[ovirt-users] Unable to backend oVirt with Cinder

Logan Kuhn logank at wolfram.com
Thu Sep 1 13:48:07 UTC 2016 

Yep, changing to keystone v2 is what did it. I had previously tried v1 and v3. 

Thank you both 

Regards, 
Logan 

----- On Sep 1, 2016, at 1:57 AM, Daniel Erez <derez at redhat.com> wrote: 

| On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn < logank at wolfram.com > wrote:

|| Thank you for your response, but unfortunately it still doesn't work.

|| I can do cinder-ey things from the command line, including cinder list,
|| type-show, create. The keystonerc_admin file that I use matches yours with the
|| relevant bits changed for my environment, password, region etc. I've filled out
|| the External Provider dialog with the admin user, cinder user and a new user.
|| The dialog reports that it Failed to communicate with the external provider and
|| to consult the log. The log reports the following:

|| 2016-08-31 08:04:21,518 INFO
|| [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default
|| task-46) [20342b40] Running command: TestProviderConnectivityCommand internal:
|| false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type:
|| SystemAction group CREATE_STORAGE_POOL with role type ADMIN
|| 2016-08-31 08:04:21,546 ERROR
|| [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy]
|| (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401)
|| 2016-08-31 08:04:21,546 ERROR
|| [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default
|| task-46) [20342b40] Command
|| 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed:
|| EngineException: (Failed with error PROVIDER_FAILURE and code 5050)

|| Which is very obvious that the username/auth that ovirt is sending isn't allowed
|| to create, but it's using the same username/password that's in the
|| keystonerc_admin file that I can do various command line things with.

|| This is my keystonerc_admin file:

|| OS_AUTH_URL= http://10.128.7.252:5000/v3
|| OS_PASSWORD=adminpass
|| OS_PROJECT_DOMAIN_NAME=default
|| OS_PROJECT_NAME=admin
|| OS_REGION_NAME=WRI
|| OS_TENANT_NAME=admin
|| OS_USERNAME=admin
|| OS_USER_DOMAIN_NAME=default

|| I had to make add certain fields and change the auth url to v3 otherwise it
|| reported either a malformed URL or more commonly, 401 Unauthorized. Which made
|| me wonder if it's a compatibility issue with the v3 API. I've been working with
|| Openstack Mitaka and ovirt 4.0.2 and 4.0.3

| For keystone authentication, we support v2.0.
| Have you tried ' http://10.128.7.252:5000/v2.0 ' as authentication URL on add
| provider dialog?

|| Regards,
|| Logan

|| ----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov < ngavrilo at redhat.com >
|| wrote:

||| Hi Logen,

||| I'll refer only to using authentication , because I had configured it
||| previously.
||| This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone
||| I'm using keystonerc file, example keystonerc_admin:
||| ----------------------------------------------------------------------------
||| unset OS_SERVICE_TOKEN
||| export OS_USERNAME=admin
||| export OS_PASSWORD=password
||| export OS_AUTH_URL= http://CINDER-HOST:5000/v2.0
||| export PS1='[\u@\h \W(keystone_admin)]\$ '

||| export OS_TENANT_NAME=admin
||| export OS_REGION_NAME=RegionOne
||| ----------------------------------------------------------------------------

||| This will be step by step as much as possible just to make sure nothing is
||| missed (assuming Cinder and Ceph are configured correctly).

||| Go to:
||| External providers -> Add
||| Fill in the fields:
||| Name:
||| Type: OpenStack Volume
||| Provider url: http://CINDER_HOST:8776
||| Check "Requires Authentication"

||| Fill in the information, this is an example:
||| Username: admin
||| Password: password
||| Tenant name: admin
||| Authentication URL: http://CINDER-HOST:5000/v2.0

||| Test should return "Test succeeded, managed to access provider."
||| Now click Ok.

||| Now lets configure additional information:

||| Lower pane: Authentication Keys
||| Click on: New
||| Fill in UUID field with rbd_secret_uuid
||| and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring)

||| Hope this helps..

||| Regards,
||| Natalie

||| From: "Aharon Canan" < acanan at redhat.com >
||| To: "Natalie Gavrilov" < ngavrilo at redhat.com >
||| Sent: Wednesday, August 31, 2016 8:53:22 AM
||| Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder

||| Hi

||| Can you help with below?
||| This is community email and will be great if you can help this guy.

||| Aharon
||| ---------- Forwarded message ----------
||| From: Logan Kuhn < logank at wolfram.com >
||| Date: Tue, Aug 30, 2016 at 11:07 PM
||| Subject: [ovirt-users] Unable to backend oVirt with Cinder
||| To: users < users at ovirt.org >

||| I've got Cinder configured and pointed at Ceph for it's back end storage.
||| I can run ceph commands on the cinder machine and cinder is configured for
||| noauth and I've also tried it with Keystone for auth. I can run various
||| cinder commands and it'll return as expected.

||| When I configure it in oVirt it'll add the external provider fine, but when
||| I go to create a disk it doesn't populate the volume type field, it's just
||| empty. The corresponding command for cinder: cinder type-list and cinder
||| type-show <name> returns fine and it is public.

||| Ovirt and Cinder are on the same host so it isn't a firewall issue.

||| Cinder config:
||| [DEFAULT]
||| rpc_backend = rabbit
||| #auth_strategy = keystone
||| auth_strategy = noauth
||| enabled_backends = ceph
||| #glance_api_servers = http://10.128.7.252:9292
||| #glance_api_version = 2

||| #[keystone_authtoken]
||| #auth_uri = http://10.128.7.252:5000/v3
||| #auth_url = http://10.128.7.252:35357/v3
||| #auth_type = password
||| #memcached_servers = localhost:11211
||| #project_domain_name = default
||| #user_domain_name = default
||| #project_name = services
||| #username = user
||| #password = pass

||| [ceph]
||| volume_driver = cinder.volume.drivers.rbd.RBDDriver
||| volume_backend_name = ceph
||| rbd_pool = ovirt-images
||| rbd_user = cinder
||| rbd_secret_uuid = <secret>
||| rbd_ceph_conf = /etc/ceph/ceph.conf
||| rbd_flatten_volume_from_snapshot = true
||| rbd_max_clone_depth = 5
||| rbd_store_chunk_size = 4
||| rados_connect_timeout = -1
||| #glance_api_version = 2

||| [database]
||| connection = postgresql:// user:pass at 10.128.2.33/cinder

||| [oslo_concurrency]
||| lock_path = /var/lib/cinder/tmp

||| [oslo_messaging_rabbit]
||| rabbit_host = localhost
||| rabbit_port = 5672
||| rabbit_userid = user
||| rabbit_password = pass

||| Regards,
||| Logan

||| _______________________________________________
||| Users mailing list
||| Users at ovirt.org
||| http://lists.ovirt.org/mailman/listinfo/users

|| _______________________________________________
|| Users mailing list
|| Users at ovirt.org
|| http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160901/0c0421eb/attachment-0001.html>

More information about the Users mailing list