LIO iSCSI initiator ACL auto-config

Currently, IQNs of remote nova compute nodes must be specified in cinder.conf for them to be added to LIO's ACLs for LUNs. This change will handle this at volume-attach time instead. Change-Id: I278ce737042b15bd4d100d331564c1377bac0c55
2013-02-28 18:14:11 -05:00 · 2013-02-28 18:14:11 -05:00 · 67dd248bcb
parent af5d4b3235
commit 67dd248bcb
4 changed files with 71 additions and 2 deletions
--- a/bin/cinder-rtstool
+++ b/bin/cinder-rtstool
@ -78,7 +78,7 @@ def create(backing_device, name, userid, password, initiator_iqns=None):
    acl_new.chap_userid = userid
    acl_new.chap_password = password

-    m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+    rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)

    if initiator_iqns:
        initiator_iqns = initiator_iqns.strip(' ')
@ -87,7 +87,7 @@ def create(backing_device, name, userid, password, initiator_iqns=None):
            acl_new.chap_userid = userid
            acl_new.chap_password = password

-            m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+            rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)

    tpg_new.enable = 1

@ -105,6 +105,36 @@ def create(backing_device, name, userid, password, initiator_iqns=None):
        pass


+def add_initiator(target_iqn, initiator_iqn, userid, password):
+    try:
+        rtsroot = rtslib.root.RTSRoot()
+    except rtslib.utils.RTSLibError:
+        print _('Ensure that configfs is mounted at /sys/kernel/config.')
+        raise
+
+    # Look for the target
+    target = None
+    for t in rtsroot.targets:
+        if t.dump()['wwn'] == target_iqn:
+            target = t
+            break
+    if target == None:
+        raise RtstoolError(_('Could not find target %s') % target_iqn)
+
+    tpg = target.tpgs.next()  # get the first one
+    for acl in tpg.dump()['node_acls']:
+        # See if this ACL configuration already exists
+        if acl['node_wwn'] == initiator_iqn:
+            # No further action required
+            return
+
+    acl_new = rtslib.NodeACL(tpg, initiator_iqn, mode='create')
+    acl_new.chap_userid = userid
+    acl_new.chap_password = password
+
+    rtslib.MappedLUN(acl_new, 0, tpg_lun=0)
+
+
 def get_targets():
    rtsroot = rtslib.root.RTSRoot()
    for x in rtsroot.targets:
@ -139,6 +169,8 @@ def usage():
    print sys.argv[0], \
        "create [device] [name] [userid] [password]", \
        "<initiator_iqn,iqn2,iqn3,...>"
+    print sys.argv[0], \
+        "add-initiator [target_iqn] [userid] [password] [initiator_iqn]"
    print sys.argv[0], "get-targets"
    print sys.argv[0], "delete [iqn]"
    print sys.argv[0], "verify"
@ -170,6 +202,17 @@ def main(argv=None):

        create(backing_device, name, userid, password, initiator_iqns)

+    elif argv[1] == 'add-initiator':
+        if len(argv) < 6:
+            usage()
+
+        target_iqn = argv[2]
+        userid = argv[3]
+        password = argv[4]
+        initiator_iqn = argv[5]
+
+        add_initiator(target_iqn, initiator_iqn, userid, password)
+
    elif argv[1] == 'get-targets':
        get_targets()

--- a/cinder/exception.py
+++ b/cinder/exception.py
@ -307,6 +307,10 @@ class ISCSITargetCreateFailed(CinderException):
    message = _("Failed to create iscsi target for volume %(volume_id)s.")


+class ISCSITargetAttachFailed(CinderException):
+    message = _("Failed to attach iSCSI target for volume %(volume_id)s.")
+
+
 class ISCSITargetRemoveFailed(CinderException):
    message = _("Failed to remove iscsi target for volume %(volume_id)s.")

--- a/cinder/volume/driver.py
+++ b/cinder/volume/driver.py
@ -333,6 +333,9 @@ class ISCSIDriver(VolumeDriver):

        """

+        if self.configuration.iscsi_helper == 'lioadm':
+            self.tgtadm.initialize_connection(volume, connector)
+
        iscsi_properties = self._get_iscsi_properties(volume)
        return {
            'driver_volume_type': 'iscsi',
--- a/cinder/volume/iscsi.py
+++ b/cinder/volume/iscsi.py
@ -416,6 +416,25 @@ class LioAdm(TargetAdmin):
        if tid is None:
            raise exception.NotFound()

+    def initialize_connection(self, volume, connector):
+        volume_iqn = volume['provider_location'].split(' ')[1]
+
+        (auth_method, auth_user, auth_pass) = \
+            volume['provider_auth'].split(' ', 3)
+
+        # Add initiator iqns to target ACL
+        try:
+            self._execute('cinder-rtstool', 'add-initiator',
+                          volume_iqn,
+                          auth_user,
+                          auth_pass,
+                          connector['initiator'],
+                          run_as_root=True)
+        except exception.ProcessExecutionError as e:
+            LOG.error(_("Failed to add initiator iqn %s to target") %
+                      connector['initiator'])
+            raise exception.ISCSITargetAttachFailed(volume_id=volume['id'])
+

 def get_target_admin():
    if FLAGS.iscsi_helper == 'tgtadm':