This change replaces all uses of rootwrap with a trivial privsep-based
equivalent. This replacement simply executes commands as the privsep
user *without any additional checks*.
There are 2 reasons why this is a reasonable thing to do:
1. We don't have a good workflow for merging rootwrap filter changes
into parent projects (nova/cinder) for a loosely-coupled library like
2. The previous situation was also insecure. The os-brick.filters
rootwrap config permitted commands like "dd" and "cp" with any
arguments, as root. This would have posed only a mild inconvenience
to an attacker. With privsep we can at least (in principle) limit
the commands to the privsep uid/gid and Linux
capabilities (CAP_SYS_ADMIN by default with this change).
This change addresses the urgency of (1). Later refactors will take
greater advantage of privsep to address (2).
# nova: nova.conf: Set privsep_rootwrap.helper_command
# nova: Add os-brick rootwrap filter for privsep
# cinder: cinder.conf: Set privsep_rootwrap.helper_command
# cinder: Add os-brick rootwrap filter for privsep
# privsep: Switch to msgpack for serialization
# requirements: require oslo.privsep>=1.5.0 for msgpack fix
For ISCSIConnector, _get_multipath_device_name is used for discovery
of a multipath device. However, the functionality is duplicated with
_discover_mpath_device is more generic. So get_multipath_device_name
should be replaced.
This patch removes _get_multipath_device_name from ISCSIConnector and
replace it with _discover_mpath_device. And the related tests are removed.
There was a case where the InitiatorConnector's
get_all_available_volumes function was returning None
instead of an empty list. It was happening when the search
path did not exist on the system.
This patch changes the logic so that by default an empty list
is always returned.
The "Scaling backup service" patch  in Cinder (merged a couple of days
ago) uses os-brick to perform a local attach volume. It revealed that the
support for Scality SOFS in os-brick was broken. (we did have a CI in
Cinder but the os-brick code path was not fully exercised until  merged).
This patch addresses this issue. The patch introduces a new class called
`ScalityRemoteFsClient` which inherits from `RemoteFsClient`. We can't
strictly use the `RemoteFsClient` because how to mount Scality FS is
a bit different from other FS.
Note that without this patch, the Scality Cinder driver is broken, more
precisely cinder backup is broken. So I would appreciate if we can merge
that for Mitaka (which needs another minor/micro(?) release of os-brick)
This fixes the logic in how we set the multipath_id in the device_info.
If the returned multipath_id is None, we didn't find a multipath device
and we don't set the multipath_id. This is exactly what we do for FC.
The multipath -ll output is logged at debug level but by
default debug level logging is disabled. If we fail to parse
the output of multipath -ll to get the device map, we should
include the command output in the warning message since INFO+
logging is enabled by default.
In the refactoring of the multipath discovery code from the FC connector
we missed a class member in FC getting migrated into the base class.
This resulted in the original path not existing in the base class and
in turn breaking iSCSI multipath.
This patch addresses the issue where lun id's values are larger
than 255 and are being kept as integers. This causes the volume and
search paths to be malformed and volumes can't be found. This patch
adds two functions to linuxscsi.py to process the lun id's; they can
process both a single lun id and a list of them. If a lun id has a
value larger than 255 it is converted to hex. This patch also modifies
the necessary unit tests and adds ones to cover the new main function.
The paths returned from the InitiatorConnector's
get_all_available_volumes function had a typo
where one of the forward slashes was missing.
This patch revises the way the paths are queried so that the
forward slash is included.
This patch continues work on making the connect_volume methods
more efficient. Using multipath -l to find the available multipath
devices can take a lot of time listing all of the potential
devices. Previously, the FC connector had been modified to skip
the use of multipath -l.
This patch takes the FC code and makes it into a generic method to
be used in the ISCSI connector and the FC connector and updates tests.
I also fixed argument order in assertEquals() in the
This patch adds strip() call to the return value
of the blockdevice call to fetch the size. Sometimes we get a newline
after the size value.
This commit adds the os-brick connector for the
ITRI DISCO cinder driver
This commit also includes the ITRI DISCO connector unit test.
The cinder driver itself has been commited in cinder but not merged yet.
( ref : https://review.openstack.org/#/c/253356/ )
I first commit this connector, then the part in nova
( ref : https://review.openstack.org/#/c/253353/ )
finally I committed the connector in cinder
Note that the patch for nova requires this commit to be merged
to pass the unit test.
Implements: blueprint disco-driver-cinder
This patch adds the new extend_volume API to the connector objects.
The purpose of this patch is to add the ability to notify the host
kernel when an attached volume has been resized. This allows both
raw device paths and multipath devices to get new sizes on the fly
without detaching and then reattaching to the host.
To manually test:
Use the brick_resize.py tool here:
sample brick.conf to output debug logging for the brick_resize.py tool
After a successful resize, find the virt domain name
virsh blockresize <domain name> <path to raw device> <new size>
blockresize instance-00000007 /dev/disk/by-id/dm-uuid-mpath-350002ace1dda383d 3145728
Implements blueprint: brick-extend-attached-volume