md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.
In this case, we use md5 in a single case, when creating an identifier
for a mount point.
Change-Id: I08226895818185337425ebffc2464db05f3969c9
Depends-On: https://review.opendev.org/#/c/760160
This reverts commit 70a8924eb3844fab0a28cc5852131b0d2ad6c4fb.
Barbican DB issue is fixed by https://review.opendev.org/#/c/753699/4
Change-Id: I45db575d8fbdd8aea0e47bac0269b9f2250151ab
When doing multipathed Fibre Channel we may end up not flushing the
volume when disconnecting it if didn't find a multipath when doing
the connection.
The issue is caused by the `connect_volume` call returning a real path
instead of a symlink and us passing the wrong device_info to the
_remove_devices method, which makes the disconnect code incorrectly
identify when a multipath was used to decide whether to do a flush or
not.
This patch fixes these things in order to flush the individual path when
necessary.
Closes-Bug: #1897787
Change-Id: Ie3266c81b3c6bb5a2c213a12410539d404d1febe
keeping os-brick-src-tempest-lvm-lio-barbican job running on bionic nodeset till
https://storyboard.openstack.org/#!/story/2007732 is fixed
otherwise base devstack jobs switching to Focal will block
the gate.
Change-Id: I482ac98bc56f0e3cfb8b767f47649da11ed1afab
Story: #2007865
Task: #40179
Update existing node in the RBD connector about the removal of the
keyring data in the connection info to note that the code should not be
removed, since it is used by cinderlib.
Related-Bug: #738216
Change-Id: I1f76045b677833bb155978e1a166e63d53dc2aba
Found while testing cinder-backup with ceph on Ubuntu Focal, which
installs ceph Octopus. Octopus apparently enforces the requirement
that the config file contain a '[global]' section for general
requirements. The '[global]' section goes back at least to ceph
Hammer [0], so we will simply add it to the temporary ceph config
file that os-brick generates in the RBDConnector class.
[0] https://docs.ceph.com/docs/hammer/rados/configuration/mon-config-ref/
Co-authored-by: Alex Kavanagh <alex@ajkavanagh.co.uk>
Co-authored-by: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: I86eb31535d990291945de5d9846b1a03157ec2cf
Closes-bug: #1865754
This reverts commit 3e831480c29c07128f36ae67c44c25177b3d9f36.
This change introduced a heavyweight bindep to os-brick. We will
replace it with a more lightweight fix.
Change-Id: I9eff1d0d8bab7aaf060d2c009bed2be65d212c04
Partial-bug: #1865754
Add file to the reno documentation build to show release notes for
stable/victoria.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.
Change-Id: I7eba32adc5897940ceb712561ee40327e0f2418f
Sem-Ver: feature
Found whilst testing cinder-backup with ceph on Ubuntu focal and
OpenStack Ussuri. Focal installs Ceph Octopus, and, as the linked bug
shows, Octopus has slightly changed its requirements to need a
[global] ini heading at the beginning of the config file that is
generated within the RBDConnector() class.
Includes code to resolve which version of ceph is installed as a client
to only change octopus and later.
It also fixes cinder Ceph backup driver.
Includes release note for the change.
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Ie8011fc83bc41edd2768ade6d42d737b4598ca2d
Closes-Bug: #1865754
Try to leverage cache software, such as Open CAS, use high performance
disk or persistent memory as the cache in compute node locally for low
performance volume that allocated by cinder from remote backend storage.
open-cas: https://open-cas.github.io/
Nova Spec: https://review.opendev.org/#/c/689070/
Cinder Spec: https://review.opendev.org/#/c/684556/
Change-Id: Ib120047a65ecbb4ae0f060640d59f3f759a1cade
Signed-off-by: Liang Fang <liang.a.fang@intel.com>
The CORAID driver was removed many cycles ago. This cleans up os-brick
and removes the unused connector.
Depends-on: https://review.opendev.org/745393
Change-Id: I45ac41509f8fec9eb8f57aa03bcfb439a361b561
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Prior to victoria, cinder had an option to pass the content of the
keyring file as a connection property, thereby causing the situation
documented in OSSN-0085. Add a comment in the code indicating that
this field is not passed by cinder from the victoria release onwards.
Partially-implements: bp rbd-remove-option-causing-ossn-0085
Change-Id: I4a8793753c2504f8e594f92ae7069994c2d000ad
Change I6f01a178616b74ed9a86876ca46e7e46eb360518 needs to be
backported and included in a new os-brick release in all releaseable
stable branches, so add a release note saying what it does.
Change-Id: Ib98043358d51426ca650104ad59a7e09911ee8e9
This patch changes 'Handles single wwwn' to
'Handles single wwn'. The wwn stands for world
wide name.
Change-Id: Ia512cf12dfe9cac76f7fcaad9819a90896892454
Now that we search the multipath device even if we haven't been able to
find the WWN in the sysfs we can leverage the multipath daemon
information on sysfs to get the WWN.
Pass the mpath to "get_sysfs_wwn" method where we check the sysfs to get
the WWN.
Change-Id: Id1905bc174b8f2f3a345664d8a0a05284ca69927
When os-brick is installed from pip, there is no way right now
for devstack to know which dependencies are needed.
So far we have been duplicating them, but at least make it clear
that the dependency must be added to devstack as well.
Change-Id: Ic2a42bae8e957986a71b11598f943a84267deb18
When we fixed bug 1823200 in Change-ID
Iab54c515fe7be252df52b1a0503a251779805759 we made the ScaleIO connector
incompatible with the old connection properties dictionary as it only
supported the new 'config_group' and 'failed_over' parameters to get the
password.
This is a problem in any system that is upgraded and has attachments to
the array, because the connection properties of those volumes will not
contain the new fields and detaching them will result in error
"KeyError: 'config_group'".
This patch adds compatibility code to support the old connection
properties format so we can detach those volumes.
Related-Bug: #1823200
Change-Id: I6f01a178616b74ed9a86876ca46e7e46eb360518
The DRBD driver was removed by the vendor in the Stein release of
Cinder. This cleans up the unused connector code.
Depends-on: https://review.opendev.org/745393
Change-Id: I14825e5b3a01bd766d0441d61fa8149aa1bd1e65
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The Hyperscale connector was removed from Cinder in the Train release.
This cleans up its connector code.
Depends-on: https://review.opendev.org/745393
Change-Id: Icf219ead5d8180527b2d2fa6ef826e0782557824
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The HGST driver was removed from Cinder in the Stein release. This
cleans up its connector code.
Depends-on: https://review.opendev.org/745393
Change-Id: I9cb2911cba9f8f3310d6132bb8f96b45bf5b0708
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
This driver was removed from Cinder several releases ago. This cleans up
the now unused connector from os-brick.
Depends-on: https://review.opendev.org/745393
Change-Id: I8e892aafdfd3fcc4cd8657ec4e9ff0d9dce2e643
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
By default, udev will set device by-path name to its ID_PATH.
Looking at [1], most of the time, current code works,
but when system uses platform, then disk name will be prefixed by
'platform-xxxxx'.
[1]: a0be538616/src/udev/udev-builtin-path_id.c (L530)
Change-Id: I9b2c120f074f60b9af6dd81718a5287656040aba
Closes-Bug: #1862443
