cinder secondary backend only used for admin user

asked 2018-07-31 22:58:29 -0500

jamesopst gravatar image

updated 2018-10-11 14:41:39 -0500

hi, we have a HP MSA storage device connected to most of our compute nodes and we are using the cinder driver cinder.volume.drivers.san.hp.hpmsa_fc.HPMSAFCDriver as a second backend so that openstack can, if directed by metadata, create volumes on it during instance creation. Openstack creates volumes using this MSA backend if the metadata of the image selected contains "cinder_image_volume_type=MSA". This second MSA type of volume was added to cinder.

We use a CentOS-6-x86_64-GenericCloud-1707.qcow2 image which has this metadata added. Without this metadata RBD/CEPH images are made

This works great for the admin user but not for a regular _ member_ user.

With the admin user volumes created show Type=MSA and (correct!)

With the _member_ user volumes created show Type=MSA and Host=rbd:volumes@RBD-backend#RBD-backend (this is made on CEPH not MSA, incorrect!).

And I can confirm the volume is not on the MSA. Correct RBD/CEPH volumes show Type=volumes_ceph and Host=rbd:volumes@RBD-backend#RBD-backend.

Looking at the logs I do see the _ member_ user is a non-default-domain user while admin is obviously the default domain. other than that I can't make heads or tails of the logs.

I have tried to set the properties on the cinder MSA volume type for the specific project we want to use this volume type in, and to set the project-domain for this volume type. nothing has helped.

can anyone shed any light on this behavior or point out anything helpful in the logs pls?

a bad _ member_ volume creation was UUID fb9047c3-1b6b-4d2b-bae8-5177e86eb1f2

a good admin volume creation was UUID b49e33db-8ab8-489f-b7cb-092f421178c1

We are using Newton, thanks!

edit retag flag offensive close merge delete


this happens if the cinder volume type is created as a Private type or a Public type.

how can I get in touch with someone more familiar with cinder.volume.drivers.san.hp.hpmsa_fc.HPMSAFCDriver and this type of cinder usage?


jamesopst gravatar imagejamesopst ( 2018-10-11 14:43:54 -0500 )edit

i found that changing cinder/policy.json resolves this. but I dislike the change im making. I create & add the msauser role to the context_is_admin rule

"context_is_admin": "role:admin or role:msauser"

wish I could find what specific target(s) need the msauser role but nothing works! advice?

jamesopst gravatar imagejamesopst ( 2019-12-03 16:29:57 -0500 )edit

to clarify: i don't know which target is really the key here. i add role:msauser to every target but that does not resolve the issue. only when I add role:msauser to "context_is_admin"

jamesopst gravatar imagejamesopst ( 2019-12-03 16:32:51 -0500 )edit