Public bug reported: I'm testing using ceph RADOS block devices to back nova volumes; however I've hit an issue which limits its usefulness in environments where cephx authentication is required.
Configuration is directly taken from http://ceph.com/docs/master/rbd /rbd-openstack/#configuring-cinder-nova-volume. The problem is as follows: The rbd_user and rbd_secret_uuid must be configured in nova-volume to ensure that when the nova-compute nodes attach volumes to instances, they will use the libvirt stored secret. However, the secret UUID when created on each of the compute nodes is going to be different; and nova-compute will try to attach using the secret provided from nova-volume - for which it has no knowledge. I also want to configure nova-compute with a different username to nova- volume/cinder to provide more granular access control to ceph. I've worked around this using this patch/hack: === modified file 'nova/virt/libvirt/volume.py' --- nova/virt/libvirt/volume.py 2012-08-27 15:37:18 +0000 +++ nova/virt/libvirt/volume.py 2012-10-12 08:37:38 +0000 @@ -88,9 +88,11 @@ conf.serial = connection_info.get('serial') netdisk_properties = connection_info['data'] if netdisk_properties.get('auth_enabled'): - conf.auth_username = netdisk_properties['auth_username'] + conf.auth_username = FLAGS.rbd_user or \ + netdisk_properties['auth_username'] conf.auth_secret_type = netdisk_properties['secret_type'] - conf.auth_secret_uuid = netdisk_properties['secret_uuid'] + conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \ + netdisk_properties['secret_uuid'] return conf Which basically allows me to override the auth_username and auth_secret_uuid through the nova-compute configuration file. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: nova-compute (not installed) ProcVersionSignature: Ubuntu 3.5.0-17.27-generic 3.5.5 Uname: Linux 3.5.0-17-generic x86_64 ApportVersion: 2.6.1-0ubuntu2 Architecture: amd64 Date: Fri Oct 12 09:38:32 2012 SourcePackage: nova UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago) ** Affects: nova (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug quantal running-unity -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1065883 Title: ceph rbd username and secret should be configured in nova-compute, not passed from nova-volume/cinder To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1065883/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs