[one-users] opennebula and ceph authentication

Mon Jun 3 07:24:02 PDT 2013

Bill
I am one step ahead
oneadmin has everything configured and accessed
it can create disk images in ceph. permissions is not the problem

the problem is that oneadmin starts kvm --drive=[..],auth_support=none[..]
and not kvm --drive=[..],auth_support=cephx[..]
and i don't know how to configure that in opennebula

On Mon, Jun 3, 2013 at 3:56 PM, Campbell, Bill <
bcampbell at axcess-financial.com> wrote:

> From what I understand you want to be sure to have authentication enabled
> when you first configure the cluster.  I **believe** you can turn it on
> afterwards, but I had trouble doing so (to be honest I haven’t attempted
> this on the Bobtail and up release of Ceph, as we use Cephx authentication
> by default anyway).****
>
> ** **
>
> What you want to be sure if cephx authentication is on is to copy the
> contents of /etc/ceph (particularly the ceph.conf and the ceph.keyring)
> from the ceph cluster to the hypervisor node, and be sure that it is
> readable by the oneadmin user or group.  What we do is copy the file over
> to the hypervisor, change ownership to root.oneadmin, and change
> permissions to 640.  Try that and see if it helps get the VM to boot.****
>
> ** **
>
> *From:* users-bounces at lists.opennebula.org [mailto:
> users-bounces at lists.opennebula.org] *On Behalf Of *George Kissandrakis
> *Sent:* Monday, June 03, 2013 5:23 AM
> *To:* users at lists.opennebula.org
> *Subject:* [one-users] opennebula and ceph authentication****
>
> ** **
>
> Hi****
>
> ** **
>
> I have setup opennebula and ceph ****
>
> Everything works fine if ceph authentication is off (Case 1)****
>
> When i enable ceph authentication (Case 2) the VM does not boot****
>
> ** **
>
> Case 1****
>
> ceph.conf ****
>
>   auth cluster required = none****
>
>   auth service required = none****
>
>   auth client required = none****
>
> ** **
>
> oneadmin at cephkvm01-int:~$ kvm -drive
> file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=raw,cache=none
> ****
>
> ** **
>
> the VM starts normally****
>
> ** **
>
> Case 2****
>
> ceph.conf ****
>
>   auth cluster required = cephx****
>
>   auth service required = cephx****
>
>   auth client required = cephx****
>
> ** **
>
> Case 2.1 if i run ****
>
> kvm -drive file=rbd:one/one-3:*auth_supported=none*
> ,if=none,id=drive-ide0-0-0,format=raw,cache=none****
>
> ** **
>
> i get****
>
> ** **
>
> kvm: -drive
> file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=raw,cache=none:
> could not open disk image rbd:one/one-3:auth_supported=none: Operation not
> supported****
>
> ** **
>
> Case 2.2****
>
> if i run ****
>
> kvm -drive file=rbd:one/one-3:*auth_supported=cephx*
> ,if=none,id=drive-ide0-0-0,format=raw,cache=none****
>
> ** **
>
> the VM starts normally****
>
> ** **
>
> ** **
>
> Case 2.1 is what sunstone configures *auth_supported=none*****
>
> How can i add custom auth_supported=cephx from sunstone?****
>
> ** **
>
> Thank you****
>
> George Kissandrakis****
>
> *NOTICE: Protect the information in this message in accordance with the
> company's security policies. If you received this message in error,
> immediately notify the sender and destroy all copies.*
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130603/90adfe17/attachment-0002.htm>