本文汇总了使用OOS时的常见问题。
- 子账户进行操作,报错:User has no permission to do the action: (ListTemplates)
- 子账户进行操作,报错:User has no permission to do the action: (PassRole)
- 执行模板时遇到报错:Assumes role failed. Code: EntityNotExist.Role, msg: The role not exists: acs:ram::111111:role/OOSServiceRole.
- 执行模板时报错:Assumes role failed. Code: NoPermission, msg: You are not authorized to do this action. You should be authorized by RAM.
子账户进行操作,报错:User has no permission to do the action: (ListTemplates)
原因:子账户权限不够,不能执行OOS的指定API。
解决办法:以管理员或者主账户身份,登录RAM控制台,对报错的子账户进行适当授权,授权范围可以是相关API,也可是所有API,下面样例"Action": "oos:*"
则是对所有API授权,详情请参见账户访问控制。
{
"Statement": [
{
"Effect": "Allow",
"Action": "oos:*",
"Resource": "*"
}
],
"Version": "1"
}
子账户进行操作,报错:User has no permission to do the action: (PassRole)
原因:子账户没有PassRole权限,不能以指定的Role执行运维编排。
解决办法:以管理员或者主账户身份,在RAM控制台,对子账户做适当的PassRole授权,参见账户访问控制。
{
"Statement": [
{
"Effect": "Allow",
"Action": "oos:*",
"Resource": "*"
}
],
"Version": "1"
}
执行模板时遇到报错:Assumes role failed. Code: EntityNotExist.Role, msg: The role not exists: acs:ram::111111:role/OOSServiceRole.
原因:没有为OOS服务创建默认的RAM角色。
解决办法:主账户或者管理员登录RAM控制台>的RAM访问控制,增加对应的RAM角色OOSServiceRole。请参见为OOS服务设置RAM权限。
执行模板时报错:Assumes role failed. Code: NoPermission, msg: You are not authorized to do this action. You should be authorized by RAM.
原因: 对应的RAM角色没有给OOS服务配置信任策略。
解决办法:主账户或者管理员登录RAM控制台的RAM访问控制,增加对应的RAM角色OOSServiceRole。请参见为OOS服务设置RAM权限。
{
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"oos.aliyuncs.com"
]
}
}
],
"Version": "1"
}