8:27 a.m.
------=_Part_51451550_1291166141.1472650055014
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Thank you for your response, but unfortunately it still doesn't work.
I can do cinder-ey things from the command line, including cinder list, type-show, create.
The keystonerc_admin file that I use matches yours with the relevant bits changed for my
environment, password, region etc. I've filled out the External Provider dialog with
the admin user, cinder user and a new user. The dialog reports that it Failed to
communicate with the external provider and to consult the log. The log reports the
following:
2016-08-31 08:04:21,518 INFO
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46)
[20342b40] Running command: TestProviderConnectivityCommand internal: false. Entities
affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group
CREATE_STORAGE_POOL with role type ADMIN
2016-08-31 08:04:21,546 ERROR
[org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy]
(default task-46) [20342b40] Unauthorized (OpenStack response error code: 401)
2016-08-31 08:04:21,546 ERROR
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46)
[20342b40] Command
'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed:
EngineException: (Failed with error PROVIDER_FAILURE and code 5050)
Which is very obvious that the username/auth that ovirt is sending isn't allowed to
create, but it's using the same username/password that's in the keystonerc_admin
file that I can do various command line things with.
This is my keystonerc_admin file:
OS_AUTH_URL=http://10.128.7.252:5000/v3
OS_PASSWORD=adminpass
OS_PROJECT_DOMAIN_NAME=default
OS_PROJECT_NAME=admin
OS_REGION_NAME=WRI
OS_TENANT_NAME=admin
OS_USERNAME=admin
OS_USER_DOMAIN_NAME=default
I had to make add certain fields and change the auth url to v3 otherwise it reported
either a malformed URL or more commonly, 401 Unauthorized. Which made me wonder if
it's a compatibility issue with the v3 API. I've been working with Openstack
Mitaka and ovirt 4.0.2 and 4.0.3
Regards,
Logan
----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov <ngavrilo(a)redhat.com> wrote:
| Hi Logen,
| I'll refer only to using authentication , because I had configured it
| previously.
| This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone
| I'm using keystonerc file, example keystonerc_admin:
| ----------------------------------------------------------------------------
| unset OS_SERVICE_TOKEN
| export OS_USERNAME=admin
| export OS_PASSWORD=password
| export OS_AUTH_URL=http://CINDER-HOST:5000/v2.0
| export PS1='[\u@\h \W(keystone_admin)]\$ '
| export OS_TENANT_NAME=admin
| export OS_REGION_NAME=RegionOne
| ----------------------------------------------------------------------------
| This will be step by step as much as possible just to make sure nothing is
| missed (assuming Cinder and Ceph are configured correctly).
| Go to:
| External providers -> Add
| Fill in the fields:
| Name:
| Type: OpenStack Volume
| Provider url: http://CINDER_HOST:8776
| Check "Requires Authentication"
| Fill in the information, this is an example:
| Username: admin
| Password: password
| Tenant name: admin
| Authentication URL: http://CINDER-HOST:5000/v2.0
| Test should return "Test succeeded, managed to access provider."
| Now click Ok.
| Now lets configure additional information:
| Lower pane: Authentication Keys
| Click on: New
| Fill in UUID field with rbd_secret_uuid
| and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring)
| Hope this helps..
| Regards,
| Natalie
| From: "Aharon Canan" < acanan(a)redhat.com >
| To: "Natalie Gavrilov" < ngavrilo(a)redhat.com >
| Sent: Wednesday, August 31, 2016 8:53:22 AM
| Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder
| Hi
| Can you help with below?
| This is community email and will be great if you can help this guy.
| Aharon
| ---------- Forwarded message ----------
| From: Logan Kuhn < logank(a)wolfram.com >
| Date: Tue, Aug 30, 2016 at 11:07 PM
| Subject: [ovirt-users] Unable to backend oVirt with Cinder
| To: users < users(a)ovirt.org >
| I've got Cinder configured and pointed at Ceph for it's back end storage.
| I can run ceph commands on the cinder machine and cinder is configured for
| noauth and I've also tried it with Keystone for auth. I can run various
| cinder commands and it'll return as expected.
| When I configure it in oVirt it'll add the external provider fine, but when
| I go to create a disk it doesn't populate the volume type field, it's just
| empty. The corresponding command for cinder: cinder type-list and cinder
| type-show <name> returns fine and it is public.
| Ovirt and Cinder are on the same host so it isn't a firewall issue.
