------=_Part_51451550_1291166141.1472650055014 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Thank you for your response, but unfortunately it still doesn't work. I can do cinder-ey things from the command line, including cinder list, type-show, create. The keystonerc_admin file that I use matches yours with the relevant bits changed for my environment, password, region etc. I've filled out the External Provider dialog with the admin user, cinder user and a new user. The dialog reports that it Failed to communicate with the external provider and to consult the log. The log reports the following: 2016-08-31 08:04:21,518 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [20342b40] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401) 2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [20342b40] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050) Which is very obvious that the username/auth that ovirt is sending isn't allowed to create, but it's using the same username/password that's in the keystonerc_admin file that I can do various command line things with. This is my keystonerc_admin file: OS_AUTH_URL=http://10.128.7.252:5000/v3 OS_PASSWORD=adminpass OS_PROJECT_DOMAIN_NAME=default OS_PROJECT_NAME=admin OS_REGION_NAME=WRI OS_TENANT_NAME=admin OS_USERNAME=admin OS_USER_DOMAIN_NAME=default I had to make add certain fields and change the auth url to v3 otherwise it reported either a malformed URL or more commonly, 401 Unauthorized. Which made me wonder if it's a compatibility issue with the v3 API. I've been working with Openstack Mitaka and ovirt 4.0.2 and 4.0.3 Regards, Logan ----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov <ngavrilo(a)redhat.com&gt; wrote: | Hi Logen, | I'll refer only to using authentication , because I had configured it | previously. | This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone | I'm using keystonerc file, example keystonerc_admin: | ---------------------------------------------------------------------------- | unset OS_SERVICE_TOKEN | export OS_USERNAME=admin | export OS_PASSWORD=password | export OS_AUTH_URL=http://CINDER-HOST:5000/v2.0 | export PS1='[\u@\h \W(keystone_admin)]\$ ' | export OS_TENANT_NAME=admin | export OS_REGION_NAME=RegionOne | ---------------------------------------------------------------------------- | This will be step by step as much as possible just to make sure nothing is | missed (assuming Cinder and Ceph are configured correctly). | Go to: | External providers -> Add | Fill in the fields: | Name: | Type: OpenStack Volume | Provider url: http://CINDER_HOST:8776 | Check "Requires Authentication" | Fill in the information, this is an example: | Username: admin | Password: password | Tenant name: admin | Authentication URL: http://CINDER-HOST:5000/v2.0 | Test should return "Test succeeded, managed to access provider." | Now click Ok. | Now lets configure additional information: | Lower pane: Authentication Keys | Click on: New | Fill in UUID field with rbd_secret_uuid | and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring) | Hope this helps.. | Regards, | Natalie | From: "Aharon Canan" < acanan(a)redhat.com > | To: "Natalie Gavrilov" < ngavrilo(a)redhat.com > | Sent: Wednesday, August 31, 2016 8:53:22 AM | Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder | Hi | Can you help with below? | This is community email and will be great if you can help this guy. | Aharon | ---------- Forwarded message ---------- | From: Logan Kuhn < logank(a)wolfram.com > | Date: Tue, Aug 30, 2016 at 11:07 PM | Subject: [ovirt-users] Unable to backend oVirt with Cinder | To: users < users(a)ovirt.org > | I've got Cinder configured and pointed at Ceph for it's back end storage. | I can run ceph commands on the cinder machine and cinder is configured for | noauth and I've also tried it with Keystone for auth. I can run various | cinder commands and it'll return as expected. | When I configure it in oVirt it'll add the external provider fine, but when | I go to create a disk it doesn't populate the volume type field, it's just | empty. The corresponding command for cinder: cinder type-list and cinder | type-show <name> returns fine and it is public. | Ovirt and Cinder are on the same host so it isn't a firewall issue. | Cinder config: | [DEFAULT] | rpc_backend = rabbit | #auth_strategy = keystone | auth_strategy = noauth | enabled_backends = ceph | #glance_api_servers = http://10.128.7.252:9292 | #glance_api_version = 2 | #[keystone_authtoken] | #auth_uri = http://10.128.7.252:5000/v3 | #auth_url = http://10.128.7.252:35357/v3 | #auth_type = password | #memcached_servers = localhost:11211 | #project_domain_name = default | #user_domain_name = default | #project_name = services | #username = user | #password = pass | [ceph] | volume_driver = cinder.volume.drivers.rbd.RBDDriver | volume_backend_name = ceph | rbd_pool = ovirt-images | rbd_user = cinder | rbd_secret_uuid = <secret> | rbd_ceph_conf = /etc/ceph/ceph.conf | rbd_flatten_volume_from_snapshot = true | rbd_max_clone_depth = 5 | rbd_store_chunk_size = 4 | rados_connect_timeout = -1 | #glance_api_version = 2 | [database] | connection = postgresql:// user:pass@10.128.2.33/cinder | [oslo_concurrency] | lock_path = /var/lib/cinder/tmp | [oslo_messaging_rabbit] | rabbit_host = localhost | rabbit_port = 5672 | rabbit_userid = user | rabbit_password = pass | Regards, | Logan | _______________________________________________ | Users mailing list | Users(a)ovirt.org | http://lists.ovirt.org/mailman/listinfo/users ------=_Part_51451550_1291166141.1472650055014 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: Arial; font-size: 12pt; color: #0000= 00"><div>Thank you for your response, but unfortunately it still doesn't wo= rk.</div><div><br data-mce-bogus=3D"1"></div><div>I can do cinder-ey things= from the command line, including cinder list, type-show, create. &nbsp;The= keystonerc_admin file that I use matches yours with the relevant bits chan= ged for my environment, password, region etc. &nbsp;I've filled out the Ext= ernal Provider dialog with the admin user, cinder user and a new user. &nbs= p;The dialog reports that it Failed to communicate with the external provid= er and to consult the log. &nbsp;The log reports the following:</div><div><= br data-mce-bogus=3D"1"></div><div>2016-08-31 08:04:21,518 INFO [org.ovirt.= engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46)= [20342b40] Running command: TestProviderConnectivityCommand internal: fals= e. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: Syste= mAction group CREATE_STORAGE_POOL with role type ADMIN<br>2016-08-31 08:04:= 21,546 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackS= torageProviderProxy] (default task-46) [20342b40] Unauthorized (OpenStack r= esponse error code: 401)<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine= .core.bll.provider.TestProviderConnectivityCommand] (default task-46) [2034= 2b40] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityC= ommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and co= de 5050)<br></div><div><br data-mce-bogus=3D"1"></div><div>Which is very ob= vious that the username/auth that ovirt is sending isn't allowed to create,= but it's using the same username/password that's in the keystonerc_admin f= ile that I can do various command line things with.</div><div><br data-mce-= bogus=3D"1"></div><div>This is my keystonerc_admin file:</div><div><br data= -mce-bogus=3D"1"></div><div>OS_AUTH_URL=3Dhttp://10.128.7.252:5000/v3<br>OS= _PASSWORD=3Dadminpass<br>OS_PROJECT_DOMAIN_NAME=3Ddefault<br>OS_PROJECT_NAM= E=3Dadmin<br>OS_REGION_NAME=3DWRI<br>OS_TENANT_NAME=3Dadmin<br>OS_USERNAME= =3Dadmin<br>OS_USER_DOMAIN_NAME=3Ddefault</div><div><br data-mce-bogus=3D"1= "></div><div>I had to make add certain fields and change the auth url to v3= &nbsp;otherwise it reported either a malformed URL or more commonly, 401 Un= authorized. &nbsp;Which made me wonder if it's a compatibility issue with t= he v3 API. &nbsp;I've been working with Openstack Mitaka and ovirt 4.0.2 an= d 4.0.3</div><div><br></div><div data-marker=3D"__SIG_PRE__">Regards,<br>Lo= gan</div><br><span id=3D"zwchr" data-marker=3D"__DIVIDER__">----- On Aug 31= , 2016, at 6:07 AM, Natalie Gavrilov &amp;lt;ngavrilo(a)redhat.com&amp;gt; wrote:<br>= </span><div data-marker=3D"__QUOTED_TEXT__"><blockquote style=3D"border-lef= t: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; fon= t-weight: normal; font-style: normal; text-decoration: none; font-family: H= elvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style=3D"border-left:= 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-= weight: normal; font-style: normal; text-decoration: none; font-family: Hel= vetica,Arial,sans-serif; font-size: 12pt;"><div style=3D"font-family: arial= ,helvetica,sans-serif; font-size: 12pt; color: #000000;" data-mce-style=3D"= font-family: arial,helvetica,sans-serif; font-size: 12pt; color: #000000;">= <div>Hi Logen,<br></div><br><div>I'll refer only to<strong> using authentic= ation</strong>, because I had configured it previously. </div><div>This mea= ns: /etc/cinder/cinder.conf should have: auth_strategy =3D keystone</div><d= iv>I'm using&nbsp; keystonerc file, example keystonerc_admin:<br></div><div= --<br></div><div>unset OS_SERVICE_TOKEN<br>export OS_USERNAME=3Dadmin<br>ex= port OS_PASSWORD=3Dpassword<br>export OS_AUTH_URL=3Dhttp://CINDER-HOST:5000= /v2.0<br>export PS1=3D'[\u@\h \W(keystone_admin)]\$ '<br><br>export OS_TENA= NT_NAME=3Dadmin<br>export OS_REGION_NAME=3DRegionOne<br>-------------------= ---------------------------------------------------------<br></div><br><div= missed (assuming Cinder and Ceph are configured correctly).<br></div><br><= div>Go to: <br>External providers -&gt; Add<br>Fill in the fields:<br>Name:= <br>Type: <strong><span class=3D"GEMOY02DCID" id=3D"SubTabProviderGeneralVi= ew_formPanel_col0_row1_value">OpenStack Volume</span></strong><br>Provider = url: <a class=3D"linkification-ext" href=3D"http://ogofen-cinder.scl.lab.tl= v.redhat.com:8776" title=3D"Linkification: http://ogofen-cinder.scl.lab.tlv= .redhat.com:8776" target=3D"_blank">http://CINDER_HOST:8776</a><br>Check "R= equires Authentication" </div><br><div>Fill in the information, this is an = example:<br></div><div>Username: admin<br>Password: password<br>Tenant name= : admin<br>Authentication URL: <a class=3D"linkification-ext" href=3D"http:= //natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" title=3D"Linkification: = http://natalie-cinder.scl.lab.tlv.redhat.com:5000/v2.0" target=3D"_blank">h= ttp://CINDER-HOST:5000/v2.0</a><br></div><br><div>Test should return <stron= g>"Test succeeded, managed to access provider."</strong> <br>Now click Ok.<= br></div><br><br><div><strong><span style=3D"text-decoration: underline;" d= ata-mce-style=3D"text-decoration: underline;">Now lets configure additional= information:</span></strong><br></div><br><div>Lower pane: <strong>Authent= ication Keys</strong><br>Click on: New<br>Fill in <strong>UUID</strong> fie= ld with rbd_secret_uuid <br>and <strong>value</strong>:which is the key (it= 's in /etc/ceph/ceph.client.USERNAME.keyring)<br></div><br><div><br>Hope th= is helps..<br></div><br><div>Regards,<br></div><div>Natalie<br></div><div><= br><hr id=3D"zwchr"><br>From: "Aharon Canan" &lt;<a class=3D"linkification-= ext" href=3D"mailto:acanan@redhat.com" title=3D"Linkification: mailto:acana= n(a)redhat.com&quot; target=3D&quot;_blank&quot;&gt;acanan(a)redhat.com&lt;/a&gt;&amp;gt;&lt;br&gt;To: "Natalie G= avrilov" &lt;<a class=3D"linkification-ext" href=3D"mailto:ngavrilo@redhat.= com" title=3D"Linkification: mailto:ngavrilo@redhat.com" target=3D"_blank">= ngavrilo(a)redhat.com&lt;/a&gt;&amp;gt;&lt;br&gt;Sent: Wednesday, August 31, 2016 8:53:22 AM<= br>Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder<br></div= y email and will be great if you can help this guy.<br></div><br><div>Aharo= n<br>---------- Forwarded message ----------<br>From: Logan Kuhn &lt;<a cla= ss=3D"linkification-ext" href=3D"mailto:logank@wolfram.com" title=3D"Linkif= ication: mailto:logank@wolfram.com" target=3D&quot;_blank&quot;&gt;logank(a)wolfram.com&lt;/a= le to backend oVirt with Cinder<br>To: users &lt;<a class=3D"linkification-= ext" href=3D"mailto:users@ovirt.org" title=3D"Linkification: mailto:users@o= virt.org" target=3D"_blank">users@ovirt.org</a>&gt;<br></div><br><div><br>I= 've got Cinder configured and pointed at Ceph for it's back end storage.<br= <br>noauth and I've also tried it with Keystone for auth. &nbsp;I can run v= arious<br>cinder commands and it'll return as expected.