[one-users] opennebula and ceph authentication
Campbell, Bill
bcampbell at axcess-financial.com
Mon Jun 3 07:34:03 PDT 2013
What version of OS/Libvirt are you using? I submitted a request to the
developers about integration improvements due to default authentication
settings related to Ceph being different in newer versions of libvirt, and
I think they're targeted for 4.2.
http://dev.opennebula.org/issues/1796#change-4486
From: George Kissandrakis [mailto:gkissand at gmail.com]
Sent: Monday, June 03, 2013 10:24 AM
To: Campbell, Bill
Cc: users at lists.opennebula.org
Subject: Re: [one-users] opennebula and ceph authentication
Bill
I am one step ahead
oneadmin has everything configured and accessed
it can create disk images in ceph. permissions is not the problem
the problem is that oneadmin starts kvm --drive=[..],auth_support=none[..]
and not kvm --drive=[..],auth_support=cephx[..]
and i don't know how to configure that in opennebula
On Mon, Jun 3, 2013 at 3:56 PM, Campbell, Bill
<bcampbell at axcess-financial.com <mailto:bcampbell at axcess-financial.com> >
wrote:
>From what I understand you want to be sure to have authentication enabled
when you first configure the cluster. I *believe* you can turn it on
afterwards, but I had trouble doing so (to be honest I haven't attempted
this on the Bobtail and up release of Ceph, as we use Cephx authentication
by default anyway).
What you want to be sure if cephx authentication is on is to copy the
contents of /etc/ceph (particularly the ceph.conf and the ceph.keyring)
from the ceph cluster to the hypervisor node, and be sure that it is
readable by the oneadmin user or group. What we do is copy the file over
to the hypervisor, change ownership to root.oneadmin, and change
permissions to 640. Try that and see if it helps get the VM to boot.
From: users-bounces at lists.opennebula.org
<mailto:users-bounces at lists.opennebula.org>
[mailto:users-bounces at lists.opennebula.org
<mailto:users-bounces at lists.opennebula.org> ] On Behalf Of George
Kissandrakis
Sent: Monday, June 03, 2013 5:23 AM
To: users at lists.opennebula.org <mailto:users at lists.opennebula.org>
Subject: [one-users] opennebula and ceph authentication
Hi
I have setup opennebula and ceph
Everything works fine if ceph authentication is off (Case 1)
When i enable ceph authentication (Case 2) the VM does not boot
Case 1
ceph.conf
auth cluster required = none
auth service required = none
auth client required = none
oneadmin at cephkvm01-int:~$ kvm -drive
file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=ra
w,cache=none
the VM starts normally
Case 2
ceph.conf
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
Case 2.1 if i run
kvm -drive
file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=ra
w,cache=none
i get
kvm: -drive
file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=ra
w,cache=none: could not open disk image rbd:one/one-3:auth_supported=none:
Operation not supported
Case 2.2
if i run
kvm -drive
file=rbd:one/one-3:auth_supported=cephx,if=none,id=drive-ide0-0-0,format=r
aw,cache=none
the VM starts normally
Case 2.1 is what sunstone configures auth_supported=none
How can i add custom auth_supported=cephx from sunstone?
Thank you
George Kissandrakis
NOTICE: Protect the information in this message in accordance with the
company's security policies. If you received this message in error,
immediately notify the sender and destroy all copies.
NOTICE: Protect the information in this message in accordance with the company's security policies. If you received this message in error, immediately notify the sender and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130603/b3b4d920/attachment-0002.htm>
More information about the Users
mailing list