在admin租户下使用 nova boot –availability-zone 在指定的节点上启动虚拟机正常

可是当在非admin租户下指定 –availability-zone 启动虚拟机报错

# nova boot --flavor m1.tiny --image  cirros --nic net-id=65758d11-4027-4b33-9a8f-a5a215bb89c0 --availability-zone nova:vgw test-vgw
ERROR: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-42f48090-e0eb-4ed0-8493-99b06d1ce02d)

加–debug选项，看到如下报错信息

INFO (connectionpool:203) Starting new HTTP connection (1): 172.16.85.129
DEBUG (connectionpool:295) "POST /v1.1/bdd28cc0c15245adae5455a67118bb17/servers HTTP/1.1" 403 107
RESP: [403] {'date': 'Fri, 19 Jun 2015 04:45:54 GMT', 'content-length': '107', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0'}
RESP BODY: {"forbidden": {"message": "Policy doesn't allow compute:create:forced_host to be performed.", "code": 403}}

DEBUG (shell:783) Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0)
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 780, in main
    OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
  File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 716, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.6/site-packages/novaclient/v1_1/shell.py", line 433, in do_boot
    server = cs.servers.create(*boot_args, **boot_kwargs)
  File "/usr/lib/python2.6/site-packages/novaclient/v1_1/servers.py", line 871, in create
    **boot_kwargs)
  File "/usr/lib/python2.6/site-packages/novaclient/v1_1/servers.py", line 534, in _boot
    return_raw=return_raw, **kwargs)
  File "/usr/lib/python2.6/site-packages/novaclient/base.py", line 152, in _create
    _resp, body = self.api.client.post(url, body=body)
  File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 312, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 286, in _cs_request
    **kwargs)
  File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 268, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 262, in request
    raise exceptions.from_response(resp, body, url, method)
Forbidden: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0)
ERROR: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-ed4a06fc-512e-4c5a-9f99-0b7304f817d0)

解决方法如下

# vim /etc/nova/policy.json

#change
"compute:create:forced_host": "is_admin:True",
#to
"compute:create:forced_host": "",

重启 nova 服务即可

# openstack-service restart nova