[Bug 1065883] [NEW] ceph rbd username and secret should be configured in nova-compute, not passed from nova-volume/cinder

James Page james.page at ubuntu.com
Fri Oct 12 08:51:18 UTC 2012 

Public bug reported:

I'm testing using ceph RADOS block devices to back nova volumes; however
I've hit an issue which limits its usefulness in environments where
cephx authentication is required.

Configuration is directly taken from http://ceph.com/docs/master/rbd
/rbd-openstack/#configuring-cinder-nova-volume.

The problem is as follows:

The rbd_user and rbd_secret_uuid must be configured in nova-volume to
ensure that when the nova-compute nodes attach volumes to instances,
they will use the libvirt stored secret.

However, the secret UUID when created on each of the compute nodes is
going to be different; and nova-compute will try to attach using the
secret provided from nova-volume - for which it has no knowledge.

I also want to configure nova-compute with a different username to nova-
volume/cinder to provide more granular access control to ceph.

I've worked around this using this patch/hack:

=== modified file 'nova/virt/libvirt/volume.py'
--- nova/virt/libvirt/volume.py	2012-08-27 15:37:18 +0000
+++ nova/virt/libvirt/volume.py	2012-10-12 08:37:38 +0000
@@ -88,9 +88,11 @@
         conf.serial = connection_info.get('serial')
         netdisk_properties = connection_info['data']
         if netdisk_properties.get('auth_enabled'):
-            conf.auth_username = netdisk_properties['auth_username']
+            conf.auth_username = FLAGS.rbd_user or \
+                                 netdisk_properties['auth_username']
             conf.auth_secret_type = netdisk_properties['secret_type']
-            conf.auth_secret_uuid = netdisk_properties['secret_uuid']
+            conf.auth_secret_uuid = FLAGS.rbd_secret_uuid or \
+                                    netdisk_properties['secret_uuid']
         return conf

Which basically allows me to override the auth_username and
auth_secret_uuid through the nova-compute configuration file.

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.5.0-17.27-generic 3.5.5
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu2
Architecture: amd64
Date: Fri Oct 12 09:38:32 2012
SourcePackage: nova
UpgradeStatus: Upgraded to quantal on 2012-06-11 (122 days ago)

** Affects: nova (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug quantal running-unity

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1065883

Title:
  ceph rbd username and secret should be configured in nova-compute, not
  passed from nova-volume/cinder

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1065883/+subscriptions

More information about the Ubuntu-server-bugs mailing list