libvirt: cleanup network volume driver auth config
The LibvirtNetVolumeDriver is handling both rbd and sheepdog (iscsi) connections. The auth config logic is mingling both backends which is really confusing. For example, the iscsi protocol only defines auth_method, auth_username and auth_password. It does not set an auth_enabled value in the connection_info['data'] dict. This change simplifies the logic involved for setting the auth config by decoupling the rbd/iscsi handlers. A follow-up change will build on this to fix the rbd auth config to prefer the cinder volume connection_info auth data over the local config for nova in the case that different cinder backends are used for ephemeral and block storage. Change-Id: I8a55d87f75ecad757ce81b1f5f77c3a551154a17 Partial-Bug: #1635008
This commit is contained in:
parent
c009d882e8
commit
5595b4613a
@ -50,6 +50,28 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
|
||||
netdisk_properties)
|
||||
self.host.delete_secret(usage_type, usage_name)
|
||||
|
||||
def _set_auth_config_rbd(self, conf, netdisk_properties):
|
||||
auth_enabled = netdisk_properties.get('auth_enabled')
|
||||
if CONF.libvirt.rbd_secret_uuid:
|
||||
conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
|
||||
auth_enabled = True # Force authentication locally
|
||||
if CONF.libvirt.rbd_user:
|
||||
conf.auth_username = CONF.libvirt.rbd_user
|
||||
if auth_enabled:
|
||||
conf.auth_username = (conf.auth_username or
|
||||
netdisk_properties['auth_username'])
|
||||
conf.auth_secret_type = (conf.auth_secret_type or
|
||||
netdisk_properties['secret_type'])
|
||||
conf.auth_secret_uuid = (conf.auth_secret_uuid or
|
||||
netdisk_properties['secret_uuid'])
|
||||
|
||||
def _set_auth_config_iscsi(self, conf, netdisk_properties):
|
||||
if netdisk_properties.get('auth_method') == 'CHAP':
|
||||
conf.auth_secret_type = 'iscsi'
|
||||
password = netdisk_properties.get('auth_password')
|
||||
conf.auth_secret_uuid = self._get_secret_uuid(conf, password)
|
||||
conf.auth_username = netdisk_properties['auth_username']
|
||||
|
||||
def get_config(self, connection_info, disk_info):
|
||||
"""Returns xml for libvirt."""
|
||||
conf = super(LibvirtNetVolumeDriver,
|
||||
@ -61,14 +83,9 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
|
||||
conf.source_name = netdisk_properties.get('name')
|
||||
conf.source_hosts = netdisk_properties.get('hosts', [])
|
||||
conf.source_ports = netdisk_properties.get('ports', [])
|
||||
auth_enabled = netdisk_properties.get('auth_enabled')
|
||||
if (conf.source_protocol == 'rbd' and
|
||||
CONF.libvirt.rbd_secret_uuid):
|
||||
conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
|
||||
auth_enabled = True # Force authentication locally
|
||||
if CONF.libvirt.rbd_user:
|
||||
conf.auth_username = CONF.libvirt.rbd_user
|
||||
if conf.source_protocol == 'iscsi':
|
||||
if conf.source_protocol == 'rbd':
|
||||
self._set_auth_config_rbd(conf, netdisk_properties)
|
||||
elif conf.source_protocol == 'iscsi':
|
||||
try:
|
||||
conf.source_name = ("%(target_iqn)s/%(target_lun)s" %
|
||||
netdisk_properties)
|
||||
@ -81,18 +98,7 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
|
||||
raise exception.NovaException(_("Invalid target_lun"))
|
||||
conf.source_hosts = [ip]
|
||||
conf.source_ports = [port]
|
||||
if netdisk_properties.get('auth_method') == 'CHAP':
|
||||
auth_enabled = True
|
||||
conf.auth_secret_type = 'iscsi'
|
||||
password = netdisk_properties.get('auth_password')
|
||||
conf.auth_secret_uuid = self._get_secret_uuid(conf, password)
|
||||
if auth_enabled:
|
||||
conf.auth_username = (conf.auth_username or
|
||||
netdisk_properties['auth_username'])
|
||||
conf.auth_secret_type = (conf.auth_secret_type or
|
||||
netdisk_properties['secret_type'])
|
||||
conf.auth_secret_uuid = (conf.auth_secret_uuid or
|
||||
netdisk_properties['secret_uuid'])
|
||||
self._set_auth_config_iscsi(conf, netdisk_properties)
|
||||
return conf
|
||||
|
||||
def disconnect_volume(self, connection_info, disk_dev):
|
||||
|
Loading…
Reference in New Issue
Block a user