<br></div><br><div>W= hen I configure it in oVirt it'll add the external provider fine, but when<= br>I go to create a disk it doesn't populate the volume type field, it's ju= st<br>empty. &nbsp;The corresponding command for cinder: cinder type-list a= nd cinder<br>type-show &lt;name&gt; returns fine and it is public.<br></div= e.<br></div><br><div>Cinder config:<br>[DEFAULT]<br>rpc_backend =3D rabbit<= br>#auth_strategy =3D keystone<br>auth_strategy =3D noauth<br>enabled_backe= nds =3D ceph<br>#glance_api_servers =3D <a class=3D"linkification-ext" href= =3D"http://10.128.7.252:9292" title=3D"Linkification: http://10.128.7.252:9= 292" target=3D"_blank">http://10.128.7.252:9292</a><br>#glance_api_version = =3D 2<br></div><br><div>#[keystone_authtoken]<br>#auth_uri =3D <a class=3D"= linkification-ext" href=3D"http://10.128.7.252:5000/v3" title=3D"Linkificat= ion: http://10.128.7.252:5000/v3" target=3D"_blank">http://10.128.7.252:500= 0/v3</a><br>#auth_url =3D <a class=3D"linkification-ext" href=3D"http://10.= 128.7.252:35357/v3" title=3D"Linkification: http://10.128.7.252:35357/v3" t= arget=3D"_blank">http://10.128.7.252:35357/v3</a><br>#auth_type =3D passwor= d<br>#memcached_servers =3D localhost:11211<br>#project_domain_name =3D def= ault<br>#user_domain_name =3D default<br>#project_name =3D services<br>#use= rname =3D user<br>#password =3D pass<br></div><br><div>[ceph]<br>volume_dri= ver =3D cinder.volume.drivers.rbd.RBDDriver<br>volume_backend_name =3D ceph= <br>rbd_pool =3D ovirt-images<br>rbd_user =3D cinder<br>rbd_secret_uuid =3D= &lt;secret&gt;<br>rbd_ceph_conf =3D /etc/ceph/ceph.conf<br>rbd_flatten_vol= ume_from_snapshot =3D true<br>rbd_max_clone_depth =3D 5<br>rbd_store_chunk_= size =3D 4<br>rados_connect_timeout =3D -1<br>#glance_api_version =3D 2<br>= </div><br><div>[database]<br>connection =3D postgresql://<a class=3D"linkif= ication-ext" href=3D"http://user:pass@10.128.2.33/cinder" title=3D"Linkific= ation: http://user:pass@10.128.2.33/cinder" target=3D"_blank">user:pass@10.= 128.2.33/cinder</a><br></div><br><div>[oslo_concurrency]<br>lock_path =3D /= var/lib/cinder/tmp<br></div><br><div>[oslo_messaging_rabbit]<br>rabbit_host= =3D localhost<br>rabbit_port =3D 5672<br>rabbit_userid =3D user<br>rabbit_= password =3D pass<br></div><br><div>Regards,<br>Logan<br></div><br><div>___= ____________________________________________<br>Users mailing list<br><a cl= ass=3D"linkification-ext" href=3D"mailto:Users@ovirt.org" title=3D"Linkific= ation: mailto:Users@ovirt.org" target=3D&quot;_blank&quot;&gt;Users(a)ovirt.org&lt;/a&gt;&lt;br&gt;&lt;a = class=3D"linkification-ext" href=3D"http://lists.ovirt.org/mailman/listinfo= /users" title=3D"Linkification: http://lists.ovirt.org/mailman/listinfo/use= rs" target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/us... v></div><br></blockquote></div></div></body></html> ------=_Part_51451550_1291166141.1472650055014--

------=_Part_51946820_485696074.1472737687754 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Yep, changing to keystone v2 is what did it. I had previously tried v1 and v3. Thank you both Regards, Logan ----- On Sep 1, 2016, at 1:57 AM, Daniel Erez <derez(a)redhat.com&gt; wrote: | On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn < logank(a)wolfram.com > wrote: || Thank you for your response, but unfortunately it still doesn't work. || I can do cinder-ey things from the command line, including cinder list, || type-show, create. The keystonerc_admin file that I use matches yours with the || relevant bits changed for my environment, password, region etc. I've filled out || the External Provider dialog with the admin user, cinder user and a new user. || The dialog reports that it Failed to communicate with the external provider and || to consult the log. The log reports the following: || 2016-08-31 08:04:21,518 INFO || [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default || task-46) [20342b40] Running command: TestProviderConnectivityCommand internal: || false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: || SystemAction group CREATE_STORAGE_POOL with role type ADMIN || 2016-08-31 08:04:21,546 ERROR || [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] || (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401) || 2016-08-31 08:04:21,546 ERROR || [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default || task-46) [20342b40] Command || 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: || EngineException: (Failed with error PROVIDER_FAILURE and code 5050) || Which is very obvious that the username/auth that ovirt is sending isn't allowed || to create, but it's using the same username/password that's in the || keystonerc_admin file that I can do various command line things with. || This is my keystonerc_admin file: || OS_AUTH_URL= http://10.128.7.252:5000/v3 || OS_PASSWORD=adminpass || OS_PROJECT_DOMAIN_NAME=default || OS_PROJECT_NAME=admin || OS_REGION_NAME=WRI || OS_TENANT_NAME=admin || OS_USERNAME=admin || OS_USER_DOMAIN_NAME=default || I had to make add certain fields and change the auth url to v3 otherwise it || reported either a malformed URL or more commonly, 401 Unauthorized. Which made || me wonder if it's a compatibility issue with the v3 API. I've been working with || Openstack Mitaka and ovirt 4.0.2 and 4.0.3 | For keystone authentication, we support v2.0. | Have you tried ' http://10.128.7.252:5000/v2.0 ' as authentication URL on add | provider dialog? || Regards, || Logan || ----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov < ngavrilo(a)redhat.com || wrote: ||| Hi Logen, ||| I'll refer only to using authentication , because I had configured it ||| previously. ||| This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone ||| I'm using keystonerc file, example keystonerc_admin: ||| ---------------------------------------------------------------------------- ||| unset OS_SERVICE_TOKEN ||| export OS_USERNAME=admin ||| export OS_PASSWORD=password ||| export OS_AUTH_URL= http://CINDER-HOST:5000/v2.0 ||| export PS1='[\u@\h \W(keystone_admin)]\$ ' ||| export OS_TENANT_NAME=admin ||| export OS_REGION_NAME=RegionOne ||| ---------------------------------------------------------------------------- ||| This will be step by step as much as possible just to make sure nothing is ||| missed (assuming Cinder and Ceph are configured correctly). ||| Go to: ||| External providers -> Add ||| Fill in the fields: ||| Name: ||| Type: OpenStack Volume ||| Provider url: http://CINDER_HOST:8776 ||| Check "Requires Authentication" ||| Fill in the information, this is an example: ||| Username: admin ||| Password: password ||| Tenant name: admin ||| Authentication URL: http://CINDER-HOST:5000/v2.0 ||| Test should return "Test succeeded, managed to access provider." ||| Now click Ok. ||| Now lets configure additional information: ||| Lower pane: Authentication Keys ||| Click on: New ||| Fill in UUID field with rbd_secret_uuid ||| and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring) ||| Hope this helps.. ||| Regards, ||| Natalie ||| From: "Aharon Canan" < acanan(a)redhat.com ||| To: "Natalie Gavrilov" < ngavrilo(a)redhat.com ||| Sent: Wednesday, August 31, 2016 8:53:22 AM ||| Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder ||| Hi ||| Can you help with below? ||| This is community email and will be great if you can help this guy. ||| Aharon ||| ---------- Forwarded message ---------- ||| From: Logan Kuhn < logank(a)wolfram.com ||| Date: Tue, Aug 30, 2016 at 11:07 PM ||| Subject: [ovirt-users] Unable to backend oVirt with Cinder ||| To: users < users(a)ovirt.org ||| I've got Cinder configured and pointed at Ceph for it's back end storage. ||| I can run ceph commands on the cinder machine and cinder is configured for ||| noauth and I've also tried it with Keystone for auth. I can run various ||| cinder commands and it'll return as expected. ||| When I configure it in oVirt it'll add the external provider fine, but when ||| I go to create a disk it doesn't populate the volume type field, it's just ||| empty. The corresponding command for cinder: cinder type-list and cinder ||| type-show <name> returns fine and it is public. ||| Ovirt and Cinder are on the same host so it isn't a firewall issue. ||| Cinder config: ||| [DEFAULT] ||| rpc_backend = rabbit ||| #auth_strategy = keystone ||| auth_strategy = noauth ||| enabled_backends = ceph ||| #glance_api_servers = http://10.128.7.252:9292 ||| #glance_api_version = 2 ||| #[keystone_authtoken] ||| #auth_uri = http://10.128.7.252:5000/v3 ||| #auth_url = http://10.128.7.252:35357/v3 ||| #auth_type = password ||| #memcached_servers = localhost:11211 ||| #project_domain_name = default ||| #user_domain_name = default ||| #project_name = services ||| #username = user ||| #password = pass ||| [ceph] ||| volume_driver = cinder.volume.drivers.rbd.RBDDriver ||| volume_backend_name = ceph ||| rbd_pool = ovirt-images ||| rbd_user = cinder ||| rbd_secret_uuid = <secret||| rbd_ceph_conf = /etc/ceph/ceph.conf ||| rbd_flatten_volume_from_snapshot = true ||| rbd_max_clone_depth = 5 ||| rbd_store_chunk_size = 4 ||| rados_connect_timeout = -1 ||| #glance_api_version = 2 ||| [database] ||| connection = postgresql:// user:pass@10.128.2.33/cinder ||| [oslo_concurrency] ||| lock_path = /var/lib/cinder/tmp ||| [oslo_messaging_rabbit] ||| rabbit_host = localhost ||| rabbit_port = 5672 ||| rabbit_userid = user ||| rabbit_password = pass ||| Regards, ||| Logan ||| _______________________________________________ ||| Users mailing list ||| Users(a)ovirt.org ||| http://lists.ovirt.org/mailman/listinfo/users || _______________________________________________ || Users mailing list || Users(a)ovirt.org || http://lists.ovirt.org/mailman/listinfo/users ------=_Part_51946820_485696074.1472737687754 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: Arial; font-size: 12pt; color: #0000= 00"><div>Yep, changing to keystone v2 is what did it. &nbsp;I had previousl= y tried v1 and v3.</div><div><br data-mce-bogus=3D"1"></div><div>Thank you = both</div><div><br></div><div data-marker=3D"__SIG_PRE__">Regards,<br>Logan= </div><br><span id=3D"zwchr" data-marker=3D"__DIVIDER__">----- On Sep 1, 20= 16, at 1:57 AM, Daniel Erez &amp;lt;derez(a)redhat.com&amp;gt; wrote:<br></span><div = data-marker=3D"__QUOTED_TEXT__"><blockquote style=3D"border-left:2px solid = #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font= -style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;f= ont-size:12pt;"><div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div cl= ass=3D"gmail_quote">On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn <span dir= =3D"ltr">&lt;<a href=3D"mailto:logank@wolfram.com" target=3D"_blank">logank= @wolfram.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" sty= le=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(= 204,204,204);border-left-style:solid;padding-left:1ex"><div><div style=3D"f= ont-family:arial;font-size:12pt;color:rgb(0,0,0)"><div>Thank you for your r= esponse, but unfortunately it still doesn't work.</div><br><div>I can do ci= nder-ey things from the command line, including cinder list, type-show, cre= ate.&nbsp; The keystonerc_admin file that I use matches yours with the rele= vant bits changed for my environment, password, region etc.&nbsp; I've fill= ed out the External Provider dialog with the admin user, cinder user and a = new user.&nbsp; The dialog reports that it Failed to communicate with the e= xternal provider and to consult the log.&nbsp; The log reports the followin= g:</div><br><div>2016-08-31 08:04:21,518 INFO [org.ovirt.engine.core.bll.pr= ovider.TestProviderConnectivityCommand] (default task-46) [20342b40] Runnin= g command: TestProviderConnectivityCommand internal: false. Entities affect= ed : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREA= TE_STORAGE_POOL with role type ADMIN<br>2016-08-31 08:04:21,546 ERROR [org.= ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProx= y] (default task-46) [20342b40] Unauthorized (OpenStack response error code= : 401)<br>2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider= .TestProviderConnectivityCommand] (default task-46) [20342b40] Command 'org= .ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: En= gineException: (Failed with error PROVIDER_FAILURE and code 5050)<br></div>= <br><div>Which is very obvious that the username/auth that ovirt is sending= isn't allowed to create, but it's using the same username/password that's = in the keystonerc_admin file that I can do various command line things with= .</div><br><div>This is my keystonerc_admin file:</div><br><div>OS_AUTH_URL= =3D<a href=3D"http://10.128.7.252:5000/v3" target=3D"_blank">http://10.128.