Remove VxFlex OS credentials from connection_properties

VxFlex OS password is not stored in block_device_mapping table. Instead of this passwords are stored in separate file and are retrieved during each attach/detach operation. Closes-Bug: #1823200 Change-Id: Ie9c41f37ab5c186b9f9aa92539a363d0b2388035
2020-06-01 11:50:01 +03:00 · 2020-06-01 11:50:01 +03:00 · aadf0950c9
parent adecc81986
commit aadf0950c9
5 changed files with 76 additions and 8 deletions
--- a/cinder/volume/drivers/dell_emc/vxflexos/driver.py
+++ b/cinder/volume/drivers/dell_emc/vxflexos/driver.py
@ -89,9 +89,10 @@ class VxFlexOSDriver(driver.VolumeDriver):
          2.0.4 - Added compatibility with os_brick>1.15.3
          2.0.5 - Change driver name, rename config file options
          3.0.0 - Add support for VxFlex OS 3.0.x and for volumes compression
+          3.0.0.1 - Fix for Bug #1823200. See OSSN-0086 for details.
    """

-    VERSION = "3.0.0"
+    VERSION = "3.0.0.1"
    # ThirdPartySystems wiki
    CI_WIKI_NAME = "DELL_EMC_ScaleIO_CI"

@ -159,8 +160,7 @@ class VxFlexOSDriver(driver.VolumeDriver):
            'serverIP': self.server_ip,
            'serverPort': self.server_port,
            'serverUsername': self.server_username,
-            'serverPassword': self.server_password,
-            'serverToken': self.server_token,
+            'config_group': self.configuration.config_group,
            'iopsLimit': None,
            'bandwidthLimit': None,
        }
--- a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst
+++ b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst
@ -212,6 +212,33 @@ parameters as follows:
   san_password = SIO_PASSWD
   san_thin_provision = false

+Connector configuration
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Before using attach/detach volume operations VxFlex OS connector must be
+properly configured. On each node where VxFlex OS SDC is installed do the
+following:
+
+#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not
+   exist.
+
+   .. code-block:: console
+
+     $ mkdir -p /opt/emc/scaleio/openstack
+     $ touch /opt/emc/scaleio/openstack/connector.conf
+
+#. For each VxFlex OS section in the ``cinder.conf`` create the same section in
+   the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with
+   passwords. Example:
+
+   .. code-block:: ini
+
+      [vxflexos]
+      san_password = SIO_PASSWD
+
+      [vxflexos-new]
+      san_password = SIO2_PASSWD
+
 .. _cg_configuration_options_emc:

 Configuration options
@ -343,6 +370,22 @@ limit volumes allocation only to data pools which supports compression.
 Using VxFlex OS Storage with a containerized overcloud
 ------------------------------------------------------

-When using a containerized overcloud, such as one deployed via TripleO or
-Red Hat OpenStack version 13 and above, install the Storage Data Client
-(SDC) on all nodes after deploying the overcloud.
+#. Create a file with below contents:
+
+   .. code-block:: yaml
+
+      parameter_defaults:
+        NovaComputeOptVolumes:
+          - /opt/emc/scaleio:/opt/emc/scaleio
+        CinderVolumeOptVolumes:
+          - /opt/emc/scaleio:/opt/emc/scaleio
+        GlanceApiOptVolumes:
+          - /opt/emc/scaleio:/opt/emc/scaleio
+
+
+   Name it whatever you like, e.g. ``vxflexos_volumes.yml``.
+
+#. Use ``-e`` to include this customization file to deploy command.
+
+#. Install the Storage Data Client (SDC) on all nodes after deploying
+   the overcloud.
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -65,7 +65,7 @@ networkx==1.11
 oauth2client==1.5.0
 openstackdocstheme==1.20.0
 os-api-ref==1.4.0
-os-brick==2.2.0
+os-brick==2.10.3
 os-client-config==1.29.0
 os-win==3.0.0
 oslo.cache==1.29.0
--- a/releasenotes/notes/bug-1823200-train-58d84b7a0530594f.yaml
+++ b/releasenotes/notes/bug-1823200-train-58d84b7a0530594f.yaml
@ -0,0 +1,25 @@
+---
+upgrade:
+  - |
+    The fix for `Bug #1823200
+    <https://bugs.launchpad.net/cinder/+bug/1823200>`_ requires
+    ``os-brick`` >= 2.10.3 but < 2.11.0.
+security:
+  - |
+    Dell EMC VxFlex OS driver: This release contains a fix for
+    `Bug #1823200 <https://bugs.launchpad.net/cinder/+bug/1823200>`_.
+    See `OSSN-0086 <https://wiki.openstack.org/wiki/OSSN/OSSN-0086>`_
+    for details.
+fixes:
+  - |
+    `Bug #1823200 <https://bugs.launchpad.net/cinder/+bug/1823200>`_:
+    This release contains an updated Dell EMC VxFlex OS driver.  It must
+    be used with ``os-brick`` >= 2.10.3 but < 2.11.0.
+    and requires that a new configuration file be deployed on compute
+    nodes, cinder nodes, and anywhere you would perform a volume attachment
+    in your deployment.
+    See the `Dell EMC VxFlex OS (ScaleIO) Storage driver
+    <https://docs.openstack.org/cinder/train/configuration/block-storage/drivers/dell-emc-vxflex-driver.html>`_
+    documentation for details about the configuration file, and see
+    `OSSN-0086 <https://wiki.openstack.org/wiki/OSSN/OSSN-0086>`_ for
+    more information about the security vulnerability.
--- a/requirements.txt
+++ b/requirements.txt
@ -58,7 +58,7 @@ suds-jurko>=0.6 # LGPLv3+
 WebOb>=1.7.1 # MIT
 oslo.i18n>=3.15.3 # Apache-2.0
 oslo.vmware>=2.17.0 # Apache-2.0
-os-brick>=2.2.0 # Apache-2.0
+os-brick>=2.10.3 # Apache-2.0
 os-win>=3.0.0 # Apache-2.0
 tooz>=1.58.0 # Apache-2.0
 google-api-python-client>=1.4.2 # Apache-2.0