** Also affects: nova
Importance: Undecided
Status: New
** Also affects: cinder (Ubuntu)
Importance: Undecided
Status: New
** Also affects: cinder
Importance: Undecided
Status: New
** Description changed:
I'm testing using ceph RADOS block devices to back nova volumes; however
I've hit an issue which limits its usefulness in environments where
cephx authentication is required.
Configuration is directly taken from http://ceph.com/docs/master/rbd
- /rbd-openstack/#configuring-cinder-nova-volume.
+ /rbd-openstack/#configuring-cinder-nova-volume. Note that nova-volume
+ and nova-compute are running on different hosts.
The problem is as follows:
The rbd_user and rbd_secret_uuid must be configured in nova-volume to
ensure that when the nova-compute nodes attach volumes to instances,
they will use the libvirt stored secret.
- However, the secret UUID when created on each of the compute nodes is
- going to be different; and nova-compute will try to attach using the
- secret provided from nova-volume - for which it has no knowledge.
+ However, the libvirt secret UUID when created on each of the compute
+ nodes is going to be different; and nova-compute will try to attach
+ using the secret provided from nova-volume - for which it has no
+ knowledge.
I also want to configure nova-compute with a different username to nova-
volume/cinder to provide more granular access control to ceph.
+
+ The user and secret_uuid should be configured in nova-compute; not
+ provided by nova-volume.
I've worked around this using this patch/hack:
=== modified file 'nova/virt/libvirt/volume.py'
--- nova/virt/libvirt/volume.py 2012-08-27 15:37:18 +0000
+++ nova/virt/libvirt/volume.py 2012-10-12 08:37:38 +0000
@@ -88,9 +88,11 @@
- conf.serial = connection_info.get('serial')
- netdisk_properties = connection_info['data']
- if netdisk_properties.get('auth_enabled'):
+ conf.serial = connection_info.get('serial')
+ netdisk_properties = connection_info['data']
+ if netdisk_properties.get('auth_enabled'):
- conf.auth_username = netdisk_properties['auth_username']
+ conf.auth_username = FLAGS.rbd_user or \
+ netdisk_properties['auth_username']
- conf.auth_secret_type = netdisk_properties['secret_type']
+ conf.auth_secret_type = netdisk_properties['secret_type']
- conf.auth_secret_uuid = netdisk_properties['secret_uuid']
+ conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \
+ netdisk_properties['secret_uuid']
- return conf
+ return conf
Which basically allows me to override the auth_username and
auth_secret_uuid through the nova-compute configuration file.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.5.0-17.27-generic 3.5.5
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1065883
Title:
ceph rbd username and secret should be configured in nova-compute, not
passed from nova-volume/cinder
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1065883/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