= 7.252:5000/v3</a><br>OS_PASSWORD=3Dadminpass<br>OS_PROJECT_DOMAIN_NAME=3Dde= fault<br>OS_PROJECT_NAME=3Dadmin<br>OS_REGION_NAME=3DWRI<br>OS_TENANT_NAME= =3Dadmin<br>OS_USERNAME=3Dadmin<br>OS_USER_DOMAIN_NAME=3Ddefault</div><br><= div>I had to make add certain fields and change the auth url to v3&nbsp;oth= erwise it reported either a malformed URL or more commonly, 401 Unauthorize= d.&nbsp; Which made me wonder if it's a compatibility issue with the v3 API= .&nbsp; I've been working with Openstack Mitaka and ovirt 4.0.2 and 4.0.3</= div></div></div></blockquote><br><div>For keystone authentication, we suppo= rt v2.0.&nbsp;</div><div>Have you tried '<a href=3D"http://10.128.7.252:500= 0/v2.0" target=3D"_blank">http://10.128.7.252:5000/v2.0</a>'&nbsp;as authen= tication URL on add provider dialog?</div><div>&nbsp;</div><blockquote clas= s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;b= order-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"= <div>Regards,<br>Logan</div><div><div class=3D"gmail-h5"><br><span>----- On= Aug 31, 2016, at 6:07 AM, Natalie Gavrilov &lt;<a href=3D"mailto:ngavrilo@= redhat.com" target=3D&quot;_blank&quot;&gt;ngavrilo(a)redhat.com&lt;/a&gt;&amp;gt; wrote:<br></span>= <div><blockquote style=3D"border-left-width:2px;border-left-style:solid;bor= der-left-color:rgb(16,16,255);margin-left:5px;padding-left:5px;color:rgb(0,= 0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:= helvetica,arial,sans-serif;font-size:12pt"><div style=3D"font-family:arial,= helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div>Hi Logen,<br></d= iv><br><div>I'll refer only to<strong> using authentication</strong>, becau= se I had configured it previously. </div><div>This means: /etc/cinder/cinde= r.conf should have: auth_strategy =3D keystone</div><div>I'm using&nbsp; ke= ystonerc file, example keystonerc_admin:<br></div><div>--------------------= --------------------------------------------------------<br></div><div>unse= t OS_SERVICE_TOKEN<br>export OS_USERNAME=3Dadmin<br>export OS_PASSWORD=3Dpa= ssword<br>export OS_AUTH_URL=3D<a href=3D"http://CINDER-HOST:5000/v2.0" tar= get=3D"_blank">http://CINDER-HOST:5000/v2.0</a><br>export PS1=3D'[\u@\h \W(= keystone_admin)]\$ '<br><br>export OS_TENANT_NAME=3Dadmin<br>export OS_REGI= ON_NAME=3DRegionOne<br>----------------------------------------------------= ------------------------<br></div><br><div>This will be step by step as muc= h as possible just to make sure nothing is missed (assuming Cinder and Ceph= are configured correctly).<br></div><br><div>Go to: <br>External providers= -&gt; Add<br>Fill in the fields:<br>Name:<br>Type: <strong><span>OpenStack= Volume</span></strong><br>Provider url: <a href=3D"http://ogofen-cinder.sc= l.lab.tlv.redhat.com:8776" title=3D"Linkification: http://ogofen-cinder.scl= .lab.tlv.redhat.com:8776" target=3D"_blank">http://CINDER_HOST:8776</a><br>= Check "Requires Authentication" </div><br><div>Fill in the information, thi= s is an example:<br></div><div>Username: admin<br>Password: password<br>Ten= ant name: admin<br>Authentication URL: <a href=3D"http://natalie-cinder.scl= .lab.tlv.redhat.com:5000/v2.0" title=3D"Linkification: http://natalie-cinde= r.scl.lab.tlv.redhat.com:5000/v2.0" target=3D"_blank">http://CINDER-HOST:50= 00/v2.0</a><br></div><br><div>Test should return <strong>"Test succeeded, m= anaged to access provider."</strong> <br>Now click Ok.<br></div><br><br><di= v><strong><span style=3D"text-decoration:underline">Now lets configure addi= tional information:</span></strong><br></div><br><div>Lower pane: <strong>A= uthentication Keys</strong><br>Click on: New<br>Fill in <strong>UUID</stron= g> field with rbd_secret_uuid <br>and <strong>value</strong>:which is the k= ey (it's in /etc/ceph/ceph.client.USERNAME.keyring)<br></div><br><div><br>H= ope this helps..<br></div><br><div>Regards,<br></div><div>Natalie<br></div>= <div><br><hr><br>From: "Aharon Canan" &lt;<a href=3D"mailto:acanan@redhat.c= om" title=3D"Linkification: mailto:acanan@redhat.com" target=3D"_blank">aca= nan(a)redhat.com&lt;/a&gt;&amp;gt;&lt;br&gt;To: "Natalie Gavrilov" &lt;<a href=3D"mailto:ngav= rilo(a)redhat.com&quot; title=3D"Linkification: mailto:ngavrilo@redhat.com" target= =3D&quot;_blank&quot;&gt;ngavrilo(a)redhat.com&lt;/a&gt;&amp;gt;&lt;br&gt;Sent: Wednesday, August 31, 2016= 8:53:22 AM<br>Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cin= der<br></div><br><div>Hi<br></div><br><div>Can you help with below?