<div><div style=3D"font-family:arial;font-size:12pt;color:rgb(0,0,0)"><br>= <div>Regards,<br>Logan</div><div><div class=3D"gmail-h5"><br><span>----- On= Aug 31, 2016, at 6:07 AM, Natalie Gavrilov <<a href=3D"mailto:ngavrilo@= redhat.com" target=3D"_blank">ngavrilo@redhat.com</a>> wrote:<br></span>= <div><blockquote style=3D"border-left-width:2px;border-left-style:solid;bor= der-left-color:rgb(16,16,255);margin-left:5px;padding-left:5px;color:rgb(0,= 0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:= helvetica,arial,sans-serif;font-size:12pt"><div style=3D"font-family:arial,= helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div>Hi Logen,<br></d= iv><br><div>I'll refer only to<strong> using authentication</strong>, becau= se I had configured it previously. </div><div>This means: /etc/cinder/cinde= r.conf should have: auth_strategy =3D keystone</div><div>I'm using ke= ystonerc file, example keystonerc_admin:<br></div><div>--------------------= --------------------------------------------------------<br></div><div>unse= t OS_SERVICE_TOKEN<br>export OS_USERNAME=3Dadmin<br>export OS_PASSWORD=3Dpa= ssword<br>export OS_AUTH_URL=3D<a href=3D"http://CINDER-HOST:5000/v2.0" tar= get=3D"_blank">http://CINDER-HOST:5000/v2.0</a><br>export PS1=3D'[\u@\h \W(= keystone_admin)]\$ '<br><br>export OS_TENANT_NAME=3Dadmin<br>export OS_REGI= ON_NAME=3DRegionOne<br>----------------------------------------------------= ------------------------<br></div><br><div>This will be step by step as muc= h as possible just to make sure nothing is missed (assuming Cinder and Ceph= are configured correctly).<br></div><br><div>Go to: <br>External providers= -> Add<br>Fill in the fields:<br>Name:<br>Type: <strong><span>OpenStack= Volume</span></strong><br>Provider url: <a href=3D"http://ogofen-cinder.sc= l.lab.tlv.redhat.com:8776" title=3D"Linkification: http://ogofen-cinder.scl= .lab.tlv.redhat.com:8776" target=3D"_blank">http://CINDER_HOST:8776</a><br>= Check "Requires Authentication" </div><br><div>Fill in the information, thi= s is an example:<br></div><div>Username: admin<br>Password: password<br>Ten= ant name: admin<br>Authentication URL: <a href=3D"http://natalie-cinder.scl= .lab.tlv.redhat.com:5000/v2.0" title=3D"Linkification: http://natalie-cinde= r.scl.lab.tlv.redhat.com:5000/v2.0" target=3D"_blank">http://CINDER-HOST:50= 00/v2.0</a><br></div><br><div>Test should return <strong>"Test succeeded, m= anaged to access provider."</strong> <br>Now click Ok.<br></div><br><br><di= v><strong><span style=3D"text-decoration:underline">Now lets configure addi= tional information:</span></strong><br></div><br><div>Lower pane: <strong>A= uthentication Keys</strong><br>Click on: New<br>Fill in <strong>UUID</stron= g> field with rbd_secret_uuid <br>and <strong>value</strong>:which is the k= ey (it's in /etc/ceph/ceph.client.USERNAME.keyring)<br></div><br><div><br>H= ope this helps..<br></div><br><div>Regards,<br></div><div>Natalie<br></div>= <div><br><hr><br>From: "Aharon Canan" <<a href=3D"mailto:acanan@redhat.c= om" title=3D"Linkification: mailto:acanan@redhat.com" target=3D"_blank">aca= nan@redhat.com</a>><br>To: "Natalie Gavrilov" <<a href=3D"mailto:ngav= rilo@redhat.com" title=3D"Linkification: mailto:ngavrilo@redhat.com" target= =3D"_blank">ngavrilo@redhat.com</a>><br>Sent: Wednesday, August 31, 2016= 8:53:22 AM<br>Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cin= der<br></div><br><div>Hi<br></div><br><div>Can you help with below?<br>This= is community email and will be great if you can help this guy.<br></div><b= r><div>Aharon<br>---------- Forwarded message ----------<br>From: Logan Kuh= n <<a href=3D"mailto:logank@wolfram.com" title=3D"Linkification: mailto:= logank@wolfram.com" target=3D"_blank">logank@wolfram.com</a>><br>Date: T= ue, Aug 30, 2016 at 11:07 PM<br>Subject: [ovirt-users] Unable to backend oV= irt with Cinder<br>To: users <<a href=3D"mailto:users@ovirt.org" title= =3D"Linkification: mailto:users@ovirt.org" target=3D"_blank">users@ovirt.or= g</a>><br></div><br><div><br>I've got Cinder configured and pointed at C= eph for it's back end storage.<br>I can run ceph commands on the cinder mac= hine and cinder is configured for<br>noauth and I've also tried it with Key= stone for auth. I can run various<br>cinder commands and it'll return= as expected.<br></div><br><div>When I configure it in oVirt it'll add the = external provider fine, but when<br>I go to create a disk it doesn't popula= te the volume type field, it's just<br>empty. The corresponding comma= nd for cinder: cinder type-list and cinder<br>type-show <name> return= s fine and it is public.<br></div><br><div>Ovirt and Cinder are on the same= host so it isn't a firewall issue.<br></div><br><div>Cinder config:<br>[DE= FAULT]<br>rpc_backend =3D rabbit<br>#auth_strategy =3D keystone<br>auth_str= ategy =3D noauth<br>enabled_backends =3D ceph<br>#glance_api_servers =3D <a=
------=_Part_51946820_485696074.1472737687754 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Yep, changing to keystone v2 is what did it. I had previously tried v1 and v3. Thank you both Regards, Logan ----- On Sep 1, 2016, at 1:57 AM, Daniel Erez <derez@redhat.com> wrote: | On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn < logank@wolfram.com > wrote: || Thank you for your response, but unfortunately it still doesn't work. || I can do cinder-ey things from the command line, including cinder list, || type-show, create. The keystonerc_admin file that I use matches yours with the || relevant bits changed for my environment, password, region etc. I've filled out || the External Provider dialog with the admin user, cinder user and a new user. || The dialog reports that it Failed to communicate with the external provider and || to consult the log. The log reports the following: || 2016-08-31 08:04:21,518 INFO || [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default || task-46) [20342b40] Running command: TestProviderConnectivityCommand internal: || false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: || SystemAction group CREATE_STORAGE_POOL with role type ADMIN || 2016-08-31 08:04:21,546 ERROR || [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] || (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401) || 2016-08-31 08:04:21,546 ERROR || [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default || task-46) [20342b40] Command || 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: || EngineException: (Failed with error PROVIDER_FAILURE and code 5050) || Which is very obvious that the username/auth that ovirt is sending isn't allowed || to create, but it's using the same username/password that's in the || keystonerc_admin file that I can do various command line things with. || This is my keystonerc_admin file: || OS_AUTH_URL= http://10.128.7.252:5000/v3 || OS_PASSWORD=adminpass || OS_PROJECT_DOMAIN_NAME=default || OS_PROJECT_NAME=admin || OS_REGION_NAME=WRI || OS_TENANT_NAME=admin || OS_USERNAME=admin || OS_USER_DOMAIN_NAME=default || I had to make add certain fields and change the auth url to v3 otherwise it || reported either a malformed URL or more commonly, 401 Unauthorized. Which made || me wonder if it's a compatibility issue with the v3 API. I've been working with || Openstack Mitaka and ovirt 4.0.2 and 4.0.3 | For keystone authentication, we support v2.0. | Have you tried ' http://10.128.7.252:5000/v2.0 ' as authentication URL on add | provider dialog? || Regards, || Logan || ----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov < ngavrilo@redhat.com > || wrote: ||| Hi Logen, ||| I'll refer only to using authentication , because I had configured it ||| previously. ||| This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone ||| I'm using keystonerc file, example keystonerc_admin: ||| ---------------------------------------------------------------------------- ||| unset OS_SERVICE_TOKEN ||| export OS_USERNAME=admin ||| export OS_PASSWORD=password ||| export OS_AUTH_URL= http://CINDER-HOST:5000/v2.0 ||| export PS1='[\u@\h \W(keystone_admin)]\$ ' ||| export OS_TENANT_NAME=admin ||| export OS_REGION_NAME=RegionOne ||| ---------------------------------------------------------------------------- ||| This will be step by step as much as possible just to make sure nothing is ||| missed (assuming Cinder and Ceph are configured correctly). ||| Go to: ||| External providers -> Add ||| Fill in the fields: ||| Name: ||| Type: OpenStack Volume ||| Provider url: http://CINDER_HOST:8776 ||| Check "Requires Authentication" ||| Fill in the information, this is an example: ||| Username: admin ||| Password: password ||| Tenant name: admin ||| Authentication URL: http://CINDER-HOST:5000/v2.0 ||| Test should return "Test succeeded, managed to access provider." ||| Now click Ok. ||| Now lets configure additional information: ||| Lower pane: Authentication Keys ||| Click on: New ||| Fill in UUID field with rbd_secret_uuid ||| and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring) ||| Hope this helps.. ||| Regards, ||| Natalie ||| From: "Aharon Canan" < acanan@redhat.com > ||| To: "Natalie Gavrilov" < ngavrilo@redhat.com > ||| Sent: Wednesday, August 31, 2016 8:53:22 AM ||| Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder ||| Hi ||| Can you help with below? ||| This is community email and will be great if you can help this guy. ||| Aharon ||| ---------- Forwarded message ---------- ||| From: Logan Kuhn < logank@wolfram.com > ||| Date: Tue, Aug 30, 2016 at 11:07 PM ||| Subject: [ovirt-users] Unable to backend oVirt with Cinder ||| To: users < users@ovirt.org > ||| I've got Cinder configured and pointed at Ceph for it's back end storage. ||| I can run ceph commands on the cinder machine and cinder is configured for ||| noauth and I've also tried it with Keystone for auth. I can run various ||| cinder commands and it'll return as expected. ||| When I configure it in oVirt it'll add the external provider fine, but when ||| I go to create a disk it doesn't populate the volume type field, it's just ||| empty. The corresponding command for cinder: cinder type-list and cinder ||| type-show <name> returns fine and it is public. ||| Ovirt and Cinder are on the same host so it isn't a firewall issue. ||| Cinder config: ||| [DEFAULT] ||| rpc_backend = rabbit ||| #auth_strategy = keystone ||| auth_strategy = noauth ||| enabled_backends = ceph ||| #glance_api_servers = http://10.128.7.252:9292 ||| #glance_api_version = 2 ||| #[keystone_authtoken] ||| #auth_uri = http://10.128.7.252:5000/v3 ||| #auth_url = http://10.128.7.252:35357/v3 ||| #auth_type = password ||| #memcached_servers = localhost:11211 ||| #project_domain_name = default ||| #user_domain_name = default ||| #project_name = services ||| #username = user ||| #password = pass ||| [ceph] ||| volume_driver = cinder.volume.drivers.rbd.RBDDriver ||| volume_backend_name = ceph ||| rbd_pool = ovirt-images ||| rbd_user = cinder ||| rbd_secret_uuid = <secret> ||| rbd_ceph_conf = /etc/ceph/ceph.conf ||| rbd_flatten_volume_from_snapshot = true ||| rbd_max_clone_depth = 5 ||| rbd_store_chunk_size = 4 ||| rados_connect_timeout = -1 ||| #glance_api_version = 2 ||| [database] ||| connection = postgresql:// user:pass@10.128.2.33/cinder ||| [oslo_concurrency] ||| lock_path = /var/lib/cinder/tmp ||| [oslo_messaging_rabbit] ||| rabbit_host = localhost ||| rabbit_port = 5672 ||| rabbit_userid = user ||| rabbit_password = pass ||| Regards, ||| Logan ||| _______________________________________________ ||| Users mailing list ||| Users@ovirt.org ||| http://lists.ovirt.org/mailman/listinfo/users || _______________________________________________ || Users mailing list || Users@ovirt.org || http://lists.ovirt.org/mailman/listinfo/users ------=_Part_51946820_485696074.1472737687754 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: Arial; font-size: 12pt; color: #0000= 00"><div>Yep, changing to keystone v2 is what did it. I had previousl= y tried v1 and v3.</div><div><br data-mce-bogus=3D"1"></div><div>Thank you = both</div><div><br></div><div data-marker=3D"__SIG_PRE__">Regards,<br>Logan= </div><br><span id=3D"zwchr" data-marker=3D"__DIVIDER__">----- On Sep 1, 20= 16, at 1:57 AM, Daniel Erez <derez@redhat.com> wrote:<br></span><div = data-marker=3D"__QUOTED_TEXT__"><blockquote style=3D"border-left:2px solid = #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font= -style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;f= ont-size:12pt;"><div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div cl= ass=3D"gmail_quote">On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn <span dir= =3D"ltr"><<a href=3D"mailto:logank@wolfram.com" target=3D"_blank">logank= @wolfram.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" sty= le=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(= 204,204,204);border-left-style:solid;padding-left:1ex"><div><div style=3D"f= ont-family:arial;font-size:12pt;color:rgb(0,0,0)"><div>Thank you for your r= esponse, but unfortunately it still doesn't work.</div><br><div>I can do ci= nder-ey things from the command line, including cinder list, type-show, cre= ate. The keystonerc_admin file that I use matches yours with the rele= vant bits changed for my environment, password, region etc. I've fill= ed out the External Provider dialog with the admin user, cinder user and a = new user. The dialog reports that it Failed to communicate with the e= xternal provider and to consult the log. The log reports the followin= g:</div><br><div>2016-08-31 08:04:21,518 INFO [org.ovirt.engine.core.bll.pr= ovider.TestProviderConnectivityCommand] (default task-46) [20342b40] Runnin= g command: TestProviderConnectivityCommand internal: false. Entities affect= ed : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREA= TE_STORAGE_POOL with role type ADMIN<br>2016-08-31 08:04:21,546 ERROR [org.= ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProx= y] (default task-46) [20342b40] Unauthorized (OpenStack response error code= : 401)<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider= .TestProviderConnectivityCommand] (default task-46) [20342b40] Command 'org= .ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: En= gineException: (Failed with error PROVIDER_FAILURE and code 5050)<br></div>= <br><div>Which is very obvious that the username/auth that ovirt is sending= isn't allowed to create, but it's using the same username/password that's = in the keystonerc_admin file that I can do various command line things with= .</div><br><div>This is my keystonerc_admin file:</div><br><div>OS_AUTH_URL= =3D<a href=3D"http://10.128.7.252:5000/v3" target=3D"_blank">http://10.128.= 7.252:5000/v3</a><br>OS_PASSWORD=3Dadminpass<br>OS_PROJECT_DOMAIN_NAME=3Dde= fault<br>OS_PROJECT_NAME=3Dadmin<br>OS_REGION_NAME=3DWRI<br>OS_TENANT_NAME= =3Dadmin<br>OS_USERNAME=3Dadmin<br>OS_USER_DOMAIN_NAME=3Ddefault</div><br><= div>I had to make add certain fields and change the auth url to v3 oth= erwise it reported either a malformed URL or more commonly, 401 Unauthorize= d. Which made me wonder if it's a compatibility issue with the v3 API= . I've been working with Openstack Mitaka and ovirt 4.0.2 and 4.0.3</= div></div></div></blockquote><br><div>For keystone authentication, we suppo= rt v2.0. </div><div>Have you tried '<a href=3D"http://10.128.7.252:500= 0/v2.0" target=3D"_blank">http://10.128.7.252:5000/v2.0</a>' as authen= tication URL on add provider dialog?</div><div> </div><blockquote clas= s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;b= order-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"= href=3D"http://10.128.7.252:9292" title=3D"Linkification: http://10.128.7.= 252:9292" target=3D"_blank">http://10.128.7.252:9292</a><br>#glance_api_ver= sion =3D 2<br></div><br><div>#[keystone_authtoken]<br>#auth_uri =3D <a href= =3D"http://10.128.7.252:5000/v3" title=3D"Linkification: http://10.128.7.25= 2:5000/v3" target=3D"_blank">http://10.128.7.252:5000/v3</a><br>#auth_url = =3D <a href=3D"http://10.128.7.252:35357/v3" title=3D"Linkification: http:/= /10.128.7.252:35357/v3" target=3D"_blank">http://10.128.7.252:35357/v3</a><= br>#auth_type =3D password<br>#memcached_servers =3D localhost:11211<br>#pr= oject_domain_name =3D default<br>#user_domain_name =3D default<br>#project_= name =3D services<br>#username =3D user<br>#password =3D pass<br></div><br>= <div>[ceph]<br>volume_driver =3D cinder.volume.drivers.rbd.RBDDriver<br>vol= ume_backend_name =3D ceph<br>rbd_pool =3D ovirt-images<br>rbd_user =3D cind= er<br>rbd_secret_uuid =3D <secret><br>rbd_ceph_conf =3D /etc/ceph/cep= h.conf<br>rbd_flatten_volume_from_snapshot =3D true<br>rbd_max_clone_depth = =3D 5<br>rbd_store_chunk_size =3D 4<br>rados_connect_timeout =3D -1<br>#gla= nce_api_version =3D 2<br></div><br><div>[database]<br>connection =3D postgr= esql://<a href=3D"http://user:pass@10.128.2.33/cinder" title=3D"Linkificati= on: http://user:pass@10.128.2.33/cinder" target=3D"_blank">user:pass@10.128= .2.33/cinder</a><br></div><br><div>[oslo_concurrency]<br>lock_path =3D /var= /lib/cinder/tmp<br></div><br><div>[oslo_messaging_rabbit]<br>rabbit_host = =3D localhost<br>rabbit_port =3D 5672<br>rabbit_userid =3D user<br>rabbit_p= assword =3D pass<br></div><br><div>Regards,<br>Logan<br></div><br><div>____= ___________________________________________<br>Users mailing list<br><a hre= f=3D"mailto:Users@ovirt.org" title=3D"Linkification: mailto:Users@ovirt.org= " target=3D"_blank">Users@ovirt.org</a><br><a href=3D"http://lists.ovirt.or= g/mailman/listinfo/users" title=3D"Linkification: http://lists.ovirt.org/ma= ilman/listinfo/users" target=3D"_blank">http://lists.ovirt.org/mailman/list= info/users</a></div></div><br></blockquote></div></div></div></div></div><b= r>_______________________________________________<br> Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br=
<a href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer= " target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> <br></blockquote></div></div></div><br></blockquote></div></div></body></ht= ml> ------=_Part_51946820_485696074.1472737687754--