| Cinder config:
| [DEFAULT]
| rpc_backend = rabbit
| #auth_strategy = keystone
| auth_strategy = noauth
| enabled_backends = ceph
| #glance_api_servers = http://10.128.7.252:9292
| #glance_api_version = 2
| #[keystone_authtoken]
| #auth_uri = http://10.128.7.252:5000/v3
| #auth_url = http://10.128.7.252:35357/v3
| #auth_type = password
| #memcached_servers = localhost:11211
| #project_domain_name = default
| #user_domain_name = default
| #project_name = services
| #username = user
| #password = pass
| [ceph]
| volume_driver = cinder.volume.drivers.rbd.RBDDriver
| volume_backend_name = ceph
| rbd_pool = ovirt-images
| rbd_user = cinder
| rbd_secret_uuid = <secret>
| rbd_ceph_conf = /etc/ceph/ceph.conf
| rbd_flatten_volume_from_snapshot = true
| rbd_max_clone_depth = 5
| rbd_store_chunk_size = 4
| rados_connect_timeout = -1
| #glance_api_version = 2
| [database]
| connection = postgresql:// user:pass@10.128.2.33/cinder
| [oslo_concurrency]
| lock_path = /var/lib/cinder/tmp
| [oslo_messaging_rabbit]
| rabbit_host = localhost
| rabbit_port = 5672
| rabbit_userid = user
| rabbit_password = pass
| Regards,
| Logan
| _______________________________________________
| Users mailing list
| Users(a)ovirt.org
| http://lists.ovirt.org/mailman/listinfo/users
------=_Part_51451550_1291166141.1472650055014
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"font-family: Arial; font-size: 12pt; color:
#0000=
00"><div>Thank you for your response, but unfortunately it still doesn't
wo=
rk.</div><div><br
data-mce-bogus=3D"1"></div><div>I can do cinder-ey things=
from the command line, including cinder list, type-show, create. The=
keystonerc_admin file that I use matches yours with the relevant bits chan=
ged for my environment, password, region etc. I've filled out the Ext=
ernal Provider dialog with the admin user, cinder user and a new user. &nbs=
p;The dialog reports that it Failed to communicate with the external provid=
er and to consult the log. The log reports the
following:</div><div><=
br data-mce-bogus=3D"1"></div><div>2016-08-31 08:04:21,518 INFO
[org.ovirt.=
engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46)=
[20342b40] Running command: TestProviderConnectivityCommand internal: fals=
e. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: Syste=
mAction group CREATE_STORAGE_POOL with role type ADMIN<br>2016-08-31 08:04:=
21,546 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackS=
torageProviderProxy] (default task-46) [20342b40] Unauthorized (OpenStack r=
esponse error code: 401)<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine=
.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [2034=
2b40] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityC=
ommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and co=
de 5050)<br></div><div><br
data-mce-bogus=3D"1"></div><div>Which is very ob=
vious that the username/auth that ovirt is sending isn't allowed to create,=
but it's using the same username/password that's in the keystonerc_admin f=
ile that I can do various command line things with.</div><div><br
data-mce-=
bogus=3D"1"></div><div>This is my keystonerc_admin
file:</div><div><br data=
-mce-bogus=3D"1"></div><div>OS_AUTH_URL=3Dhttp://10.128.7.252:5000/v3<br>OS=
_PASSWORD=3Dadminpass<br>OS_PROJECT_DOMAIN_NAME=3Ddefault<br>OS_PROJECT_NAM=
E=3Dadmin<br>OS_REGION_NAME=3DWRI<br>OS_TENANT_NAME=3Dadmin<br>OS_USERNAME=
=3Dadmin<br>OS_USER_DOMAIN_NAME=3Ddefault</div><div><br
data-mce-bogus=3D"1=
"></div><div>I had to make add certain fields and change the auth url
to v3=
otherwise it reported either a malformed URL or more commonly, 401 Un=
authorized. Which made me wonder if it's a compatibility issue with t=
he v3 API. I've been working with Openstack Mitaka and ovirt 4.0.2 an=
d 4.0.3</div><div><br></div><div
data-marker=3D"__SIG_PRE__">Regards,<br>Lo=
gan</div><br><span id=3D"zwchr"
data-marker=3D"__DIVIDER__">----- On Aug 31=
, 2016, at 6:07 AM, Natalie Gavrilov &lt;ngavrilo(a)redhat.com&gt;
wrote:<br>=
</span><div data-marker=3D"__QUOTED_TEXT__"><blockquote
style=3D"border-lef=
t: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; fon=
t-weight: normal; font-style: normal; text-decoration: none; font-family: H=
elvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style=3D"border-left:=
2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-=
weight: normal; font-style: normal; text-decoration: none; font-family: Hel=
vetica,Arial,sans-serif; font-size: 12pt;"><div style=3D"font-family:
arial=
,helvetica,sans-serif; font-size: 12pt; color: #000000;" data-mce-style=3D"=
font-family: arial,helvetica,sans-serif; font-size: 12pt; color: #000000;">=
<div>Hi Logen,<br></div><br><div>I'll refer only
to<strong> using authentic=
ation</strong>, because I had configured it previously. </div><div>This
mea=
ns: /etc/cinder/cinder.conf should have: auth_strategy =3D keystone</div><d=
iv>I'm using keystonerc file, example
keystonerc_admin:<br></div><div=
--------------------------------------------------------------------------=
--<br></div><div>unset OS_SERVICE_TOKEN<br>export
OS_USERNAME=3Dadmin<br>ex=
port OS_PASSWORD=3Dpassword<br>export OS_AUTH_URL=3Dhttp://CINDER-HOST:5000=
/v2.0<br>export PS1=3D'[\u@\h \W(keystone_admin)]\$
'<br><br>export OS_TENA=
NT_NAME=3Dadmin<br>export OS_REGION_NAME=3DRegionOne<br>-------------------=
---------------------------------------------------------<br></div><br><div=
This will be step by step as much as possible just to make sure
nothing is=
missed (assuming Cinder and Ceph are configured
correctly).<br></div><br><=
div>Go to: <br>External providers -> Add<br>Fill in the
fields:<br>Name:=
<br>Type: <strong><span class=3D"GEMOY02DCID"
id=3D"SubTabProviderGeneralVi=
ew_formPanel_col0_row1_value">OpenStack
Volume</span></strong><br>Provider =
url: <a class=3D"linkification-ext"
href=3D"http://ogofen-cinder.scl.lab.tl=
v.redhat.com:8776" title=3D"Linkification: http://ogofen-cinder.scl.lab.tlv=
.redhat.com:8776"
target=3D"_blank">http://CINDER_HOST:8776</a><br>Check "R=
equires Authentication" </div><br><div>Fill in the information,
this is an =
example:<br></div><div>Username: admin<br>Password:
password<br>Tenant name=
: admin<br>Authentication URL: <a class=3D"linkification-ext"
href=3D"http:=
//natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" title=3D"Linkification: =
http://natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0"
target=3D"_blank">h=
ttp://CINDER-HOST:5000/v2.0</a><br></div><br><div>Test
should return <stron=
g>"Test succeeded, managed to access provider."</strong> <br>Now
click Ok.<=
br></div><br><br><div><strong><span
style=3D"text-decoration: underline;" d=
ata-mce-style=3D"text-decoration: underline;">Now lets configure additional=
information:</span></strong><br></div><br><div>Lower
pane: <strong>Authent=
ication Keys</strong><br>Click on: New<br>Fill in
<strong>UUID</strong> fie=
ld with rbd_secret_uuid <br>and <strong>value</strong>:which is the key
(it=
's in
/etc/ceph/ceph.client.USERNAME.keyring)<br></div><br><div><br>Hope
th=
is
helps..<br></div><br><div>Regards,<br></div><div>Natalie<br></div><div><=
br><hr id=3D"zwchr"><br>From: "Aharon Canan"
<<a class=3D"linkification-=
ext" href=3D"mailto:acanan@redhat.com" title=3D"Linkification:
mailto:acana=
n(a)redhat.com"
target=3D"_blank">acanan(a)redhat.com</a>&gt;<br>To:
"Natalie G=
avrilov" <<a class=3D"linkification-ext"
href=3D"mailto:ngavrilo@redhat.=
com" title=3D"Linkification: mailto:ngavrilo@redhat.com"
target=3D"_blank">=
ngavrilo(a)redhat.com</a>&gt;<br>Sent: Wednesday, August 31, 2016 8:53:22
AM<=
br>Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder<br></div=
<br><div>Hi<br></div><br><div>Can
you help with below?<br>This is communit=
y email and will be great if you can
help this guy.<br></div><br><div>Aharo=
n<br>---------- Forwarded message ----------<br>From: Logan Kuhn <<a
cla=
ss=3D"linkification-ext" href=3D"mailto:logank@wolfram.com"
title=3D"Linkif=
ication: mailto:logank@wolfram.com"
target=3D"_blank">logank(a)wolfram.com</a=
><br>Date: Tue, Aug 30, 2016 at 11:07
PM<br>Subject: [ovirt-users] Unab=
le to backend oVirt with
Cinder<br>To: users <<a class=3D"linkification-=
ext" href=3D"mailto:users@ovirt.org" title=3D"Linkification:
mailto:users@o=
virt.org"
target=3D"_blank">users@ovirt.org</a>><br></div><br><div><br>I=
've got Cinder configured and pointed at Ceph for it's back end storage.<br=
I can run ceph commands on the cinder machine and cinder is configured
for=
<br>noauth and I've also tried it with Keystone for auth. I
can run v=
arious<br>cinder commands and it'll return as
expected.<br></div><br><div>W=
hen I configure it in oVirt it'll add the external provider fine, but when<=
br>I go to create a disk it doesn't populate the volume type field, it's ju=
st<br>empty. The corresponding command for cinder: cinder type-list a=
nd cinder<br>type-show <name> returns fine and it is
public.<br></div=
<br><div>Ovirt and Cinder are on the same host so it
isn't a firewall issu=
e.<br></div><br><div>Cinder
config:<br>[DEFAULT]<br>rpc_backend =3D rabbit<=
br>#auth_strategy =3D keystone<br>auth_strategy =3D
noauth<br>enabled_backe=
nds =3D ceph<br>#glance_api_servers =3D <a class=3D"linkification-ext"
href=
=3D"http://10.128.7.252:9292" title=3D"Linkification:
http://10.128.7.252:9=
292"
target=3D"_blank">http://10.128.7.252:9292</a><br>#glance_api_version
=
=3D 2<br></div><br><div>#[keystone_authtoken]<br>#auth_uri
=3D <a class=3D"=
linkification-ext" href=3D"http://10.128.7.252:5000/v3"
title=3D"Linkificat=
ion: http://10.128.7.252:5000/v3"
target=3D"_blank">http://10.128.7.252:500=
0/v3</a><br>#auth_url =3D <a class=3D"linkification-ext"
href=3D"http://10.=
128.7.252:35357/v3" title=3D"Linkification: http://10.128.7.252:35357/v3"
t=
arget=3D"_blank">http://10.128.7.252:35357/v3</a><br>#auth_type
=3D passwor=
d<br>#memcached_servers =3D localhost:11211<br>#project_domain_name =3D def=
ault<br>#user_domain_name =3D default<br>#project_name =3D
services<br>#use=
rname =3D user<br>#password =3D
pass<br></div><br><div>[ceph]<br>volume_dri=
ver =3D cinder.volume.drivers.rbd.RBDDriver<br>volume_backend_name =3D ceph=
<br>rbd_pool =3D ovirt-images<br>rbd_user =3D cinder<br>rbd_secret_uuid
=3D=
<secret><br>rbd_ceph_conf =3D
/etc/ceph/ceph.conf<br>rbd_flatten_vol=
ume_from_snapshot =3D true<br>rbd_max_clone_depth =3D 5<br>rbd_store_chunk_=
size =3D 4<br>rados_connect_timeout =3D -1<br>#glance_api_version =3D
2<br>=
</div><br><div>[database]<br>connection =3D postgresql://<a
class=3D"linkif=
ication-ext" href=3D"http://user:pass@10.128.2.33/cinder"
title=3D"Linkific=
ation: http://user:pass@10.128.2.33/cinder"
target=3D"_blank">user:pass@10.=
128.2.33/cinder</a><br></div><br><div>[oslo_concurrency]<br>lock_path
=3D /=
var/lib/cinder/tmp<br></div><br><div>[oslo_messaging_rabbit]<br>rabbit_host=
=3D localhost<br>rabbit_port =3D 5672<br>rabbit_userid =3D
user<br>rabbit_=
password =3D
pass<br></div><br><div>Regards,<br>Logan<br></div><br><div>___=
____________________________________________<br>Users mailing list<br><a
cl=
ass=3D"linkification-ext" href=3D"mailto:Users@ovirt.org"
title=3D"Linkific=
ation: mailto:Users@ovirt.org"
target=3D"_blank">Users(a)ovirt.org</a><br><a =
class=3D"linkification-ext"
href=3D"http://lists.ovirt.org/mailman/listinfo=
/users" title=3D"Linkification: http://lists.ovirt.org/mailman/listinfo/use=
rs"
target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/us...
v></div><br></blockquote></div></div></body></html>
------=_Part_51451550_1291166141.1472650055014--