<br>This= is community email and will be great if you can help this guy.<br></div><b= r><div>Aharon<br>---------- Forwarded message ----------<br>From: Logan Kuh= n &lt;<a href=3D"mailto:logank@wolfram.com" title=3D"Linkification: mailto:= logank(a)wolfram.com&quot; target=3D&quot;_blank&quot;&gt;logank(a)wolfram.com&lt;/a&gt;&amp;gt;&lt;br&gt;Date: T= ue, Aug 30, 2016 at 11:07 PM<br>Subject: [ovirt-users] Unable to backend oV= irt with Cinder<br>To: users &lt;<a href=3D"mailto:users@ovirt.org" title= =3D"Linkification: mailto:users@ovirt.org" target=3D&quot;_blank&quot;&gt;users(a)ovirt.or= g</a>&gt;<br></div><br><div><br>I've got Cinder configured and pointed at C= eph for it's back end storage.<br>I can run ceph commands on the cinder mac= hine and cinder is configured for<br>noauth and I've also tried it with Key= stone for auth.&nbsp; I can run various<br>cinder commands and it'll return= as expected.<br></div><br><div>When I configure it in oVirt it'll add the = external provider fine, but when<br>I go to create a disk it doesn't popula= te the volume type field, it's just<br>empty.&nbsp; The corresponding comma= nd for cinder: cinder type-list and cinder<br>type-show &lt;name&gt; return= s fine and it is public.<br></div><br><div>Ovirt and Cinder are on the same= host so it isn't a firewall issue.<br></div><br><div>Cinder config:<br>[DE= FAULT]<br>rpc_backend =3D rabbit<br>#auth_strategy =3D keystone<br>auth_str= ategy =3D noauth<br>enabled_backends =3D ceph<br>#glance_api_servers =3D <a= href=3D"http://10.128.7.252:9292" title=3D"Linkification: http://10.128.7.= 252:9292" target=3D"_blank">http://10.128.7.252:9292</a><br>#glance_api_ver= sion =3D 2<br></div><br><div>#[keystone_authtoken]<br>#auth_uri =3D <a href= =3D"http://10.128.7.252:5000/v3" title=3D"Linkification: http://10.128.7.25= 2:5000/v3" target=3D"_blank">http://10.128.7.252:5000/v3</a><br>#auth_url = =3D <a href=3D"http://10.128.7.252:35357/v3" title=3D"Linkification: http:/= /10.128.7.252:35357/v3" target=3D"_blank">http://10.128.7.252:35357/v3</a><= br>#auth_type =3D password<br>#memcached_servers =3D localhost:11211<br>#pr= oject_domain_name =3D default<br>#user_domain_name =3D default<br>#project_= name =3D services<br>#username =3D user<br>#password =3D pass<br></div><br>= <div>[ceph]<br>volume_driver =3D cinder.volume.drivers.rbd.RBDDriver<br>vol= ume_backend_name =3D ceph<br>rbd_pool =3D ovirt-images<br>rbd_user =3D cind= er<br>rbd_secret_uuid =3D &lt;secret&gt;<br>rbd_ceph_conf =3D /etc/ceph/cep= h.conf<br>rbd_flatten_volume_from_snapshot =3D true<br>rbd_max_clone_depth = =3D 5<br>rbd_store_chunk_size =3D 4<br>rados_connect_timeout =3D -1<br>#gla= nce_api_version =3D 2<br></div><br><div>[database]<br>connection =3D postgr= esql://<a href=3D"http://user:pass@10.128.2.33/cinder" title=3D"Linkificati= on: http://user:pass@10.128.2.33/cinder" target=3D"_blank">user:pass@10.128= .2.33/cinder</a><br></div><br><div>[oslo_concurrency]<br>lock_path =3D /var= /lib/cinder/tmp<br></div><br><div>[oslo_messaging_rabbit]<br>rabbit_host = =3D localhost<br>rabbit_port =3D 5672<br>rabbit_userid =3D user<br>rabbit_p= assword =3D pass<br></div><br><div>Regards,<br>Logan<br></div><br><div>____= ___________________________________________<br>Users mailing list<br><a hre= f=3D"mailto:Users@ovirt.org" title=3D"Linkification: mailto:Users@ovirt.org= " target=3D&quot;_blank&quot;&gt;Users(a)ovirt.org&lt;/a&gt;&lt;br&gt;&lt;a href=3D"http://lists.ovirt.or= g/mailman/listinfo/users" title=3D"Linkification: http://lists.ovirt.org/ma= ilman/listinfo/users" target=3D"_blank">http://lists.ovirt.org/mailman/list= info/users</a></div></div><br></blockquote></div></div></div></div></div><b= r>_______________________________________________<brUsers mailing list<br<a href=3D"mailto:Users@ovirt.org" target=3D&quot;_blank&quot;&gt;Users(a)ovirt.org&lt;/a&gt;&lt;br= <a href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer= " target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/us...<br></blockquote></div></div></div><br></blockquote></div></div></body></ht= ml------=_Part_51946820_485696074.1472737687754--