<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn <span dir="ltr"><<a href="mailto:logank@wolfram.com" target="_blank">logank@wolfram.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div style="font-family:arial;font-size:12pt;color:rgb(0,0,0)"><div>Thank you for your response, but unfortunately it still doesn't work.</div><div><br></div><div>I can do cinder-ey things from the command line, including cinder list, type-show, create. The keystonerc_admin file that I use matches yours with the relevant bits changed for my environment, password, region etc. I've filled out the External Provider dialog with the admin user, cinder user and a new user. The dialog reports that it Failed to communicate with the external provider and to consult the log. The log reports the following:</div><div><br></div><div>2016-08-31 08:04:21,518 INFO [org.ovirt.engine.core.bll.<wbr>provider.<wbr>TestProviderConnectivityComman<wbr>d] (default task-46) [20342b40] Running command: TestProviderConnectivityComman<wbr>d internal: false. Entities affected : ID: aaa00000-0000-0000-0000-<wbr>123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.<wbr>provider.storage.<wbr>AbstractOpenStackStorageProvid<wbr>erProxy] (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401)<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.<wbr>provider.<wbr>TestProviderConnectivityComman<wbr>d] (default task-46) [20342b40] Command 'org.ovirt.engine.core.bll.<wbr>provider.<wbr>TestProviderConnectivityComman<wbr>d' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050)<br></div><div><br></div><div>Which is very obvious that the username/auth that ovirt is sending isn't allowed to create, but it's using the same username/password that's in the keystonerc_admin file that I can do various command line things with.</div><div><br></div><div>This is my keystonerc_admin file:</div><div><br></div><div>OS_AUTH_URL=<a href="http://10.128.7.252:5000/v3" target="_blank">http://10.128.7.<wbr>252:5000/v3</a><br>OS_PASSWORD=adminpass<br>OS_PROJECT_DOMAIN_NAME=default<br>OS_PROJECT_NAME=admin<br>OS_REGION_NAME=WRI<br>OS_TENANT_NAME=admin<br>OS_USERNAME=admin<br>OS_USER_DOMAIN_NAME=default</div><div><br></div><div>I had to make add certain fields and change the auth url to v3 otherwise it reported either a malformed URL or more commonly, 401 Unauthorized. Which made me wonder if it's a compatibility issue with the v3 API. I've been working with Openstack Mitaka and ovirt 4.0.2 and 4.0.3</div></div></div></blockquote><div><br></div><div>For keystone authentication, we support v2.0. </div><div>Have you tried '<a href="http://10.128.7.252:5000/v2.0">http://10.128.7.252:5000/v2.0</a>' as authentication URL on add provider dialog?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div style="font-family:arial;font-size:12pt;color:rgb(0,0,0)"><div><br></div><div>Regards,<br>Logan</div><div><div class="gmail-h5"><br><span>----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov <<a href="mailto:ngavrilo@redhat.com" target="_blank">ngavrilo@redhat.com</a>> wrote:<br></span><div><blockquote style="border-left-width:2px;border-left-style:solid;border-left-color:rgb(16,16,255);margin-left:5px;padding-left:5px;color:rgb(0,0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:helvetica,arial,sans-serif;font-size:12pt"><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div>Hi Logen,<br></div><br><div>I'll refer only to<strong> using authentication</strong>, because I had configured it previously. </div><div>This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone</div><div>I'm using keystonerc file, example keystonerc_admin:<br></div><div>------------------------------<wbr>------------------------------<wbr>----------------<br></div><div>unset OS_SERVICE_TOKEN<br>export OS_USERNAME=admin<br>export OS_PASSWORD=password<br>export OS_AUTH_URL=<a href="http://CINDER-HOST:5000/v2.0" target="_blank">http://CINDER-<wbr>HOST:5000/v2.0</a><br>export PS1='[\u@\h \W(keystone_admin)]\$ '<br><br>export OS_TENANT_NAME=admin<br>export OS_REGION_NAME=RegionOne<br>------------------------------<wbr>------------------------------<wbr>----------------<br></div><br><div>This will be step by step as much as possible just to make sure nothing is missed (assuming Cinder and Ceph are configured correctly).<br></div><br><div>Go to: <br>External providers -> Add<br>Fill in the fields:<br>Name:<br>Type: <strong><span>OpenStack Volume</span></strong><br>Provider url: <a href="http://ogofen-cinder.scl.lab.tlv.redhat.com:8776" title="Linkification: http://ogofen-cinder.scl.lab.tlv.redhat.com:8776" target="_blank">http://CINDER_HOST:8776</a><br>Check "Requires Authentication" </div><br><div>Fill in the information, this is an example:<br></div><div>Username: admin<br>Password: password<br>Tenant name: admin<br>Authentication URL: <a href="http://natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" title="Linkification: http://natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" target="_blank">http://CINDER-HOST:5000/v2.0</a><br></div><br><div>Test should return <strong>"Test succeeded, managed to access provider."</strong> <br>Now click Ok.<br></div><br><br><div><strong><span style="text-decoration:underline">Now lets configure additional information:</span></strong><br></div><br><div>Lower pane: <strong>Authentication Keys</strong><br>Click on: New<br>Fill in <strong>UUID</strong> field with rbd_secret_uuid <br>and <strong>value</strong>:which is the key (it's in /etc/ceph/ceph.client.<wbr>USERNAME.keyring)<br></div><br><div><br>Hope this helps..<br></div><br><div>Regards,<br></div><div>Natalie<br></div><div><br><hr><br>From: "Aharon Canan" <<a href="mailto:acanan@redhat.com" title="Linkification: mailto:acanan@redhat.com" target="_blank">acanan@redhat.com</a>><br>To: "Natalie Gavrilov" <<a href="mailto:ngavrilo@redhat.com" title="Linkification: mailto:ngavrilo@redhat.com" target="_blank">ngavrilo@redhat.com</a>><br>Sent: Wednesday, August 31, 2016 8:53:22 AM<br>Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder<br></div><br><div>Hi<br></div><br><div>Can you help with below?<br>This is community email and will be great if you can help this guy.<br></div><br><div>Aharon<br>---------- Forwarded message ----------<br>From: Logan Kuhn <<a href="mailto:logank@wolfram.com" title="Linkification: mailto:logank@wolfram.com" target="_blank">logank@wolfram.com</a>><br>Date: Tue, Aug 30, 2016 at 11:07 PM<br>Subject: [ovirt-users] Unable to backend oVirt with Cinder<br>To: users <<a href="mailto:users@ovirt.org" title="Linkification: mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br></div><br><div><br>I've got Cinder configured and pointed at Ceph for it's back end storage.<br>I can run ceph commands on the cinder machine and cinder is configured for<br>noauth and I've also tried it with Keystone for auth. I can run various<br>cinder commands and it'll return as expected.<br></div><br><div>When I configure it in oVirt it'll add the external provider fine, but when<br>I go to create a disk it doesn't populate the volume type field, it's just<br>empty. The corresponding command for cinder: cinder type-list and cinder<br>type-show <name> returns fine and it is public.<br></div><br><div>Ovirt and Cinder are on the same host so it isn't a firewall issue.<br></div><br><div>Cinder config:<br>[DEFAULT]<br>rpc_backend = rabbit<br>#auth_strategy = keystone<br>auth_strategy = noauth<br>enabled_backends = ceph<br>#glance_api_servers = <a href="http://10.128.7.252:9292" title="Linkification: http://10.128.7.252:9292" target="_blank">http://10.128.7.252:9292</a><br>#glance_api_version = 2<br></div><br><div>#[keystone_authtoken]<br>#auth_uri = <a href="http://10.128.7.252:5000/v3" title="Linkification: http://10.128.7.252:5000/v3" target="_blank">http://10.128.7.252:5000/v3</a><br>#auth_url = <a href="http://10.128.7.252:35357/v3" title="Linkification: http://10.128.7.252:35357/v3" target="_blank">http://10.128.7.252:35357/v3</a><br>#auth_type = password<br>#memcached_servers = localhost:11211<br>#project_domain_name = default<br>#user_domain_name = default<br>#project_name = services<br>#username = user<br>#password = pass<br></div><br><div>[ceph]<br>volume_driver = cinder.volume.drivers.rbd.<wbr>RBDDriver<br>volume_backend_name = ceph<br>rbd_pool = ovirt-images<br>rbd_user = cinder<br>rbd_secret_uuid = <secret><br>rbd_ceph_conf = /etc/ceph/ceph.conf<br>rbd_flatten_volume_from_<wbr>snapshot = true<br>rbd_max_clone_depth = 5<br>rbd_store_chunk_size = 4<br>rados_connect_timeout = -1<br>#glance_api_version = 2<br></div><br><div>[database]<br>connection = postgresql://<a href="http://user:pass@10.128.2.33/cinder" title="Linkification: http://user:pass@10.128.2.33/cinder" target="_blank">user:pass@10.128.<wbr>2.33/cinder</a><br></div><br><div>[oslo_concurrency]<br>lock_path = /var/lib/cinder/tmp<br></div><br><div>[oslo_messaging_rabbit]<br>rabbit_host = localhost<br>rabbit_port = 5672<br>rabbit_userid = user<br>rabbit_password = pass<br></div><br><div>Regards,<br>Logan<br></div><br><div>______________________________<wbr>_________________<br>Users mailing list<br><a href="mailto:Users@ovirt.org" title="Linkification: mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br><a href="http://lists.ovirt.org/mailman/listinfo/users" title="Linkification: http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a></div></div><br></blockquote></div></div></div></div></div><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>