rootwrap: update ln --symbolic filter for FS and FC type volume drivers
Cinder change I03f8cae05cc117e14f7482115de685fc9f3fa54a sets the 'encrypted' key for all cinder volume drivers connection_info. When run through the encrypted volume tests in Tempest, this hits the encryption providers in Nova that fail for certain types of volume drivers, like file system and fibre channel, due to the rootwrap filter not matching. This change updates the symbolic link rootwrap filter so it works with file system and fibre channel type volume backends rather than just iSCSI. The /dev/mapper/ prefix is always set in the encryptor modules, so that can remain as before. The symbolic link path is a complete wildcard, however, because the file system volume backends all have a configurable option for the mount path prefix, which defaults to $state_path/mnt but may not be that value. An example call for NFS: ln --symbolic --force \ /dev/mapper/volume-f5684ecc-959f-4de8-8d62-a8adf4bdb4cc \ /opt/stack/data/nova/mnt/21dd48babac42ae884d1192b8697a041/\ volume-f5684ecc-959f-4de8-8d62-a8adf4bdb4cc An example call for fibre channel: ln --symbolic --force \ /dev/mapper/pci-0000:06:00.0-fc-0x5006016508603f9f-lun-151 \ /dev/disk/by-path/pci-0000:06:00.0-fc-0x5006016508603f9f-lun-151 This change also updates the sg_info and sgscan entries to reference the correct module since those are not called from nova.virt.libvirt.volume anymore. Closes-Bug: #1470142 Related-Bug: #1440227 Change-Id: I181b594a3119f7ad74c595fc7059d521079b1d74
This commit is contained in:
parent
e4e16e9077
commit
0facd1f89e
|
@ -209,10 +209,15 @@ multipath: CommandFilter, multipath, root
|
|||
# nova/virt/libvirt/utils.py:
|
||||
systool: CommandFilter, systool, root
|
||||
|
||||
# nova/virt/libvirt/volume.py:
|
||||
# nova/storage/linuxscsi.py: sginfo -r
|
||||
sginfo: CommandFilter, sginfo, root
|
||||
|
||||
# nova/storage/linuxscsi.py: sg_scan device
|
||||
sg_scan: CommandFilter, sg_scan, root
|
||||
ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.*, /dev/disk/by-path/ip-.*-iscsi-iqn.*
|
||||
|
||||
# nova/volume/encryptors/cryptsetup.py:
|
||||
# nova/volume/encryptors/luks.py:
|
||||
ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/.*, .*
|
||||
|
||||
# nova/volume/encryptors.py:
|
||||
# nova/virt/libvirt/dmcrypt.py:
|
||||
|
|
Loading…
Reference in New Issue