openstack/nova
Code Issues Proposed changes

libvirt: cleanup network volume driver auth config

Browse Source 
The LibvirtNetVolumeDriver is handling both rbd and
sheepdog (iscsi) connections. The auth config logic
is mingling both backends which is really confusing.

For example, the iscsi protocol only defines auth_method,
auth_username and auth_password. It does not set an
auth_enabled value in the connection_info['data'] dict.

This change simplifies the logic involved for setting
the auth config by decoupling the rbd/iscsi handlers.

A follow-up change will build on this to fix the
rbd auth config to prefer the cinder volume connection_info
auth data over the local config for nova in the case
that different cinder backends are used for ephemeral
and block storage.

Change-Id: I8a55d87f75ecad757ce81b1f5f77c3a551154a17
Partial-Bug: #1635008
This commit is contained in:
Matt Riedemann 2016-10-20 19:05:53 -04:00
parent c009d882e8
commit 5595b4613a
1 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
nova/virt/libvirt/volume/net.py
View File

@ -50,6 +50,28 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
netdisk_properties)
self.host.delete_secret(usage_type, usage_name)
def _set_auth_config_rbd(self, conf, netdisk_properties):
auth_enabled = netdisk_properties.get('auth_enabled')
if CONF.libvirt.rbd_secret_uuid:
conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
auth_enabled = True # Force authentication locally
if CONF.libvirt.rbd_user:
conf.auth_username = CONF.libvirt.rbd_user
if auth_enabled:
conf.auth_username = (conf.auth_username or
netdisk_properties['auth_username'])
conf.auth_secret_type = (conf.auth_secret_type or
netdisk_properties['secret_type'])
conf.auth_secret_uuid = (conf.auth_secret_uuid or
netdisk_properties['secret_uuid'])
def _set_auth_config_iscsi(self, conf, netdisk_properties):
if netdisk_properties.get('auth_method') == 'CHAP':
conf.auth_secret_type = 'iscsi'
password = netdisk_properties.get('auth_password')
conf.auth_secret_uuid = self._get_secret_uuid(conf, password)
conf.auth_username = netdisk_properties['auth_username']
def get_config(self, connection_info, disk_info):
"""Returns xml for libvirt."""
conf = super(LibvirtNetVolumeDriver,
@ -61,14 +83,9 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
conf.source_name = netdisk_properties.get('name')
conf.source_hosts = netdisk_properties.get('hosts', [])
conf.source_ports = netdisk_properties.get('ports', [])
auth_enabled = netdisk_properties.get('auth_enabled')
if (conf.source_protocol == 'rbd' and
CONF.libvirt.rbd_secret_uuid):
conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
auth_enabled = True # Force authentication locally
if CONF.libvirt.rbd_user:
conf.auth_username = CONF.libvirt.rbd_user
if conf.source_protocol == 'iscsi':
if conf.source_protocol == 'rbd':
self._set_auth_config_rbd(conf, netdisk_properties)
elif conf.source_protocol == 'iscsi':
try:
conf.source_name = ("%(target_iqn)s/%(target_lun)s" %
netdisk_properties)
@ -81,18 +98,7 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
raise exception.NovaException(_("Invalid target_lun"))
conf.source_hosts = [ip]
conf.source_ports = [port]
if netdisk_properties.get('auth_method') == 'CHAP':
auth_enabled = True
conf.auth_secret_type = 'iscsi'
password = netdisk_properties.get('auth_password')
conf.auth_secret_uuid = self._get_secret_uuid(conf, password)
if auth_enabled:
conf.auth_username = (conf.auth_username or
netdisk_properties['auth_username'])
conf.auth_secret_type = (conf.auth_secret_type or
netdisk_properties['secret_type'])
conf.auth_secret_uuid = (conf.auth_secret_uuid or
netdisk_properties['secret_uuid'])
self._set_auth_config_iscsi(conf, netdisk_properties)
return conf
def disconnect_volume(self, connection_info, disk_dev):