Hello Everyone, I am using a client for backupping openstack virtual machine. The crux of the problem is the client uses trust based authentication for scheduling backup jobs on behalf of user. When a trust scoped token is passed to cinder client to take a snapshot, I expect the client use the token to authenticate and perform the operation which cinder client does. However cinder volume service invokes novaclient as part of cinder nfs backend snapshot operation and novaclient tries to re-authenticate. Since keystone does not allow re-authentication using trust based tokens, cinder snapshot operation fails. So I get the following error: 2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs [req-61d977c1-eef3-4309-ac02-aaa0eb880925 ab1bdb5dadc54312891f3a6410fef04d 6d1bffb04e3b4cdda30dc17aa96bfffc - default default] Call to Nova to create snapshot failed: Forbidden: You are not authorized to perform the requested action: Using trust-scoped token to create another token. Create a new trust-scoped token instead. (HTTP 403) (Request-ID: req-f55b682a-001b-4952-bfb1-abf4dd6bf459)
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs Traceback (most recent call last):
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs File "/usr/lib/python2.7/site-packages/cinder/volume/drivers/ remotefs.py", line 1452, in _create_snapshot_online
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs connection_info)
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs File "/usr/lib/python2.7/site-packages/cinder/compute/nova.py", line 188, in create_volume_snapshot
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs create_info=create_info)
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs File "/usr/lib/python2.7/site-packages/novaclient/v2/assisted_volume_snapshots.py", line 43, in create
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs return self._create('/os-assisted-volume-snapshots', body, 'snapshot')
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs File "/usr/lib/python2.7/site-packages/novaclient/base.py", line 361, in _create
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs resp, body = self.api.client.post(url, body=body)
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 310, in post
2018-12-12 04:07:14.759 2859 ERROR cinder.volume.drivers. remotefs return self.request(url, 'POST', **kwargs)
My cinder volume are non netapp fas8040 via nfs. Anyone can help me ? Regards Ignazio