openstack
/
cinder
Code Issues Proposed changes

Remove VxFlex OS credentials from connection_properties 

VxFlex OS password is not stored in block_device_mapping table. Instead of this
passwords are stored in separate file and are retrieved during each attach/detach
operation.

Closes-Bug: #1823200
Change-Id: I3f6bfe360491c295bdb81008c31ad2d4e3305736
This commit is contained in:
Ivan Pchelintsev 2020-06-01 12:00:50 +03:00 committed by Brian Rosmaita
parent d555fb6ea4
commit 25ed65f1fa
5 changed files with 76 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cinder/volume/drivers/dell_emc/scaleio/driver.py
View File

@ -152,9 +152,10 @@ class ScaleIODriver(driver.VolumeDriver):
2.0.2: Added consistency group support to generic volume groups 2.0.2: Added consistency group support to generic volume groups
2.0.3: Added cache for storage pool and protection domains info 2.0.3: Added cache for storage pool and protection domains info
2.0.4: Added compatibility with os_brick>1.15.3 2.0.4: Added compatibility with os_brick>1.15.3
2.0.4.1: Fix for Bug #1823200. See OSSN-0086 for details.
""" """
VERSION = "2.0.4" VERSION = "2.0.4.1"
# ThirdPartySystems wiki # ThirdPartySystems wiki
CI_WIKI_NAME = "DELL_EMC_ScaleIO_CI" CI_WIKI_NAME = "DELL_EMC_ScaleIO_CI"
@ -228,8 +229,7 @@ class ScaleIODriver(driver.VolumeDriver):
'serverIP': self.server_ip, 'serverIP': self.server_ip,
'serverPort': self.server_port, 'serverPort': self.server_port,
'serverUsername': self.server_username, 'serverUsername': self.server_username,
'serverPassword': self.server_password, 'config_group': self.configuration.config_group,
'serverToken': self.server_token,
'iopsLimit': None, 'iopsLimit': None,
'bandwidthLimit': None, 'bandwidthLimit': None,
} }

49
doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst
View File

@ -211,6 +211,33 @@ parameters as follows:
san_password = SIO_PASSWD san_password = SIO_PASSWD
san_thin_provision = false san_thin_provision = false
Connector configuration
~~~~~~~~~~~~~~~~~~~~~~~
Before using attach/detach volume operations VxFlex OS connector must be
properly configured. On each node where VxFlex OS SDC is installed do the
following:
#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not
exist.
.. code-block:: console
$ mkdir -p /opt/emc/scaleio/openstack
$ touch /opt/emc/scaleio/openstack/connector.conf
#. For each VxFlex OS section in the ``cinder.conf`` create the same section in
the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with
passwords. Example:
.. code-block:: ini
[vxflexos]
san_password = SIO_PASSWD
[vxflexos-new]
san_password = SIO2_PASSWD
.. _cg_configuration_options_emc: .. _cg_configuration_options_emc:
Configuration options Configuration options
@ -301,6 +328,22 @@ is attached to an instance, and thus to a compute node/SDC.
Using VxFlex OS Storage with a containerized overcloud Using VxFlex OS Storage with a containerized overcloud
------------------------------------------------------ ------------------------------------------------------
When using a containerized overcloud, such as one deployed via TripleO or #. Create a file with below contents:
Red Hat OpenStack version 13 and above, install the Storage Data Client
(SDC) on all nodes after deploying the overcloud. .. code-block:: yaml
parameter_defaults:
NovaComputeOptVolumes:
- /opt/emc/scaleio:/opt/emc/scaleio
CinderVolumeOptVolumes:
- /opt/emc/scaleio:/opt/emc/scaleio
GlanceApiOptVolumes:
- /opt/emc/scaleio:/opt/emc/scaleio
Name it whatever you like, e.g. ``vxflexos_volumes.yml``.
#. Use ``-e`` to include this customization file to deploy command.
#. Install the Storage Data Client (SDC) on all nodes after deploying
the overcloud.

2
lower-constraints.txt
View File

@ -64,7 +64,7 @@ networkx==1.11
oauth2client==1.5.0 oauth2client==1.5.0
openstackdocstheme==1.20.0 openstackdocstheme==1.20.0
os-api-ref==1.4.0 os-api-ref==1.4.0
os-brick==2.2.0 os-brick==2.8.5
os-client-config==1.29.0 os-client-config==1.29.0
os-win==3.0.0 os-win==3.0.0
oslo.cache==1.29.0 oslo.cache==1.29.0

25
releasenotes/notes/bug-1823200-stein-e2d29dacf4cbfdd6.yaml Normal file
View File

@ -0,0 +1,25 @@
---
upgrade:
- |
The fix for `Bug #1823200
<https://bugs.launchpad.net/cinder/+bug/1823200>`_ requires
``os-brick`` >= 2.8.5 but < 2.9.0.
security:
- |
Dell EMC VxFlex OS driver: This release contains a fix for
`Bug #1823200 <https://bugs.launchpad.net/cinder/+bug/1823200>`_.
See `OSSN-0086 <https://wiki.openstack.org/wiki/OSSN/OSSN-0086>`_
for details.
fixes:
- |
`Bug #1823200 <https://bugs.launchpad.net/cinder/+bug/1823200>`_:
This release contains an updated Dell EMC VxFlex OS driver. It must
be used with ``os-brick`` >= 2.8.5 but < 2.9.0.
and requires that a new configuration file be deployed on compute
nodes, cinder nodes, and anywhere you would perform a volume attachment
in your deployment.
See the `Dell EMC VxFlex OS (ScaleIO) Storage driver
<https://docs.openstack.org/cinder/stein/configuration/block-storage/drivers/dell-emc-vxflex-driver.html>`_
documentation for details about the configuration file, and see
`OSSN-0086 <https://wiki.openstack.org/wiki/OSSN/OSSN-0086>`_ for
more information about the security vulnerability.

2
requirements.txt
View File

@ -58,7 +58,7 @@ suds-jurko>=0.6 # LGPLv3+
WebOb>=1.7.1 # MIT WebOb>=1.7.1 # MIT
oslo.i18n>=3.15.3 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0
oslo.vmware>=2.17.0 # Apache-2.0 oslo.vmware>=2.17.0 # Apache-2.0
os-brick>=2.2.0 # Apache-2.0 os-brick>=2.8.5 # Apache-2.0
os-win>=3.0.0 # Apache-2.0 os-win>=3.0.0 # Apache-2.0
tooz>=1.58.0 # Apache-2.0 tooz>=1.58.0 # Apache-2.0
google-api-python-client>=1.4.2 # Apache-2.0 google-api-python-client>=1.4.2 # Apache-2.0