Yep, changing to keystone v2 is what did it. I had previously tried v1 and v3.
Thank you both Regards, Logan ----- On Sep 1, 2016, at 1:57 AM, Daniel Erez <[email protected]> wrote: | On Wed, Aug 31, 2016 at 4:27 PM, Logan Kuhn < [email protected] > wrote: || Thank you for your response, but unfortunately it still doesn't work. || I can do cinder-ey things from the command line, including cinder list, || type-show, create. The keystonerc_admin file that I use matches yours with the || relevant bits changed for my environment, password, region etc. I've filled out || the External Provider dialog with the admin user, cinder user and a new user. || The dialog reports that it Failed to communicate with the external provider and || to consult the log. The log reports the following: || 2016-08-31 08:04:21,518 INFO || [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default || task-46) [20342b40] Running command: TestProviderConnectivityCommand internal: || false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: || SystemAction group CREATE_STORAGE_POOL with role type ADMIN || 2016-08-31 08:04:21,546 ERROR || [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] || (default task-46) [20342b40] Unauthorized (OpenStack response error code: 401) || 2016-08-31 08:04:21,546 ERROR || [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default || task-46) [20342b40] Command || 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: || EngineException: (Failed with error PROVIDER_FAILURE and code 5050) || Which is very obvious that the username/auth that ovirt is sending isn't allowed || to create, but it's using the same username/password that's in the || keystonerc_admin file that I can do various command line things with. || This is my keystonerc_admin file: || OS_AUTH_URL= http://10.128.7.252:5000/v3 || OS_PASSWORD=adminpass || OS_PROJECT_DOMAIN_NAME=default || OS_PROJECT_NAME=admin || OS_REGION_NAME=WRI || OS_TENANT_NAME=admin || OS_USERNAME=admin || OS_USER_DOMAIN_NAME=default || I had to make add certain fields and change the auth url to v3 otherwise it || reported either a malformed URL or more commonly, 401 Unauthorized. Which made || me wonder if it's a compatibility issue with the v3 API. I've been working with || Openstack Mitaka and ovirt 4.0.2 and 4.0.3 | For keystone authentication, we support v2.0. | Have you tried ' http://10.128.7.252:5000/v2.0 ' as authentication URL on add | provider dialog? || Regards, || Logan || ----- On Aug 31, 2016, at 6:07 AM, Natalie Gavrilov < [email protected] > || wrote: ||| Hi Logen, ||| I'll refer only to using authentication , because I had configured it ||| previously. ||| This means: /etc/cinder/cinder.conf should have: auth_strategy = keystone ||| I'm using keystonerc file, example keystonerc_admin: ||| ---------------------------------------------------------------------------- ||| unset OS_SERVICE_TOKEN ||| export OS_USERNAME=admin ||| export OS_PASSWORD=password ||| export OS_AUTH_URL= http://CINDER-HOST:5000/v2.0 ||| export PS1='[\u@\h \W(keystone_admin)]\$ ' ||| export OS_TENANT_NAME=admin ||| export OS_REGION_NAME=RegionOne ||| ---------------------------------------------------------------------------- ||| This will be step by step as much as possible just to make sure nothing is ||| missed (assuming Cinder and Ceph are configured correctly). ||| Go to: ||| External providers -> Add ||| Fill in the fields: ||| Name: ||| Type: OpenStack Volume ||| Provider url: http://CINDER_HOST:8776 ||| Check "Requires Authentication" ||| Fill in the information, this is an example: ||| Username: admin ||| Password: password ||| Tenant name: admin ||| Authentication URL: http://CINDER-HOST:5000/v2.0 ||| Test should return "Test succeeded, managed to access provider." ||| Now click Ok. ||| Now lets configure additional information: ||| Lower pane: Authentication Keys ||| Click on: New ||| Fill in UUID field with rbd_secret_uuid ||| and value :which is the key (it's in /etc/ceph/ceph.client.USERNAME.keyring) ||| Hope this helps.. ||| Regards, ||| Natalie ||| From: "Aharon Canan" < [email protected] > ||| To: "Natalie Gavrilov" < [email protected] > ||| Sent: Wednesday, August 31, 2016 8:53:22 AM ||| Subject: Fwd: [ovirt-users] Unable to backend oVirt with Cinder ||| Hi ||| Can you help with below? ||| This is community email and will be great if you can help this guy. ||| Aharon ||| ---------- Forwarded message ---------- ||| From: Logan Kuhn < [email protected] > ||| Date: Tue, Aug 30, 2016 at 11:07 PM ||| Subject: [ovirt-users] Unable to backend oVirt with Cinder ||| To: users < [email protected] > ||| I've got Cinder configured and pointed at Ceph for it's back end storage. ||| I can run ceph commands on the cinder machine and cinder is configured for ||| noauth and I've also tried it with Keystone for auth. I can run various ||| cinder commands and it'll return as expected. ||| When I configure it in oVirt it'll add the external provider fine, but when ||| I go to create a disk it doesn't populate the volume type field, it's just ||| empty. The corresponding command for cinder: cinder type-list and cinder ||| type-show <name> returns fine and it is public. ||| Ovirt and Cinder are on the same host so it isn't a firewall issue. ||| Cinder config: ||| [DEFAULT] ||| rpc_backend = rabbit ||| #auth_strategy = keystone ||| auth_strategy = noauth ||| enabled_backends = ceph ||| #glance_api_servers = http://10.128.7.252:9292 ||| #glance_api_version = 2 ||| #[keystone_authtoken] ||| #auth_uri = http://10.128.7.252:5000/v3 ||| #auth_url = http://10.128.7.252:35357/v3 ||| #auth_type = password ||| #memcached_servers = localhost:11211 ||| #project_domain_name = default ||| #user_domain_name = default ||| #project_name = services ||| #username = user ||| #password = pass ||| [ceph] ||| volume_driver = cinder.volume.drivers.rbd.RBDDriver ||| volume_backend_name = ceph ||| rbd_pool = ovirt-images ||| rbd_user = cinder ||| rbd_secret_uuid = <secret> ||| rbd_ceph_conf = /etc/ceph/ceph.conf ||| rbd_flatten_volume_from_snapshot = true ||| rbd_max_clone_depth = 5 ||| rbd_store_chunk_size = 4 ||| rados_connect_timeout = -1 ||| #glance_api_version = 2 ||| [database] ||| connection = postgresql:// user:[email protected]/cinder ||| [oslo_concurrency] ||| lock_path = /var/lib/cinder/tmp ||| [oslo_messaging_rabbit] ||| rabbit_host = localhost ||| rabbit_port = 5672 ||| rabbit_userid = user ||| rabbit_password = pass ||| Regards, ||| Logan ||| _______________________________________________ ||| Users mailing list ||| [email protected] ||| http://lists.ovirt.org/mailman/listinfo/users || _______________________________________________ || Users mailing list || [email protected] || http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
