simple template like this: http://
gets this error: Resource CREATE failed: Forbidden: resources.
The heat resource which fires the error is this:
cpu_alarm_high:
type: OS::Ceilometer:
properties:
description: Scale-up if the average CPU > 50% for 1 minute
meter_name: cpu_util
statistic: avg
period: 60
evaluatio
threshold: 50
alarm_
- {get_attr: [scale_up_policy, alarm_url]}
matching_
compariso
Nevertheless, a regular user can create the alarm through the ceilometer CLI:
Nova instance:
[user1@linux]$ nova list
+------
| ID | Name | Status | Task State | Power State | Networks |
+------
| efd35884-
+------
Check meter/samples for the instance:
[user1@linux]$ ceilometer sample-list -q resource_
+------
| Resource ID | Name | Type | Volume | Unit | Timestamp |
+------
| efd35884-
| efd35884-
Create the alarm:
[user1@linux]$ ceilometer alarm-threshold
+------
| Property | Value |
+------
| alarm_actions | [] |
| alarm_id | 339ead8e-
| comparison_operator | gt |
| description | CPU usage high |
| enabled | True |
| evaluation_periods | 1 |
| exclude_outliers | False |
| insufficient_
| meter_name | cpu_util |
| name | cpu_high_alarm |
| ok_actions | [] |
| period | 300 |
| project_id | 65f8d3591f2c478
| query | resource_id == efd35884-
| | project_id == 65f8d3591f2c478
| repeat_actions | False |
| severity | low |
| state | insufficient data |
| statistic | avg |
| threshold | 5.0 |
| type | threshold |
| user_id | 202e3502ad9d486
+------
And check the alarm status:
[user1@linux]$ ceilometer alarm-show 339ead8e-
+------
| Property | Value |
+------
| alarm_actions | [] |
| alarm_id | 339ead8e-
| comparison_operator | gt |
| description | CPU usage high |
| enabled | True |
| evaluation_periods | 1 |
| exclude_outliers | False |
| insufficient_
| meter_name | cpu_util |
| name | cpu_high_alarm |
| ok_actions | [] |
| period | 300 |
| project_id | 65f8d3591f2c478
| query | resource_id == efd35884-
| | project_id == 65f8d3591f2c478
| repeat_actions | False |
| severity | low |
| state | insufficient data |
| statistic | avg |
| threshold | 5.0 |
| type | threshold |
| user_id | 202e3502ad9d486
+------
In short: the user can create the alarm with ceilometer CLI, but through heat there's an authorization problem.
It cannot be reproduced in Mitaka release. If this issue will appear in Mitaka, reopen bug for Mitaka.