I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.
The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.
However, the secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge.
I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.
I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.
Configuration is directly taken from http:// ceph.com/ docs/master/ rbd/rbd- openstack/ #configuring- cinder- nova-volume.
The problem is as follows:
The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.
However, the secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge.
I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.
I've worked around this using this patch/hack:
=== modified file 'nova/virt/ libvirt/ volume. py' libvirt/ volume. py 2012-08-27 15:37:18 +0000 libvirt/ volume. py 2012-10-12 08:37:38 +0000
conf. serial = connection_ info.get( 'serial' )
netdisk_ properties = connection_ info['data' ] properties. get('auth_ enabled' ): properties[ 'auth_username' ] properties[ 'auth_username' ]
conf. auth_secret_ type = netdisk_ properties[ 'secret_ type'] secret_ uuid = netdisk_ properties[ 'secret_ uuid'] secret_ uuid = FLAGS.rbd_ secret_ uuid or \ properties[ 'secret_ uuid']
--- nova/virt/
+++ nova/virt/
@@ -88,9 +88,11 @@
if netdisk_
- conf.auth_username = netdisk_
+ conf.auth_username = FLAGS.rbd_user or \
+ netdisk_
- conf.auth_
+ conf.auth_
+ netdisk_
return conf
Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file.
ProblemType: Bug ature: Ubuntu 3.5.0-17.27-generic 3.5.5
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSign
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago)