| 2012-10-12 08:51:18 |
James Page |
bug |
|
|
added bug |
| 2012-10-12 09:30:28 |
James Page |
bug task added |
|
nova |
|
| 2012-10-12 09:30:40 |
James Page |
bug task added |
|
cinder (Ubuntu) |
|
| 2012-10-12 09:30:48 |
James Page |
bug task added |
|
cinder |
|
| 2012-10-12 09:32:45 |
James Page |
description |
I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.
Configuration is directly taken from http://ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder-nova-volume.
The problem is as follows:
The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.
However, the secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge.
I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.
I've worked around this using this patch/hack:
=== modified file 'nova/virt/libvirt/volume.py'
--- nova/virt/libvirt/volume.py 2012-08-27 15:37:18 +0000
+++ nova/virt/libvirt/volume.py 2012-10-12 08:37:38 +0000
@@ -88,9 +88,11 @@
conf.serial = connection_info.get('serial')
netdisk_properties = connection_info['data']
if netdisk_properties.get('auth_enabled'):
- conf.auth_username = netdisk_properties['auth_username']
+ conf.auth_username = FLAGS.rbd_user or \
+ netdisk_properties['auth_username']
conf.auth_secret_type = netdisk_properties['secret_type']
- conf.auth_secret_uuid = netdisk_properties['secret_uuid']
+ conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \
+ netdisk_properties['secret_uuid']
return conf
Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.5.0-17.27-generic 3.5.5
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago) |
I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.
Configuration is directly taken from http://ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder-nova-volume. Note that nova-volume and nova-compute are running on different hosts.
The problem is as follows:
The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret.
However, the libvirt secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge.
I also want to configure nova-compute with a different username to nova-volume/cinder to provide more granular access control to ceph.
The user and secret_uuid should be configured in nova-compute; not provided by nova-volume.
I've worked around this using this patch/hack:
=== modified file 'nova/virt/libvirt/volume.py'
--- nova/virt/libvirt/volume.py 2012-08-27 15:37:18 +0000
+++ nova/virt/libvirt/volume.py 2012-10-12 08:37:38 +0000
@@ -88,9 +88,11 @@
conf.serial = connection_info.get('serial')
netdisk_properties = connection_info['data']
if netdisk_properties.get('auth_enabled'):
- conf.auth_username = netdisk_properties['auth_username']
+ conf.auth_username = FLAGS.rbd_user or \
+ netdisk_properties['auth_username']
conf.auth_secret_type = netdisk_properties['secret_type']
- conf.auth_secret_uuid = netdisk_properties['secret_uuid']
+ conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \
+ netdisk_properties['secret_uuid']
return conf
Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.5.0-17.27-generic 3.5.5
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago) |
|
| 2012-10-12 09:34:27 |
James Page |
bug |
|
|
added subscriber The Canonical Sysadmins |
| 2012-10-12 10:12:41 |
James Page |
attachment added |
|
rbd-security.patch https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1065883/+attachment/3396139/+files/rbd-security.patch |
|
| 2012-10-12 12:18:13 |
Ubuntu Foundations Team Bug Bot |
tags |
amd64 apport-bug quantal running-unity |
amd64 apport-bug patch quantal running-unity |
|
| 2012-10-12 13:04:18 |
Chuck Short |
nova (Ubuntu): status |
New |
Invalid |
|
| 2012-10-12 13:04:31 |
Chuck Short |
nova (Ubuntu): status |
Invalid |
Confirmed |
|
| 2012-10-12 13:17:48 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/nova/quantal-folsom-proposed |
|
| 2012-10-12 23:45:53 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-proposed/nova |
|
| 2012-10-15 09:04:58 |
James Page |
nova: assignee |
|
James Page (james-page) |
|
| 2012-10-15 09:05:04 |
James Page |
nova: status |
New |
In Progress |
|
| 2012-10-15 09:45:38 |
Launchpad Janitor |
nova (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2012-10-15 12:50:16 |
James Page |
cinder (Ubuntu): status |
New |
Invalid |
|
| 2012-10-20 00:20:36 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/nova/precise-folsom-proposed |
|
| 2012-10-20 00:27:42 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/nova/quantal-folsom |
|
| 2012-10-22 01:24:37 |
OpenStack Infra |
nova: status |
In Progress |
Fix Committed |
|
| 2012-11-07 20:17:13 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/nova/raring-grizzly |
|
| 2012-11-21 09:46:25 |
Thierry Carrez |
nova: status |
Fix Committed |
Fix Released |
|
| 2012-11-21 09:46:25 |
Thierry Carrez |
nova: milestone |
|
grizzly-1 |
|
| 2012-12-05 17:01:05 |
Josh Durgin |
cinder: status |
New |
Invalid |
|
| 2012-12-19 09:26:33 |
Giuseppe Civitella |
bug |
|
|
added subscriber Giuseppe Civitella |
| 2013-02-11 09:45:25 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/nova/precise-folsom |
|
| 2013-04-04 10:55:36 |
Thierry Carrez |
nova: milestone |
grizzly-1 |
2013.1 |
|
| 2013-05-23 14:30:50 |
Pedro Jiménez |
bug |
|
|
added subscriber Pedro Jiménez |
