[ovirt-users] Unable to backend oVirt with Cinder
Logan Kuhn
logank at wolfram.com
Wed Aug 31 13:27:35 UTC 2016
Thank you for your response, but unfortunately it still doesn't work.
I can do cinder-ey things from the command line, including cinder list, type-show, create. The keystonerc_admin file that I use matches yours with the relevant bits changed for my environment, password, region etc. I've filled out the External Provider dialog with the admin user, cinder user and a new user. The dialog reports that it Failed to communicate with the external provider and to consult the log. The log reports the following:
2016-08-31 08:04:21,518 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [20342b40] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN
2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401)
2016-08-31 08:04:21,546 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-46) [20342b40] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050)
Which is very obvious that the username/auth that ovirt is sending isn't allowed to create, but it's using the same username/password that's in the keystonerc_admin file that I can do various command line things with.
This is my keystonerc_admin file:
OS_AUTH_URL=http://10.128.7.252:5000/v3
OS_PASSWORD=adminpass
OS_PROJECT_DOMAIN_NAME=default
OS_PROJECT_NAME=admin
OS_REGION_NAME=WRI
OS_TENANT_NAME=admin
OS_USERNAME=admin
OS_USER_DOMAIN_NAME=default
I had to make add certain fields and change the auth url to v3 otherwise it reported either a malformed URL or more commonly, 401 Unauthorized. Which made me wonder if it's a compatibility issue with the v3 API. I've been working with Openstack Mitaka and ovirt 4.0.2 and 4.0.3
Regards,
Logan
----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov <ngavrilo at redhat.com> wrote:
| Hi Logen,
| I'll refer only to using authentication , because I had configured it
| previously.
| This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone
| I'm using keystonerc file, example keystonerc_admin:
| ----------------------------------------------------------------------------
| unset OS_SERVICE_TOKEN
| export OS_USERNAME=admin
| export OS_PASSWORD=password
| export OS_AUTH_URL=http://CINDER-HOST:5000/v2.0
| export PS1='[\u@\h \W(keystone_admin)]\$ '
| export OS_TENANT_NAME=admin
| export OS_REGION_NAME=RegionOne
| ----------------------------------------------------------------------------
| This will be step by step as much as possible just to make sure nothing is
| missed (assuming Cinder and Ceph are configured correctly).
| Go to:
| External providers -> Add
| Fill in the fields:
| Name:
| Type: OpenStack Volume
| Provider url: http://CINDER_HOST:8776
| Check "Requires Authentication"
| Fill in the information, this is an example:
| Username: admin
| Password: password
| Tenant name: admin
| Authentication URL: http://CINDER-HOST:5000/v2.0
| Test should return "Test succeeded, managed to access provider."
| Now click Ok.
| Now lets configure additional information:
| Lower pane: Authentication Keys
| Click on: New
| Fill in UUID field with rbd_secret_uuid
| and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring)
| Hope this helps..
| Regards,
| Natalie
| From: "Aharon Canan" < acanan at redhat.com >
| To: "Natalie Gavrilov" < ngavrilo at redhat.com >
| Sent: Wednesday, August 31, 2016 8:53:22 AM
| Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder
| Hi
| Can you help with below?
| This is community email and will be great if you can help this guy.
| Aharon
| ---------- Forwarded message ----------
| From: Logan Kuhn < logank at wolfram.com >
| Date: Tue, Aug 30, 2016 at 11:07 PM
| Subject: [ovirt-users] Unable to backend oVirt with Cinder
| To: users < users at ovirt.org >
| I've got Cinder configured and pointed at Ceph for it's back end storage.
| I can run ceph commands on the cinder machine and cinder is configured for
| noauth and I've also tried it with Keystone for auth. I can run various
| cinder commands and it'll return as expected.
| When I configure it in oVirt it'll add the external provider fine, but when
| I go to create a disk it doesn't populate the volume type field, it's just
| empty. The corresponding command for cinder: cinder type-list and cinder
| type-show <name> returns fine and it is public.
| Ovirt and Cinder are on the same host so it isn't a firewall issue.
| Cinder config:
| [DEFAULT]
| rpc_backend = rabbit
| #auth_strategy = keystone
| auth_strategy = noauth
| enabled_backends = ceph
| #glance_api_servers = http://10.128.7.252:9292
| #glance_api_version = 2
| #[keystone_authtoken]
| #auth_uri = http://10.128.7.252:5000/v3
| #auth_url = http://10.128.7.252:35357/v3
| #auth_type = password
| #memcached_servers = localhost:11211
| #project_domain_name = default
| #user_domain_name = default
| #project_name = services
| #username = user
| #password = pass
| [ceph]
| volume_driver = cinder.volume.drivers.rbd.RBDDriver
| volume_backend_name = ceph
| rbd_pool = ovirt-images
| rbd_user = cinder
| rbd_secret_uuid = <secret>
| rbd_ceph_conf = /etc/ceph/ceph.conf
| rbd_flatten_volume_from_snapshot = true
| rbd_max_clone_depth = 5
| rbd_store_chunk_size = 4
| rados_connect_timeout = -1
| #glance_api_version = 2
| [database]
| connection = postgresql:// user:pass at 10.128.2.33/cinder
| [oslo_concurrency]
| lock_path = /var/lib/cinder/tmp
| [oslo_messaging_rabbit]
| rabbit_host = localhost
| rabbit_port = 5672
| rabbit_userid = user
| rabbit_password = pass
| Regards,
| Logan
| _______________________________________________
| Users mailing list
| Users at ovirt.org
| http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160831/bf966197/attachment-0001.html>
More information about the Users
mailing list