You can actually specify the uuid for the secret when you add it to
libvirt, so it can be the same on all compute hosts.
i.e.
<secret ephemeral='no' private='no'>
<usage type='ceph'>
<name>client.volumes secret</name>
</usage>
<uuid>a060c8a3-d905-45ec-84a6-0b5d7e25c5cb</uuid>
</secret>
Libvirt only generates a random uuid if you don't specify one. I'll
update the Ceph docs to clarify this.
Your patch does make sense if you want to control more finely which
rados user's your using on the compute nodes. It's easier than running
multiple (cinder|nova)-volume processes, but the long term solution
probably involves changing the volume driver to use different rados
pools and users based on volume_type or some other configuration.
However, with the current rbd volume driver using only a single pool,
I'm not sure how much finer-grained the compute node permissions could
be compared to the volume service permissions. What do you have in mind?
BTW, sheepdog and nbd don't have auth support through libvirt, so you
don't need to check specifically for rbd in your patch.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1065883
Title:
ceph rbd username and secret should be configured in nova-compute, not
passed from nova-volume/cinder
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1065883/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
