[heystone][nova][cinder] netapp queens trust scoped token

Ignazio Cassano ignaziocassano at gmail.com
Fri Jan 18 12:24:29 UTC 2019


Hello Everyone,
I am using a client for backupping openstack virtual machine.
The crux of the problem is the client uses trust based authentication for
scheduling backup jobs on behalf of user.  When a trust scoped token is
passed to cinder client to take a snapshot, I expect the client use the
token to authenticate and perform the operation which cinder client does.
However cinder volume service invokes novaclient as part of cinder nfs
backend snapshot operation and novaclient tries to re-authenticate. Since
keystone does not allow re-authentication using trust based tokens, cinder
snapshot operation fails.

So I get the following error:

2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
[req-61d977c1-eef3-4309-ac02-aaa0eb880925
ab1bdb5dadc54312891f3a6410fef04d 6d1bffb04e3b4cdda30dc17aa96bfffc - default
default] Call to Nova to create snapshot failed: Forbidden: You are not
authorized to perform the requested action: Using trust-scoped token to
create another token. Create a new trust-scoped token instead. (HTTP 403)
(Request-ID: req-f55b682a-001b-4952-bfb1-abf4dd6bf459)

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
Traceback
(most recent call last):

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
File "/usr/lib/python2.7/site-packages/cinder/volume/drivers/ remotefs.py",
line 1452, in _create_snapshot_online

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
connection_info)

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
File "/usr/lib/python2.7/site-packages/cinder/compute/nova.py", line 188,
in create_volume_snapshot

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
create_info=create_info)

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
File
"/usr/lib/python2.7/site-packages/novaclient/v2/assisted_volume_snapshots.py",
line 43, in create

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
return self._create('/os-assisted-volume-snapshots', body, 'snapshot')

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
File "/usr/lib/python2.7/site-packages/novaclient/base.py", line 361, in
_create

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
resp, body = self.api.client.post(url, body=body)

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 310,
in post

 >  2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs
return self.request(url, 'POST', **kwargs)


My cinder volume are non netapp fas8040 via nfs.

Anyone can help me ?


Regards

Ignazio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190118/888d3b1a/attachment.html>


More information about the openstack-discuss mailing list