ceph rbd username and secret should be configured in nova-compute, not passed from nova-volume/cinder
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
James Page | ||
cinder (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
nova (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.
Configuration is directly taken from http://
The problem is as follows:
The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.
However, the libvirt secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge.
I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.
The user and secret_uuid should be configured in nova-compute; not provided by nova-volume.
I've worked around this using this patch/hack:
=== modified file 'nova/virt/
--- nova/virt/
+++ nova/virt/
@@ -88,9 +88,11 @@
if netdisk_
- conf.auth_username = netdisk_
+ conf.auth_username = FLAGS.rbd_user or \
+ netdisk_
- conf.auth_
+ conf.auth_
+ netdisk_
return conf
Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSign
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago)
Related branches
description: | updated |
tags: | added: patch |
Changed in nova (Ubuntu): | |
status: | New → Invalid |
status: | Invalid → Confirmed |
Changed in nova: | |
assignee: | nobody → James Page (james-page) |
status: | New → In Progress |
Changed in cinder (Ubuntu): | |
status: | New → Invalid |
Changed in nova: | |
milestone: | none → grizzly-1 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
status: | New → Invalid |
Changed in nova: | |
milestone: | grizzly-1 → 2013.1 |
Revised patch which ensures sheepdog handling does not get interfered with