From 5d1adb2604de37ad6717a604b87d9fbaf35f0999 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Thu, 28 Jan 2021 11:21:16 +0000 Subject: [PATCH] libvirt: Use specific user when probing encrypted rbd disks during extend I0c3f14100a18107f7e416293f3d4fcc641ce5e55 introduced new logic when extending LUKSv1 encrypted rbd volumes. As part of this qemu-img is used to probe the rbd volume to determine the size of the LUKSv1 header. The URI used to point to the rbd volume did not provide a user and assumed that n-cpu/privsep would have access to the admin keyring. This isn't always the case in most environments and would result in a failure to probe the disk when the admin keyring wasn't available. This change resolves this by appending the `id:$username` option to the end of the URI provided to qemu-img using the `auth_username` found in the connection_info from Cinder. Closes-Bug: #1913575 Change-Id: Ia6d6dcdd7042f2aef6b3abeb5cd0f7525678a3b7 (cherry picked from commit b62a1abd616cea7fdfcad18e1cf548767d67b6dd) --- nova/tests/unit/virt/libvirt/test_driver.py | 5 ++++- nova/virt/libvirt/driver.py | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index 291679e8f298..93e3c7c13e99 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -10017,6 +10017,8 @@ class LibvirtConnTestCase(test.NoDBTestCase, 'serial': uuids.volume_id, 'driver_volume_type': 'rbd', 'data': {'name': 'pool/volume', + 'auth_enabled': 'true', + 'auth_username': 'username', 'access_mode': 'rw'} } disk_1 = mock.Mock(spec=vconfig.LibvirtConfigGuestDisk, @@ -10058,7 +10060,8 @@ class LibvirtConnTestCase(test.NoDBTestCase, mock_get_encryption_metadata.assert_called_once_with( self.context, drvr._volume_api, uuids.volume_id, connection_info) - mock_qemu_img_info.assert_called_once_with('rbd:pool/volume') + mock_qemu_img_info.assert_called_once_with( + 'rbd:pool/volume:id=username') # Assert that the Libvirt call to resize the device within the instance # is called with the LUKSv1 payload offset taken into account. diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index f3791204e40a..e79d5e135813 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -2150,7 +2150,11 @@ class LibvirtDriver(driver.ComputeDriver): if 'device_path' in connection_info['data']: path = connection_info['data']['device_path'] elif connection_info['driver_volume_type'] == 'rbd': - path = 'rbd:%s' % (connection_info['data']['name']) + volume_name = connection_info['data']['name'] + path = f"rbd:{volume_name}" + if connection_info['data'].get('auth_enabled'): + username = connection_info['data']['auth_username'] + path = f"rbd:{volume_name}:id={username}" else: path = 'unknown' raise exception.DiskNotFound(location='unknown')