[one-users] opennebula and ceph authentication

Campbell, Bill bcampbell at axcess-financial.com
Mon Jun 3 07:34:03 PDT 2013


What version of OS/Libvirt are you using?  I submitted a request to the
developers about integration improvements due to default authentication
settings related to Ceph being different in newer versions of libvirt, and
I think they're targeted for 4.2.

 

http://dev.opennebula.org/issues/1796#change-4486

 

From: George Kissandrakis [mailto:gkissand at gmail.com] 
Sent: Monday, June 03, 2013 10:24 AM
To: Campbell, Bill
Cc: users at lists.opennebula.org
Subject: Re: [one-users] opennebula and ceph authentication

 

Bill

I am one step ahead

oneadmin has everything configured and accessed

it can create disk images in ceph. permissions is not the problem

 

the problem is that oneadmin starts kvm --drive=[..],auth_support=none[..]


and not kvm --drive=[..],auth_support=cephx[..] 

and i don't know how to configure that in opennebula

 

 

On Mon, Jun 3, 2013 at 3:56 PM, Campbell, Bill
<bcampbell at axcess-financial.com <mailto:bcampbell at axcess-financial.com> >
wrote:

>From what I understand you want to be sure to have authentication enabled
when you first configure the cluster.  I *believe* you can turn it on
afterwards, but I had trouble doing so (to be honest I haven't attempted
this on the Bobtail and up release of Ceph, as we use Cephx authentication
by default anyway).

 

What you want to be sure if cephx authentication is on is to copy the
contents of /etc/ceph (particularly the ceph.conf and the ceph.keyring)
from the ceph cluster to the hypervisor node, and be sure that it is
readable by the oneadmin user or group.  What we do is copy the file over
to the hypervisor, change ownership to root.oneadmin, and change
permissions to 640.  Try that and see if it helps get the VM to boot.

 

From: users-bounces at lists.opennebula.org
<mailto:users-bounces at lists.opennebula.org>
[mailto:users-bounces at lists.opennebula.org
<mailto:users-bounces at lists.opennebula.org> ] On Behalf Of George
Kissandrakis
Sent: Monday, June 03, 2013 5:23 AM
To: users at lists.opennebula.org <mailto:users at lists.opennebula.org> 
Subject: [one-users] opennebula and ceph authentication

 

Hi

 

I have setup opennebula and ceph 

Everything works fine if ceph authentication is off (Case 1)

When i enable ceph authentication (Case 2) the VM does not boot

 

Case 1

ceph.conf 

  auth cluster required = none

  auth service required = none

  auth client required = none

 

oneadmin at cephkvm01-int:~$ kvm -drive
file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=ra
w,cache=none

 

the VM starts normally

 

Case 2

ceph.conf 

  auth cluster required = cephx

  auth service required = cephx

  auth client required = cephx

 

Case 2.1 if i run 

kvm -drive
file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=ra
w,cache=none

 

i get

 

kvm: -drive
file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=ra
w,cache=none: could not open disk image rbd:one/one-3:auth_supported=none:
Operation not supported

 

Case 2.2

if i run 

kvm -drive
file=rbd:one/one-3:auth_supported=cephx,if=none,id=drive-ide0-0-0,format=r
aw,cache=none

 

the VM starts normally

 

 

Case 2.1 is what sunstone configures auth_supported=none

How can i add custom auth_supported=cephx from sunstone?

 

Thank you

George Kissandrakis

 

NOTICE: Protect the information in this message in accordance with the
company's security policies. If you received this message in error,
immediately notify the sender and destroy all copies.

 

 


NOTICE: Protect the information in this message in accordance with the company's security policies. If you received this message in error, immediately notify the sender and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130603/b3b4d920/attachment-0002.htm>


More information about the Users mailing list