Distribute iscsid.conf to all containers using iscsi
This patch updates the way files related to iscsi are distributed to the cinder, glance and nova containers that use the protocol. Previously it was thought that only the iscsid container needs access to /etc/iscsi/iscsid.conf, but the LP bug reveals the client side also reads the file in order to determine the list of chap algorithms to offer when initiating an iscsi connection. The bug was exposed when testing a secure environment that uses a non-default list of chap algorithms. The iscsid container was using the customized list, but the client containers (e.g. nova) were using the default list, which caused iscsid to reject connections. Closes-Bug: #1932181 Change-Id: Iad255451726867dc172404513fdac4ad0599c4c0
This commit is contained in:
parent
5fade4ae00
commit
48fd886a03
|
@ -300,7 +300,7 @@ outputs:
|
|||
- *cinder_common_volumes
|
||||
- {get_param: CinderVolumeOptVolumes}
|
||||
- - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- /var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: CephConfigPath}
|
||||
|
@ -339,7 +339,7 @@ outputs:
|
|||
- {get_param: CinderBackupOptVolumes}
|
||||
-
|
||||
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- /var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: CephConfigPath}
|
||||
|
|
|
@ -638,6 +638,10 @@ outputs:
|
|||
dest: "/etc/ceph/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src-iscsid/*"
|
||||
dest: "/etc/iscsi/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
list_concat:
|
||||
- - path: /var/lib/glance
|
||||
|
@ -711,11 +715,11 @@ outputs:
|
|||
- - {get_param: CephConfigPath}
|
||||
- - '/var/lib/kolla/config_files/src-ceph'
|
||||
- - 'ro'
|
||||
- /var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- /var/lib/glance:/var/lib/glance:slave
|
||||
- if:
|
||||
- cinder_backend_enabled
|
||||
- - /dev:/dev
|
||||
- /etc/iscsi:/etc/iscsi
|
||||
- /var/lib/iscsi:/var/lib/iscsi:z
|
||||
- if:
|
||||
- cinder_multipathd_enabled
|
||||
|
|
|
@ -1338,7 +1338,7 @@ outputs:
|
|||
- - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- /var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: CephConfigPath}
|
||||
|
|
|
@ -169,7 +169,7 @@ outputs:
|
|||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- /var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
||||
- /run:/run
|
||||
- /dev:/dev
|
||||
- /var/lib/iscsi:/var/lib/iscsi:z
|
||||
|
|
Loading…
Reference in New Issue