<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>From what I understand you want to be sure to have authentication enabled when you first configure the cluster. I *<b>believe</b>* you can turn it on afterwards, but I had trouble doing so (to be honest I haven’t attempted this on the Bobtail and up release of Ceph, as we use Cephx authentication by default anyway).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>What you want to be sure if cephx authentication is on is to copy the contents of /etc/ceph (particularly the ceph.conf and the ceph.keyring) from the ceph cluster to the hypervisor node, and be sure that it is readable by the oneadmin user or group. What we do is copy the file over to the hypervisor, change ownership to root.oneadmin, and change permissions to 640. Try that and see if it helps get the VM to boot.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> users-bounces@lists.opennebula.org [mailto:users-bounces@lists.opennebula.org] <b>On Behalf Of </b>George Kissandrakis<br><b>Sent:</b> Monday, June 03, 2013 5:23 AM<br><b>To:</b> users@lists.opennebula.org<br><b>Subject:</b> [one-users] opennebula and ceph authentication<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I have setup opennebula and ceph <o:p></o:p></p></div><div><p class=MsoNormal>Everything works fine if ceph authentication is off (Case 1)<o:p></o:p></p></div><div><p class=MsoNormal>When i enable ceph authentication (Case 2) the VM does not boot<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Case 1<o:p></o:p></p></div><div><p class=MsoNormal>ceph.conf <o:p></o:p></p></div><div><div><p class=MsoNormal> auth cluster required = none<o:p></o:p></p></div><div><p class=MsoNormal> auth service required = none<o:p></o:p></p></div><div><p class=MsoNormal> auth client required = none<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>oneadmin@cephkvm01-int:~$ kvm -drive file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=raw,cache=none<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>the VM starts normally<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Case 2<o:p></o:p></p></div><div><div><p class=MsoNormal>ceph.conf <o:p></o:p></p></div><div><div><p class=MsoNormal> auth cluster required = cephx<o:p></o:p></p></div><div><p class=MsoNormal> auth service required = cephx<o:p></o:p></p></div><div><p class=MsoNormal> auth client required = cephx<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Case 2.1 if i run <o:p></o:p></p></div><div><div><p class=MsoNormal>kvm -drive file=rbd:one/one-3:<b>auth_supported=none</b>,if=none,id=drive-ide0-0-0,format=raw,cache=none<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>i get<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal>kvm: -drive file=rbd:one/one-3:auth_supported=none,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image rbd:one/one-3:auth_supported=none: Operation not supported<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Case 2.2<o:p></o:p></p></div><div><p class=MsoNormal>if i run <o:p></o:p></p></div></div><div><p class=MsoNormal>kvm -drive file=rbd:one/one-3:<b>auth_supported=cephx</b>,if=none,id=drive-ide0-0-0,format=raw,cache=none<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>the VM starts normally<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Case 2.1 is what sunstone configures <b>auth_supported=none</b><o:p></o:p></p></div><div><p class=MsoNormal>How can i add custom auth_supported=cephx from sunstone?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thank you<o:p></o:p></p></div><div><p class=MsoNormal>George Kissandrakis<o:p></o:p></p></div></div></div></div></div>
<br><html><body><b>NOTICE: Protect the information in this message in accordance with the company's security policies. If you received this message in error, immediately notify the sender and destroy all copies.</b></body></html>
<br></body></html>