Can't attach or boot nova volumes backed by cinder ceph rbd

Bug #1746550 reported by Gui Maluf on 2018-01-31
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

I'm reusing/rewriting bug reports from fellow config management tools [1][2]

> introduced a
> change in Ocata where any data provided by cinder for rbd block devices is preferred over any local
> libvirt sectional configuration for rbd (which was used in preference in the past).

> Username on the compute units won't match the username for ceph being used on the cinder units (as
> compute and cinder units get different keys created) so I don't think the key created on the compute
> units will actually work with the username provided from cinder.

> As a result, isn't possible to attach ceph block devices in instances in a puppet deployed Ocata;

Main point here is the absence of virsh-secret with cinder ceph-auth-secret on nova-compute. Nova computes try to attach cinder volume using this xml with ceph usename cinder instead of nova.

> <disk type="network" device="disk">
> <driver name="qemu" type="raw" cache="writeback" discard="unmap"/>
> <source protocol="rbd" name="cinder_volumes/volume-d970438e-8fdd-4f05-90a8-dd4caaaaf4b0">
> <host name="" port="6789"/>
> </source>
> <auth username="cinder">
> <secret type="ceph" uuid="4d317a47-2f59-4f69-ab42-c0233c496159"/>
> </auth>
> <target bus="virtio" dev="vdb"/>
> </disk>

Since cinder-ceph-virsh-secret-uuid isn't create on nova-compute nodes by neither cinder or nova modules isn't possible to attach cinder volumes to nova instances.


Gui Maluf (guimalufb) wrote :

I've fixed that using the same ceph-auth-key for both cinder and nova ceph-user, that way, when nova tries to attach a volume using cinder-ceph-user and nova-libvirt-secret it will match and work.

Gui Maluf (guimalufb) wrote :

The best solution is to create a nova class or a generic libvirt-secret to store ceph key for both nova/cinder ceph-user and use that uuid in cinder::backend::rbd::rbd_secret_uuid

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers