Can we have multiple gateways for one ScaleIO system?

We modified gatewayUser,properties like below.

But it is still not successful to access the ScaleIO system through the newly added gateways by REST API.

--------------

mdm.ip.addresses=10.X.X.X;10.X.X.X  *added Master and Slave MDM IP address

features.enable_IM=false *to use only for REST API gateway, We don't think this is relevant to the issue.

system.id= *left empty since the ID will be created on the first login.

--------------

After fails of attempts to create a volume via cinder driver, system.id has been left empty.

We get packets to and from Master MDM IP:6611. So the first login fails.

We also added system.id retrieved from the gateway which originally installed the ScaleIO system.

Just api_operations.log keeps getting nothing but "INFO audit - IP ADDRESS:/api/login".

Any ideas?

Many thanks

Seiji

Hi Seiji,

Can you see what's in the "localhost_access_log.log"? What's the HTTP status code with "GET /api/login", is it 200 or 401?

You can try CURL or RESTED plugin for Firefox to log in. Please remember to use the MDM password, not gateway one.

Cheers,

Pawel

Hi Pawel

In the "localhost_access_log.log" we can see the 2 logs below.

"GET /api/login HTTP/1.1" 428 -

"GET /api/types/Domain/instances/getByName::default HTTP/1.1" 401 -

I tried a CURL command below.

curl -k -v --basic --user admin: https:// /api/login

and the response has

--------------

HTTP/1.1 428 Precondition Required

...

Connection #0 to host 10.X.X.X left intact {"message":"","httpStatusCode":428,"errorCode":0,"certificate":{"Serial Number":"1","Subject":"OU=ASD, O=EMC, C=US, ST=Massachusetts, L=Hopkinton, CN=XXX, GIVENNAME=MDM","Signature Algorithm":"SHA1withRSA","Signature":"[XXX","Issuer":"OU=ASD, O=EMC, C=US, ST=Massachusetts, L=Hopkinton, CN=XXX, GIVENNAME=MDM","Valid-From":"Tue Sep 06 20:14:10 JST 2016","Valid-To":"Sat Sep 05 21:14:10 JST 2026","Key-Usage":"Not Available","Public Key":"[XXX","Thumbprint Algorithm":"SHA-1","Thumbprint":"XXX"},"typeOfError":"SERVER_CERTIFICATE_NOT_TRUSTED"}

--------------

We are sure to use the right password, but whatever words we use as for the password the response is same.

So this looks like an SSL cert issue before password authentication.

When we try the CURL command using the gateway with that we installed the ScaleIO system,

we get a key(token) in the HTTP response.

How can we have the SERVER_CERTIFICATE accepted?

Best,

Seiji

Hi Seiji,

Can you please try to log into the IM Web GUI and connect to the MDM (from the "Maintain" tab)?

That should display certificate warning and you should be able to add it to the gateway's keystore.

Many thanks,

Pawel

Hi Powel,

The SSL cert issue has been solved.

We copied the truststore,jks from the gateway with which installed the ScaleIO to the 5 new gateways and restarted them.

Now that the CURL command get a right response and cinder driver can create volumes in the ScaleIO.

*We didn't try the IM Web GUI because the Openstack controller nodes don't have GUI environment by dault.

Anyways you led us up to here.

Thank you very much.

Seiji

Hi Pawel,

I faced similar problem in VIPR->SCALEIO integration and was able to resolve it after following the steps provided by you.

Thanks a Lot

Happy to hear it helped, V!

Thanks,

Pawel