libvirt: Use specific user when probing encrypted rbd disks during extend

I0c3f14100a18107f7e416293f3d4fcc641ce5e55 introduced new logic when extending LUKSv1 encrypted rbd volumes. As part of this qemu-img is used to probe the rbd volume to determine the size of the LUKSv1 header. The URI used to point to the rbd volume did not provide a user and assumed that n-cpu/privsep would have access to the admin keyring. This isn't always the case in most environments and would result in a failure to probe the disk when the admin keyring wasn't available. This change resolves this by appending the `id:$username` option to the end of the URI provided to qemu-img using the `auth_username` found in the connection_info from Cinder. Closes-Bug: #1913575 Change-Id: Ia6d6dcdd7042f2aef6b3abeb5cd0f7525678a3b7
2021-01-28 11:21:16 +00:00 · 2021-01-28 11:21:16 +00:00 · b62a1abd61
parent b34a1ca645
commit b62a1abd61
2 changed files with 9 additions and 2 deletions
--- a/nova/tests/unit/virt/libvirt/test_driver.py
+++ b/nova/tests/unit/virt/libvirt/test_driver.py
@ -9767,6 +9767,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
            'serial': uuids.volume_id,
            'driver_volume_type': 'rbd',
            'data': {'name': 'pool/volume',
+                     'auth_enabled': 'true',
+                     'auth_username': 'username',
                     'access_mode': 'rw'}
        }
        disk_1 = mock.Mock(spec=vconfig.LibvirtConfigGuestDisk,
@ -9808,7 +9810,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,

        mock_get_encryption_metadata.assert_called_once_with(
            self.context, drvr._volume_api, uuids.volume_id, connection_info)
-        mock_qemu_img_info.assert_called_once_with('rbd:pool/volume')
+        mock_qemu_img_info.assert_called_once_with(
+            'rbd:pool/volume:id=username')

        # Assert that the Libvirt call to resize the device within the instance
        # is called with the LUKSv1 payload offset taken into account.
--- a/nova/virt/libvirt/driver.py
+++ b/nova/virt/libvirt/driver.py
@ -2097,7 +2097,11 @@ class LibvirtDriver(driver.ComputeDriver):
                if 'device_path' in connection_info['data']:
                    path = connection_info['data']['device_path']
                elif connection_info['driver_volume_type'] == 'rbd':
-                    path = 'rbd:%s' % (connection_info['data']['name'])
+                    volume_name = connection_info['data']['name']
+                    path = f"rbd:{volume_name}"
+                    if connection_info['data'].get('auth_enabled'):
+                        username = connection_info['data']['auth_username']
+                        path = f"rbd:{volume_name}:id={username}"
                else:
                    path = 'unknown'
                    raise exception.DiskNotFound(location='unknown')