Unable to delete the existing overcloud stack from OpenStack Director node
Environment
- Red Hat OpenStack Director
Issue
-
Unable to delete the existing stack with with following error:
(undercloud) [stack@ospdirector ~]$ openstack stack delete overcloud Are you sure you want to delete this stack(s) [y/N]? y Forbidden: overcloud Unable to delete 1 of the 1 stacks.
Resolution
-
Modify the
stacks:deletewith parmaterdeny_stack_user."stacks:delete": "rule:deny_stack_user" -
Then proceed to restart the heat service in Director node.
[root@undercloud-11 ~]# systemctl restart openstack-heat-engine.service openstack-heat-api.service openstack-heat-api-cfn.service - After successfully deployed overcloud stack, refer official documentation to protecticting the
overcloudstack.
Root Cause
- In the Director node the
stack-deleteoperation has restricted for everyuser in/etc/heat/policy.jsonfile.
Diagnostic Steps
-
Verify
stacks:deletepolicy parameter details inheat/policy.json.$ grep stacks:delete etc/heat/policy.json "stacks:delete": "rule:deny_everybody",
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments