diff --git a/contrib/ci/post_test_hook.sh b/contrib/ci/post_test_hook.sh index 59c250a4e8..9b21746e3d 100755 --- a/contrib/ci/post_test_hook.sh +++ b/contrib/ci/post_test_hook.sh @@ -345,21 +345,6 @@ export OS_USER_DOMAIN_NAME=$ADMIN_DOMAIN_NAME source $BASE/new/manila/contrib/ci/common.sh manila_wait_for_drivers_init $MANILA_CONF - -TCP_PORTS=(2049 111 32803 892 875 662) -UDP_PORTS=(111 32769 892 875 662) -for ipcmd in iptables ip6tables; do - # (aovchinnikov): extra rules are needed to allow instances talk to host. - sudo $ipcmd -N manila-nfs - sudo $ipcmd -I INPUT 1 -j manila-nfs - for port in ${TCP_PORTS[*]}; do - sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT - done - for port in ${UDP_PORTS[*]}; do - sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT - done -done - source $BASE/new/devstack/openrc admin admin public_net_id=$(openstack network list --name $PUBLIC_NETWORK_NAME -f value -c ID ) iniset $TEMPEST_CONFIG network public_network_id $public_net_id diff --git a/contrib/ci/pre_test_hook.sh b/contrib/ci/pre_test_hook.sh index e5566bbf20..350f7f4f48 100755 --- a/contrib/ci/pre_test_hook.sh +++ b/contrib/ci/pre_test_hook.sh @@ -47,6 +47,8 @@ echo "MANILA_SHARE_BACKEND2_NAME=PARIS" >> $localconf echo "MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=${MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE:=True}" >> $localconf +echo "MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:=False}" >> $localconf + # === Handle script arguments === # First argument is expected to be a boolean-like value for DHSS. DHSS=$1 diff --git a/devstack/plugin.sh b/devstack/plugin.sh index ad628d8281..9adb4ef4c3 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -1018,6 +1018,24 @@ function install_libraries { fi } +function allow_host_ports_for_share_mounting { + + TCP_PORTS=(2049 111 32803 892 875 662) + UDP_PORTS=(111 32769 892 875 662) + for ipcmd in iptables ip6tables; do + # (aovchinnikov): extra rules are needed to allow instances talk to + # host. + sudo $ipcmd -N manila-nfs + sudo $ipcmd -I INPUT 1 -j manila-nfs + for port in ${TCP_PORTS[*]}; do + sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT + done + for port in ${UDP_PORTS[*]}; do + sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT + done + done +} + function setup_ipv6 { # This will fail with multiple default routes and is not needed in CI @@ -1272,6 +1290,13 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then echo_summary "Update Tempest config" update_tempest + + + if [[ "$(trueorfalse False MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST)" == "True" ]]; then + echo_summary "Allowing IPv4 and IPv6 access to NAS ports on the host" + allow_host_ports_for_share_mounting + fi + fi if [[ "$1" == "unstack" ]]; then diff --git a/devstack/settings b/devstack/settings index 59808b0988..263ba6995b 100644 --- a/devstack/settings +++ b/devstack/settings @@ -158,6 +158,11 @@ MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-GENERIC1} # deprecated MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-generic2} # deprecated MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-GENERIC2} # deprecated +# Enable this option when using a storage backend that is on the same host +# as the devstack host, these iptable rules are necessary to allow mounting +# shares from the host +MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:-False} + # Options for configuration of LVM share driver SHARE_BACKING_FILE_SIZE=${SHARE_BACKING_FILE_SIZE:-8400M} SHARE_GROUP=${SHARE_GROUP:-lvm-shares} diff --git a/doc/source/contributor/samples/cephfs_local.conf b/doc/source/contributor/samples/cephfs_local.conf index d25e7137e6..97569d8276 100644 --- a/doc/source/contributor/samples/cephfs_local.conf +++ b/doc/source/contributor/samples/cephfs_local.conf @@ -36,4 +36,7 @@ MANILA_CEPH_DRIVER=cephfsnfs # CEPHFS backend options MANILA_SERVICE_IMAGE_ENABLED=False MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=False' -MANILA_CONFIGURE_DEFAULT_TYPES=True \ No newline at end of file +MANILA_CONFIGURE_DEFAULT_TYPES=True + +# Required for mounting shares +MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True diff --git a/doc/source/contributor/samples/container_local.conf b/doc/source/contributor/samples/container_local.conf index c892e17211..a5ab8e95f7 100644 --- a/doc/source/contributor/samples/container_local.conf +++ b/doc/source/contributor/samples/container_local.conf @@ -33,3 +33,6 @@ MANILA_OPTGROUP_vienna_driver_handles_share_servers=True MANILA_OPTGROUP_prague_driver_handles_share_servers=True MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=false' MANILA_CONFIGURE_DEFAULT_TYPES=True + +# Required for mounting shares +MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True diff --git a/doc/source/contributor/samples/lvm_local.conf b/doc/source/contributor/samples/lvm_local.conf index a61785a6b4..507634010f 100644 --- a/doc/source/contributor/samples/lvm_local.conf +++ b/doc/source/contributor/samples/lvm_local.conf @@ -34,3 +34,6 @@ MANILA_OPTGROUP_denver_driver_handles_share_servers=False SHARE_BACKING_FILE_SIZE=32000M MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=True create_share_from_snapshot_support=True revert_to_snapshot_support=True mount_snapshot_support=True' MANILA_CONFIGURE_DEFAULT_TYPES=True + +# Required for mounting shares +MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True diff --git a/doc/source/contributor/samples/zfsonlinux_local.conf b/doc/source/contributor/samples/zfsonlinux_local.conf index db8db895e6..f7eb80e02d 100644 --- a/doc/source/contributor/samples/zfsonlinux_local.conf +++ b/doc/source/contributor/samples/zfsonlinux_local.conf @@ -34,3 +34,6 @@ MANILA_OPTGROUP_mumbai_driver_handles_share_servers=False MANILA_REPLICA_STATE_UPDATE_INTERVAL=60 MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=True create_share_from_snapshot_support=True replication_type=readable' MANILA_CONFIGURE_DEFAULT_TYPES=True + +# Required for mounting shares +MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True diff --git a/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml b/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml index 418576f572..6d6c37d1a6 100644 --- a/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml +++ b/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml @@ -52,6 +52,7 @@ export ENABLED_SERVICES=tempest export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True # Keep localrc to be able to set some vars in pre_test_hook export KEEP_LOCALRC=1 diff --git a/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml b/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml index 7e6a7cd3a0..b89d067c29 100644 --- a/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml +++ b/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml @@ -51,6 +51,7 @@ export KEEP_LOCALRC=1 export PROJECTS="openstack/manila-tempest-plugin $PROJECTS" export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True export DEVSTACK_GATE_USE_PYTHON3=True diff --git a/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml b/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml index e091f9cc5a..0d14bca245 100644 --- a/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml +++ b/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml @@ -51,6 +51,7 @@ export KEEP_LOCALRC=1 export PROJECTS="openstack/manila-tempest-plugin $PROJECTS" export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True export DEVSTACK_GATE_USE_PYTHON3=True diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml index b3776a4b54..a48cf67d05 100644 --- a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml +++ b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml @@ -103,6 +103,7 @@ export KEEP_LOCALRC=1 export PROJECTS="openstack/manila-tempest-plugin $PROJECTS" export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest export OVERRIDE_ENABLED_SERVICES diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml index 8ce783ff84..8205e05c20 100644 --- a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml +++ b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml @@ -65,6 +65,7 @@ export DEVSTACK_GATE_NEUTRON=1 export DEVSTACK_PROJECT_FROM_GIT="python-manilaclient" export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True export MANILA_SETUP_IPV6=True export RUN_MANILA_IPV6_TESTS=True diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run-ipv6.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run-ipv6.yaml index acbc3bc00f..aa17f4472c 100644 --- a/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run-ipv6.yaml +++ b/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run-ipv6.yaml @@ -51,6 +51,7 @@ export MANILA_SETUP_IPV6=True export RUN_MANILA_IPV6_TESTS=True export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True # Basic services needed for minimal job OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run.yaml index 4f423586dc..d7f363ef24 100644 --- a/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run.yaml +++ b/playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run.yaml @@ -49,6 +49,7 @@ export MANILA_SETUP_IPV6=True export RUN_MANILA_IPV6_TESTS=True export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False + export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True # Basic services needed for minimal job OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest