Merge "Dell PowerFlex: Fix san_username rotation"

2026-03-19 14:47:44 +00:00
parent b184ddcf91 4dfb184c3c
commit cbc156ab2c
4 changed files with 48 additions and 13 deletions
@@ -91,20 +91,20 @@ class ScaleIOConnector(base.BaseLinuxConnector):
            LOG.debug(msg)

    @staticmethod
-    def _get_password_token(connection_properties):
+    def _get_username_and_password_token(connection_properties):
        # In old connection format we had the password and token in properties
        if 'serverPassword' in connection_properties:
-            return (connection_properties['serverPassword'],
+            return (None, connection_properties['serverPassword'],
                    connection_properties['serverToken'])

        # The new format reads password from file and doesn't have the token
        LOG.info("Get ScaleIO connector password from configuration file")
        try:
-            password = priv_scaleio.get_connector_password(
+            username, password = priv_scaleio.get_connector_username_password(
                CONNECTOR_CONF_PATH,
                connection_properties['config_group'],
                connection_properties.get('failed_over', False))
-            return password, None
+            return username, password, None
        except Exception as e:
            msg = _("Error getting ScaleIO connector password from "
                    "configuration file: %s") % e
@@ -349,8 +349,10 @@ class ScaleIOConnector(base.BaseLinuxConnector):
            self.server_ip = connection_properties['serverIP']
            self.server_port = connection_properties['serverPort']
            self.server_username = connection_properties['serverUsername']
-            self.server_password, server_token = self._get_password_token(
-                connection_properties)
+            user, self.server_password, server_token = (
+                self._get_username_and_password_token(connection_properties))
+            if user:
+                self.server_username = user
            if server_token:
                self.server_token = server_token
            self.iops_limit = connection_properties['iopsLimit']
@@ -75,8 +75,8 @@ def rescan_vols(op_code):


@privileged.brick_privsep_hide_output.entrypoint
-def get_connector_password(filename, config_group, failed_over):
-    """Read ScaleIO connector configuration file and get appropriate password.
+def get_connector_username_password(filename, config_group, failed_over):
+    """Read ScaleIO connector configuration file.

    :param filename: path to connector configuration file
    :type filename: str
@@ -84,7 +84,7 @@ def get_connector_password(filename, config_group, failed_over):
    :type config_group: str
    :param failed_over: flag representing if storage is in failed over state
    :type failed_over: bool
-    :return: connector password
+    :return: connector username,password
    :rtype: str
    """

@@ -97,7 +97,10 @@ def get_connector_password(filename, config_group, failed_over):

    conf = configparser.ConfigParser()
    conf.read(filename)
+    username_key = (
+        "replicating_san_username" if failed_over else "san_username"
+    )
    password_key = (
        "replicating_san_password" if failed_over else "san_password"
    )
-    return conf[config_group][password_key]
+    return conf[config_group][username_key], conf[config_group][password_key]
@@ -83,9 +83,10 @@ class ScaleIOConnectorTestCase(test_connector.ConnectorTestCase):
                         return_value=["emc-vol-{}".format(self.vol['id'])])

        # Patch scaleio privileged calls
-        self.get_password_mock = self.mock_object(scaleio.priv_scaleio,
-                                                  'get_connector_password',
-                                                  return_value='fake_password')
+        self.get_password_mock = (
+            self.mock_object(scaleio.priv_scaleio,
+                             'get_connector_username_password',
+                             return_value=(None, 'fake_password')))
        self.get_guid_mock = self.mock_object(scaleio.priv_scaleio, 'get_guid',
                                              return_value=self.fake_guid)
        self.rescan_vols_mock = self.mock_object(scaleio.priv_scaleio,
@@ -183,6 +184,14 @@ class ScaleIOConnectorTestCase(test_connector.ConnectorTestCase):
            self.connector.GET_GUID_OP_CODE)
        self.get_password_mock.assert_called_once()

+    def test_connect_volume_with_connector_user(self):
+        self.get_password_mock.return_value = ('fake_user', 'fake_password')
+        self.connector.connect_volume(self.fake_connection_properties)
+        self.get_guid_mock.assert_called_once_with(
+            self.connector.GET_GUID_OP_CODE)
+        self.get_password_mock.assert_called_once()
+        self.assertEqual('fake_user', self.connector.server_username)
+
    def test_connect_volume_old_connection_properties(self):
        """Successful connect to volume"""
        connection_properties = {
@@ -0,0 +1,21 @@
+---
+upgrade:
+  - |
+    With the fix for `Bug #2142083
+    <https://bugs.launchpad.net/os-brick/+bug/2142083>`_, starting from
+    os-brick version 6.15.0 or later, users can configure the PowerFlex
+    ``san_username`` in the `/opt/emc/scaleio/openstack/connector.conf` file.
+    This allows volume detach operations to succeed even if the PowerFlex
+    ``san_username`` is changed.
+    This issue only affects legacy attached volumes. New volume
+    attachment and detachment operations will not encounter this
+    issue since the mapping happens on the Cinder side.
+fixes:
+  - |
+    PowerFlex Driver `Bug #2142083
+    <https://bugs.launchpad.net/os-brick/+bug/2142083>`_: Fixed an issue where
+    volume detach operations failed after changing the PowerFlex ``san_username``.
+    Previously, the PowerFlex ``san_username`` was stored in the
+    Nova block_device_mapping table and reused during detach operations.
+    With this fix, the driver now reads the ``san_username`` from the
+    `connector.conf` file instead.