Ensure rbd auth fallback uses matching credentials

As of Ocata, cinder config is preferred for rbd auth values with a fallback to nova values [1]. The fallback path, for the case when rbd_user is configured in cinder.conf and rbd_secret_uuid is not configured in cinder.conf, results in the mismatched use of cinder rbd_user with nova rbd_secret_uuid. This fixes that fallback path to use nova rbd_user from nova.conf with rbd_secret_uuid from nova.conf. [1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3 Thanks to David Ames for this fix. Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d Co-Authored-By: David Ames <david.ames@canonical.com> Closes-Bug: #1809454 (cherry picked from commit 47b7c4f3cc582bf463fd0c796df84736a0074f48) (cherry picked from commit f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04) (cherry picked from commit accef50f9648dc40f1a6f457f83f5359e9dd2a24) (cherry picked from commit a7e25aa3d2088e2726988c03e84b3b5ea47bfb7e)
2018-12-21 08:23:32 -05:00 · 2018-12-21 08:23:32 -05:00 · 779e58e976
commit 779e58e976
parent 8c663dbd25
2 changed files with 7 additions and 3 deletions
--- a/nova/tests/unit/virt/libvirt/volume/test_net.py
+++ b/nova/tests/unit/virt/libvirt/volume/test_net.py
@ -145,7 +145,8 @@ class LibvirtNetVolumeDriverTestCase(
        secret_uuid wasn't set on the cinder side for the original connection
        which is now persisted in the
        nova.block_device_mappings.connection_info column and used here. In
-        this case we fallback to use the local config for secret_uuid.
+        this case we fallback to use the local config for secret_uuid and
+        username.
        """
        libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host)
        connection_info = self.rbd_connection(self.vol)
@ -165,7 +166,7 @@ class LibvirtNetVolumeDriverTestCase(
        conf = libvirt_driver.get_config(connection_info, self.disk_info)
        tree = conf.format_dom()
        self._assertNetworkAndProtocolEquals(tree)
-        self.assertEqual(self.user, tree.find('./auth').get('username'))
+        self.assertEqual(flags_user, tree.find('./auth').get('username'))
        self.assertEqual(secret_type, tree.find('./auth/secret').get('type'))
        # Assert that the secret_uuid comes from CONF.libvirt.rbd_secret_uuid.
        self.assertEqual(flags_uuid, tree.find('./auth/secret').get('uuid'))
--- a/nova/virt/libvirt/volume/net.py
+++ b/nova/virt/libvirt/volume/net.py
@ -69,8 +69,11 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
            if netdisk_properties['secret_uuid'] is not None:
                conf.auth_secret_uuid = netdisk_properties['secret_uuid']
            else:
+                # If we're using the rbd_secret_uuid from nova.conf we need to
+                # use the rbd_user from nova.conf as well.
                LOG.debug('Falling back to Nova configuration for RBD auth '
-                          'secret_uuid value.')
+                          'secret_uuid and username values.')
+                conf.auth_username = CONF.libvirt.rbd_user
                conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
            # secret_type is always hard-coded to 'ceph' in cinder
            conf.auth_secret_type = netdisk_properties['secret_type']