Merge "Fix multipath iSCSI encrypted volume attach failure"
This commit is contained in:
commit
a59834a515
@ -15,6 +15,7 @@
|
|||||||
|
|
||||||
|
|
||||||
import binascii
|
import binascii
|
||||||
|
import copy
|
||||||
|
|
||||||
from castellan.common.objects import symmetric_key as key
|
from castellan.common.objects import symmetric_key as key
|
||||||
import mock
|
import mock
|
||||||
@ -33,14 +34,15 @@ def fake__get_key(context):
|
|||||||
|
|
||||||
|
|
||||||
class CryptsetupEncryptorTestCase(test_base.VolumeEncryptorTestCase):
|
class CryptsetupEncryptorTestCase(test_base.VolumeEncryptorTestCase):
|
||||||
def _create(self, connection_info):
|
@mock.patch('os.path.exists', return_value=False)
|
||||||
|
def _create(self, connection_info, mock_exists):
|
||||||
return cryptsetup.CryptsetupEncryptor(connection_info)
|
return cryptsetup.CryptsetupEncryptor(connection_info)
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(CryptsetupEncryptorTestCase, self).setUp()
|
super(CryptsetupEncryptorTestCase, self).setUp()
|
||||||
|
|
||||||
self.dev_path = self.connection_info['data']['device_path']
|
self.dev_path = self.connection_info['data']['device_path']
|
||||||
self.dev_name = self.dev_path.split('/')[-1]
|
self.dev_name = 'crypt-%s' % self.dev_path.split('/')[-1]
|
||||||
|
|
||||||
self.symlink_path = self.dev_path
|
self.symlink_path = self.dev_path
|
||||||
|
|
||||||
@ -102,3 +104,37 @@ class CryptsetupEncryptorTestCase(test_base.VolumeEncryptorTestCase):
|
|||||||
cryptsetup.CryptsetupEncryptor,
|
cryptsetup.CryptsetupEncryptor,
|
||||||
connection_info)
|
connection_info)
|
||||||
self.assertIn(type, six.text_type(exc))
|
self.assertIn(type, six.text_type(exc))
|
||||||
|
|
||||||
|
@mock.patch('os.path.exists', return_value=True)
|
||||||
|
@mock.patch('nova.utils.execute')
|
||||||
|
def test_init_volume_encryption_with_old_name(self, mock_execute,
|
||||||
|
mock_exists):
|
||||||
|
# If an old name crypt device exists, dev_path should be the old name.
|
||||||
|
old_dev_name = self.dev_path.split('/')[-1]
|
||||||
|
encryptor = cryptsetup.CryptsetupEncryptor(self.connection_info)
|
||||||
|
self.assertFalse(encryptor.dev_name.startswith('crypt-'))
|
||||||
|
self.assertEqual(old_dev_name, encryptor.dev_name)
|
||||||
|
self.assertEqual(self.dev_path, encryptor.dev_path)
|
||||||
|
self.assertEqual(self.symlink_path, encryptor.symlink_path)
|
||||||
|
mock_exists.assert_called_once_with('/dev/mapper/%s' % old_dev_name)
|
||||||
|
mock_execute.assert_called_once_with(
|
||||||
|
'cryptsetup', 'status', old_dev_name, run_as_root=True)
|
||||||
|
|
||||||
|
@mock.patch('os.path.exists', side_effect=[False, True])
|
||||||
|
@mock.patch('nova.utils.execute')
|
||||||
|
def test_init_volume_encryption_with_wwn(self, mock_execute, mock_exists):
|
||||||
|
# If an wwn name crypt device exists, dev_path should be based on wwn.
|
||||||
|
old_dev_name = self.dev_path.split('/')[-1]
|
||||||
|
wwn = 'fake_wwn'
|
||||||
|
connection_info = copy.deepcopy(self.connection_info)
|
||||||
|
connection_info['data']['multipath_id'] = wwn
|
||||||
|
encryptor = cryptsetup.CryptsetupEncryptor(connection_info)
|
||||||
|
self.assertFalse(encryptor.dev_name.startswith('crypt-'))
|
||||||
|
self.assertEqual(wwn, encryptor.dev_name)
|
||||||
|
self.assertEqual(self.dev_path, encryptor.dev_path)
|
||||||
|
self.assertEqual(self.symlink_path, encryptor.symlink_path)
|
||||||
|
mock_exists.assert_has_calls([
|
||||||
|
mock.call('/dev/mapper/%s' % old_dev_name),
|
||||||
|
mock.call('/dev/mapper/%s' % wwn)])
|
||||||
|
mock_execute.assert_called_once_with(
|
||||||
|
'cryptsetup', 'status', wwn, run_as_root=True)
|
||||||
|
@ -17,9 +17,11 @@
|
|||||||
import binascii
|
import binascii
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
from oslo_concurrency import processutils
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
from nova import exception
|
from nova import exception
|
||||||
|
from nova.i18n import _LW
|
||||||
from nova import utils
|
from nova import utils
|
||||||
from nova.volume.encryptors import base
|
from nova.volume.encryptors import base
|
||||||
|
|
||||||
@ -49,10 +51,45 @@ class CryptsetupEncryptor(base.VolumeEncryptor):
|
|||||||
self.symlink_path = connection_info['data']['device_path']
|
self.symlink_path = connection_info['data']['device_path']
|
||||||
|
|
||||||
# a unique name for the volume -- e.g., the iSCSI participant name
|
# a unique name for the volume -- e.g., the iSCSI participant name
|
||||||
self.dev_name = self.symlink_path.split('/')[-1]
|
self.dev_name = 'crypt-%s' % self.symlink_path.split('/')[-1]
|
||||||
|
|
||||||
|
# NOTE(tsekiyama): In older version of nova, dev_name was the same
|
||||||
|
# as the symlink name. Now it has 'crypt-' prefix to avoid conflict
|
||||||
|
# with multipath device symlink. To enable rolling update, we use the
|
||||||
|
# old name when the encrypted volume already exists.
|
||||||
|
old_dev_name = self.symlink_path.split('/')[-1]
|
||||||
|
wwn = data.get('multipath_id')
|
||||||
|
if self._is_crypt_device_available(old_dev_name):
|
||||||
|
self.dev_name = old_dev_name
|
||||||
|
LOG.debug("Using old encrypted volume name: %s", self.dev_name)
|
||||||
|
elif wwn and wwn != old_dev_name:
|
||||||
|
# FibreChannel device could be named '/dev/mapper/<WWN>'.
|
||||||
|
if self._is_crypt_device_available(wwn):
|
||||||
|
self.dev_name = wwn
|
||||||
|
LOG.debug("Using encrypted volume name from wwn: %s",
|
||||||
|
self.dev_name)
|
||||||
|
|
||||||
# the device's actual path on the compute host -- e.g., /dev/sd_
|
# the device's actual path on the compute host -- e.g., /dev/sd_
|
||||||
self.dev_path = os.path.realpath(self.symlink_path)
|
self.dev_path = os.path.realpath(self.symlink_path)
|
||||||
|
|
||||||
|
def _is_crypt_device_available(self, dev_name):
|
||||||
|
if not os.path.exists('/dev/mapper/%s' % dev_name):
|
||||||
|
return False
|
||||||
|
|
||||||
|
try:
|
||||||
|
utils.execute('cryptsetup', 'status', dev_name, run_as_root=True)
|
||||||
|
except processutils.ProcessExecutionError as e:
|
||||||
|
# If /dev/mapper/<dev_name> is a non-crypt block device (such as a
|
||||||
|
# normal disk or multipath device), exit_code will be 1. In the
|
||||||
|
# case, we will omit the warning message.
|
||||||
|
if e.exit_code != 1:
|
||||||
|
LOG.warning(_LW('cryptsetup status %(dev_name) exited '
|
||||||
|
'abnormally (status %(exit_code)s): %(err)s'),
|
||||||
|
{"dev_name": dev_name, "exit_code": e.exit_code,
|
||||||
|
"err": e.stderr})
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
def _get_passphrase(self, key):
|
def _get_passphrase(self, key):
|
||||||
"""Convert raw key to string."""
|
"""Convert raw key to string."""
|
||||||
return binascii.hexlify(key).decode('utf-8')
|
return binascii.hexlify(key).decode('utf-8')
|
||||||
|
Loading…
Reference in New Issue
Block a user