Unable to delete the existing overcloud stack from OpenStack Director node
Environment
- Red Hat OpenStack Director
Issue
-
Unable to delete the existing stack with with following error:
(undercloud) [stack@ospdirector ~]$ openstack stack delete overcloud Are you sure you want to delete this stack(s) [y/N]? y Forbidden: overcloud Unable to delete 1 of the 1 stacks.
Resolution
-
Modify the
stacks:delete
with parmaterdeny_stack_user
."stacks:delete": "rule:deny_stack_user"
-
Then proceed to restart the heat service in Director node.
[root@undercloud-11 ~]# systemctl restart openstack-heat-engine.service openstack-heat-api.service openstack-heat-api-cfn.service
- After successfully deployed overcloud stack, refer official documentation to protecticting the
overcloud
stack.
Root Cause
- In the Director node the
stack-delete
operation has restricted for everyuser in/etc/heat/policy.json
file.
Diagnostic Steps
-
Verify
stacks:delete
policy parameter details inheat/policy.json
.$ grep stacks:delete etc/heat/policy.json "stacks:delete": "rule:deny_everybody",
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments