--------------------------------------------------------------------------= --<br></div><div>unset OS_SERVICE_TOKEN<br>export OS_USERNAME=3Dadmin<br>ex=
This will be step by step as much as possible just to make sure nothing is= missed (assuming Cinder and Ceph are configured correctly).<br></div><br><=
<br><div>Hi<br></div><br><div>Can you help with below?<br>This is communit= y email and will be great if you can help this guy.<br></div><br><div>Aharo= n<br>---------- Forwarded message ----------<br>From: Logan Kuhn <<a cla= ss=3D"linkification-ext" href=3D"mailto:logank@wolfram.com" title=3D"Linkif= ication: mailto:logank@wolfram.com" target=3D"_blank">logank@wolfram.com</a= ><br>Date: Tue, Aug 30, 2016 at 11:07 PM<br>Subject: [ovirt-users] Unab= le to backend oVirt with Cinder<br>To: users <<a class=3D"linkification-= ext" href=3D"mailto:users@ovirt.org" title=3D"Linkification: mailto:users@o= virt.org" target=3D"_blank">users@ovirt.org</a>><br></div><br><div><br>I= 've got Cinder configured and pointed at Ceph for it's back end storage.<br= I can run ceph commands on the cinder machine and cinder is configured for= <br>noauth and I've also tried it with Keystone for auth. I can run v= arious<br>cinder commands and it'll return as expected.<br></div><br><div>W= hen I configure it in oVirt it'll add the external provider fine, but when<= br>I go to create a disk it doesn't populate the volume type field, it's ju= st<br>empty. The corresponding command for cinder: cinder type-list a= nd cinder<br>type-show <name> returns fine and it is public.<br></div= <br><div>Ovirt and Cinder are on the same host so it isn't a firewall issu= e.<br></div><br><div>Cinder config:<br>[DEFAULT]<br>rpc_backend =3D rabbit<= br>#auth_strategy =3D keystone<br>auth_strategy =3D noauth<br>enabled_backe= nds =3D ceph<br>#glance_api_servers =3D <a class=3D"linkification-ext" href= =3D"http://10.128.7.252:9292" title=3D"Linkification: http://10.128.7.252:9= 292" target=3D"_blank">http://10.128.7.252:9292</a><br>#glance_api_version = =3D 2<br></div><br><div>#[keystone_authtoken]<br>#auth_uri =3D <a class=3D"=
------=_Part_51451550_1291166141.1472650055014 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Thank you for your response, but unfortunately it still doesn't work. I can do cinder-ey things from the command line, including cinder list, type-show, create. The keystonerc_admin file that I use matches yours with the relevant bits changed for my environment, password, region etc. I've filled out the External Provider dialog with the admin user, cinder user and a new user. The dialog reports that it Failed to communicate with the external provider and to consult the log. The log reports the following: 2016-08-31 08:04:21,518 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [20342b40] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401) 2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [20342b40] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050) Which is very obvious that the username/auth that ovirt is sending isn't allowed to create, but it's using the same username/password that's in the keystonerc_admin file that I can do various command line things with. This is my keystonerc_admin file: OS_AUTH_URL=http://10.128.7.252:5000/v3 OS_PASSWORD=adminpass OS_PROJECT_DOMAIN_NAME=default OS_PROJECT_NAME=admin OS_REGION_NAME=WRI OS_TENANT_NAME=admin OS_USERNAME=admin OS_USER_DOMAIN_NAME=default I had to make add certain fields and change the auth url to v3 otherwise it reported either a malformed URL or more commonly, 401 Unauthorized. Which made me wonder if it's a compatibility issue with the v3 API. I've been working with Openstack Mitaka and ovirt 4.0.2 and 4.0.3 Regards, Logan ----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov <ngavrilo@redhat.com> wrote: | Hi Logen, | I'll refer only to using authentication , because I had configured it | previously. | This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone | I'm using keystonerc file, example keystonerc_admin: | ---------------------------------------------------------------------------- | unset OS_SERVICE_TOKEN | export OS_USERNAME=admin | export OS_PASSWORD=password | export OS_AUTH_URL=http://CINDER-HOST:5000/v2.0 | export PS1='[\u@\h \W(keystone_admin)]\$ ' | export OS_TENANT_NAME=admin | export OS_REGION_NAME=RegionOne | ---------------------------------------------------------------------------- | This will be step by step as much as possible just to make sure nothing is | missed (assuming Cinder and Ceph are configured correctly). | Go to: | External providers -> Add | Fill in the fields: | Name: | Type: OpenStack Volume | Provider url: http://CINDER_HOST:8776 | Check "Requires Authentication" | Fill in the information, this is an example: | Username: admin | Password: password | Tenant name: admin | Authentication URL: http://CINDER-HOST:5000/v2.0 | Test should return "Test succeeded, managed to access provider." | Now click Ok. | Now lets configure additional information: | Lower pane: Authentication Keys | Click on: New | Fill in UUID field with rbd_secret_uuid | and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring) | Hope this helps.. | Regards, | Natalie | From: "Aharon Canan" < acanan@redhat.com > | To: "Natalie Gavrilov" < ngavrilo@redhat.com > | Sent: Wednesday, August 31, 2016 8:53:22 AM | Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder | Hi | Can you help with below? | This is community email and will be great if you can help this guy. | Aharon | ---------- Forwarded message ---------- | From: Logan Kuhn < logank@wolfram.com > | Date: Tue, Aug 30, 2016 at 11:07 PM | Subject: [ovirt-users] Unable to backend oVirt with Cinder | To: users < users@ovirt.org > | I've got Cinder configured and pointed at Ceph for it's back end storage. | I can run ceph commands on the cinder machine and cinder is configured for | noauth and I've also tried it with Keystone for auth. I can run various | cinder commands and it'll return as expected. | When I configure it in oVirt it'll add the external provider fine, but when | I go to create a disk it doesn't populate the volume type field, it's just | empty. The corresponding command for cinder: cinder type-list and cinder | type-show <name> returns fine and it is public. | Ovirt and Cinder are on the same host so it isn't a firewall issue. | Cinder config: | [DEFAULT] | rpc_backend = rabbit | #auth_strategy = keystone | auth_strategy = noauth | enabled_backends = ceph | #glance_api_servers = http://10.128.7.252:9292 | #glance_api_version = 2 | #[keystone_authtoken] | #auth_uri = http://10.128.7.252:5000/v3 | #auth_url = http://10.128.7.252:35357/v3 | #auth_type = password | #memcached_servers = localhost:11211 | #project_domain_name = default | #user_domain_name = default | #project_name = services | #username = user | #password = pass | [ceph] | volume_driver = cinder.volume.drivers.rbd.RBDDriver | volume_backend_name = ceph | rbd_pool = ovirt-images | rbd_user = cinder | rbd_secret_uuid = <secret> | rbd_ceph_conf = /etc/ceph/ceph.conf | rbd_flatten_volume_from_snapshot = true | rbd_max_clone_depth = 5 | rbd_store_chunk_size = 4 | rados_connect_timeout = -1 | #glance_api_version = 2 | [database] | connection = postgresql:// user:pass@10.128.2.33/cinder | [oslo_concurrency] | lock_path = /var/lib/cinder/tmp | [oslo_messaging_rabbit] | rabbit_host = localhost | rabbit_port = 5672 | rabbit_userid = user | rabbit_password = pass | Regards, | Logan | _______________________________________________ | Users mailing list | Users@ovirt.org | http://lists.ovirt.org/mailman/listinfo/users ------=_Part_51451550_1291166141.1472650055014 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: Arial; font-size: 12pt; color: #0000= 00"><div>Thank you for your response, but unfortunately it still doesn't wo= rk.</div><div><br data-mce-bogus=3D"1"></div><div>I can do cinder-ey things= from the command line, including cinder list, type-show, create. The= keystonerc_admin file that I use matches yours with the relevant bits chan= ged for my environment, password, region etc. I've filled out the Ext= ernal Provider dialog with the admin user, cinder user and a new user. &nbs= p;The dialog reports that it Failed to communicate with the external provid= er and to consult the log. The log reports the following:</div><div><= br data-mce-bogus=3D"1"></div><div>2016-08-31 08:04:21,518 INFO [org.ovirt.= engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46)= [20342b40] Running command: TestProviderConnectivityCommand internal: fals= e. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: Syste= mAction group CREATE_STORAGE_POOL with role type ADMIN<br>2016-08-31 08:04:= 21,546 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackS= torageProviderProxy] (default task-46) [20342b40] Unauthorized (OpenStack r= esponse error code: 401)<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine= .core.bll.provider.TestProviderConnectivityCommand] (default task-46) [2034= 2b40] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityC= ommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and co= de 5050)<br></div><div><br data-mce-bogus=3D"1"></div><div>Which is very ob= vious that the username/auth that ovirt is sending isn't allowed to create,= but it's using the same username/password that's in the keystonerc_admin f= ile that I can do various command line things with.</div><div><br data-mce-= bogus=3D"1"></div><div>This is my keystonerc_admin file:</div><div><br data= -mce-bogus=3D"1"></div><div>OS_AUTH_URL=3Dhttp://10.128.7.252:5000/v3<br>OS= _PASSWORD=3Dadminpass<br>OS_PROJECT_DOMAIN_NAME=3Ddefault<br>OS_PROJECT_NAM= E=3Dadmin<br>OS_REGION_NAME=3DWRI<br>OS_TENANT_NAME=3Dadmin<br>OS_USERNAME= =3Dadmin<br>OS_USER_DOMAIN_NAME=3Ddefault</div><div><br data-mce-bogus=3D"1= "></div><div>I had to make add certain fields and change the auth url to v3= otherwise it reported either a malformed URL or more commonly, 401 Un= authorized. Which made me wonder if it's a compatibility issue with t= he v3 API. I've been working with Openstack Mitaka and ovirt 4.0.2 an= d 4.0.3</div><div><br></div><div data-marker=3D"__SIG_PRE__">Regards,<br>Lo= gan</div><br><span id=3D"zwchr" data-marker=3D"__DIVIDER__">----- On Aug 31= , 2016, at 6:07 AM, Natalie Gavrilov <ngavrilo@redhat.com> wrote:<br>= </span><div data-marker=3D"__QUOTED_TEXT__"><blockquote style=3D"border-lef= t: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; fon= t-weight: normal; font-style: normal; text-decoration: none; font-family: H= elvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style=3D"border-left:= 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-= weight: normal; font-style: normal; text-decoration: none; font-family: Hel= vetica,Arial,sans-serif; font-size: 12pt;"><div style=3D"font-family: arial= ,helvetica,sans-serif; font-size: 12pt; color: #000000;" data-mce-style=3D"= font-family: arial,helvetica,sans-serif; font-size: 12pt; color: #000000;">= <div>Hi Logen,<br></div><br><div>I'll refer only to<strong> using authentic= ation</strong>, because I had configured it previously. </div><div>This mea= ns: /etc/cinder/cinder.conf should have: auth_strategy =3D keystone</div><d= iv>I'm using keystonerc file, example keystonerc_admin:<br></div><div= port OS_PASSWORD=3Dpassword<br>export OS_AUTH_URL=3Dhttp://CINDER-HOST:5000= /v2.0<br>export PS1=3D'[\u@\h \W(keystone_admin)]\$ '<br><br>export OS_TENA= NT_NAME=3Dadmin<br>export OS_REGION_NAME=3DRegionOne<br>-------------------= ---------------------------------------------------------<br></div><br><div= div>Go to: <br>External providers -> Add<br>Fill in the fields:<br>Name:= <br>Type: <strong><span class=3D"GEMOY02DCID" id=3D"SubTabProviderGeneralVi= ew_formPanel_col0_row1_value">OpenStack Volume</span></strong><br>Provider = url: <a class=3D"linkification-ext" href=3D"http://ogofen-cinder.scl.lab.tl= v.redhat.com:8776" title=3D"Linkification: http://ogofen-cinder.scl.lab.tlv= .redhat.com:8776" target=3D"_blank">http://CINDER_HOST:8776</a><br>Check "R= equires Authentication" </div><br><div>Fill in the information, this is an = example:<br></div><div>Username: admin<br>Password: password<br>Tenant name= : admin<br>Authentication URL: <a class=3D"linkification-ext" href=3D"http:= //natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" title=3D"Linkification: = http://natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" target=3D"_blank">h= ttp://CINDER-HOST:5000/v2.0</a><br></div><br><div>Test should return <stron= g>"Test succeeded, managed to access provider."</strong> <br>Now click Ok.<= br></div><br><br><div><strong><span style=3D"text-decoration: underline;" d= ata-mce-style=3D"text-decoration: underline;">Now lets configure additional= information:</span></strong><br></div><br><div>Lower pane: <strong>Authent= ication Keys</strong><br>Click on: New<br>Fill in <strong>UUID</strong> fie= ld with rbd_secret_uuid <br>and <strong>value</strong>:which is the key (it= 's in /etc/ceph/ceph.client.USERNAME.keyring)<br></div><br><div><br>Hope th= is helps..<br></div><br><div>Regards,<br></div><div>Natalie<br></div><div><= br><hr id=3D"zwchr"><br>From: "Aharon Canan" <<a class=3D"linkification-= ext" href=3D"mailto:acanan@redhat.com" title=3D"Linkification: mailto:acana= n@redhat.com" target=3D"_blank">acanan@redhat.com</a>><br>To: "Natalie G= avrilov" <<a class=3D"linkification-ext" href=3D"mailto:ngavrilo@redhat.= com" title=3D"Linkification: mailto:ngavrilo@redhat.com" target=3D"_blank">= ngavrilo@redhat.com</a>><br>Sent: Wednesday, August 31, 2016 8:53:22 AM<= br>Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder<br></div= linkification-ext" href=3D"http://10.128.7.252:5000/v3" title=3D"Linkificat= ion: http://10.128.7.252:5000/v3" target=3D"_blank">http://10.128.7.252:500= 0/v3</a><br>#auth_url =3D <a class=3D"linkification-ext" href=3D"http://10.= 128.7.252:35357/v3" title=3D"Linkification: http://10.128.7.252:35357/v3" t= arget=3D"_blank">http://10.128.7.252:35357/v3</a><br>#auth_type =3D passwor= d<br>#memcached_servers =3D localhost:11211<br>#project_domain_name =3D def= ault<br>#user_domain_name =3D default<br>#project_name =3D services<br>#use= rname =3D user<br>#password =3D pass<br></div><br><div>[ceph]<br>volume_dri= ver =3D cinder.volume.drivers.rbd.RBDDriver<br>volume_backend_name =3D ceph= <br>rbd_pool =3D ovirt-images<br>rbd_user =3D cinder<br>rbd_secret_uuid =3D= <secret><br>rbd_ceph_conf =3D /etc/ceph/ceph.conf<br>rbd_flatten_vol= ume_from_snapshot =3D true<br>rbd_max_clone_depth =3D 5<br>rbd_store_chunk_= size =3D 4<br>rados_connect_timeout =3D -1<br>#glance_api_version =3D 2<br>= </div><br><div>[database]<br>connection =3D postgresql://<a class=3D"linkif= ication-ext" href=3D"http://user:pass@10.128.2.33/cinder" title=3D"Linkific= ation: http://user:pass@10.128.2.33/cinder" target=3D"_blank">user:pass@10.= 128.2.33/cinder</a><br></div><br><div>[oslo_concurrency]<br>lock_path =3D /= var/lib/cinder/tmp<br></div><br><div>[oslo_messaging_rabbit]<br>rabbit_host= =3D localhost<br>rabbit_port =3D 5672<br>rabbit_userid =3D user<br>rabbit_= password =3D pass<br></div><br><div>Regards,<br>Logan<br></div><br><div>___= ____________________________________________<br>Users mailing list<br><a cl= ass=3D"linkification-ext" href=3D"mailto:Users@ovirt.org" title=3D"Linkific= ation: mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br><a = class=3D"linkification-ext" href=3D"http://lists.ovirt.org/mailman/listinfo= /users" title=3D"Linkification: http://lists.ovirt.org/mailman/listinfo/use= rs" target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/users</a></di= v></div><br></blockquote></div></div></body></html> ------=_Part_51451550_1291166141.1472650055014--