Cinder

Bug #1065883
Comment #0

Comment 0 for bug 1065883

Revision history for this message

James Page (james-page) wrote on 2012-10-12:

I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.

Configuration is directly taken from http://ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder-nova-volume.

The problem is as follows:

The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.

However, the secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge.

I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.

I've worked around this using this patch/hack:

=== modified file 'nova/virt/libvirt/volume.py'
--- nova/virt/libvirt/volume.py 2012-08-27 15:37:18 +0000
+++ nova/virt/libvirt/volume.py 2012-10-12 08:37:38 +0000
@@ -88,9 +88,11 @@
         conf.serial = connection_info.get('serial')
         netdisk_properties = connection_info['data']
         if netdisk_properties.get('auth_enabled'):
- conf.auth_username = netdisk_properties['auth_username']
+ conf.auth_username = FLAGS.rbd_user or \
+ netdisk_properties['auth_username']
             conf.auth_secret_type = netdisk_properties['secret_type']
- conf.auth_secret_uuid = netdisk_properties['secret_uuid']
+ conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \
+ netdisk_properties['secret_uuid']
         return conf

Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file.

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.5.0-17.27-generic 3.5.5
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago)

I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.

Configuration is directly taken from http://ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder-nova-volume.

The problem is as follows:

The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.

I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.

I've worked around this using this patch/hack:

=== modified file 'nova/virt/libvirt/volume.py'
--- nova/virt/libvirt/volume.py	2012-08-27 15:37:18 +0000
+++ nova/virt/libvirt/volume.py	2012-10-12 08:37:38 +0000
@@ -88,9 +88,11 @@
         conf.serial = connection_info.get('serial')
         netdisk_properties = connection_info['data']
         if netdisk_properties.get('auth_enabled'):
-            conf.auth_username = netdisk_properties['auth_username']
+            conf.auth_username = FLAGS.rbd_user or \
+                                 netdisk_properties['auth_username']
             conf.auth_secret_type = netdisk_properties['secret_type']
-            conf.auth_secret_uuid = netdisk_properties['secret_uuid']
+            conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \
+                                    netdisk_properties['secret_uuid']
         return conf

Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file.