View Issue Details

IDProjectCategoryView StatusLast Update
0016753CentOS-7Cloud-Imagespublic2019-11-20 03:09
Status newResolutionopen 
Product Version7.7-1908 
Target VersionFixed in Version 
Summary0016753: httpd unable to execute `/usr/bin/placement-api`
DescriptionAttempting to run queries against the placement API results in the following error in /var/log/placement/placement-api.log:
AH01630: client denied by server configuration: /usr/bin/placement-api

Example commands which generate this error include the following two, taken directly from the install documentation (
openstack --os-placement-api-version 1.2 resource class list --sort-column name
openstack --os-placement-api-version 1.6 trait list --sort-column name

This is because the standard `00-placement-api.conf` file does not grant access for apache to execute the `/usr/bin/placement-api` script.

While some sources on the internet encourage users to edit this file to allow anyone access to everything in the `/usr/bin` directory, restricting this access to just the `placement-api` script seems like a much saner compromise.

The following lines may be added to the bottom of the `<VirtualHost>` directive, right above the `</VirtualHost>` line:

  <Directory /usr/bin>
    Require all denied
    <Files "placement-api">
        Require all granted
        Require not env blockAccess
Steps To Reproduce1) Install Keystone, Glance, and Placement as per the documentation (
2) Execute a command against the placement API
e.g. `openstack --os-placement-api-version 1.2 resource class list --sort-column name` or `openstack --os-placement-api-version 1.6 trait list --sort-column name`
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-11-20 03:09 anthonypants New Issue