summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-14 04:13:55 +0000
committerGerrit Code Review <review@openstack.org>2017-06-14 04:13:55 +0000
commit4ace336a25b000db1c8d433011a261d8d4802105 (patch)
tree41f67c82f20e55c1790b3aeecbfb0ee2d3f2bbf0
parent371a97c89ae59981fe3bd65fc89b08bb4d256f8e (diff)
parentfb4184f1e690901378a155573368a55ff9a8a779 (diff)
Merge "libvirt: handle missing rbd_secret_uuid from old connection info" into stable/ocata
-rw-r--r--nova/tests/unit/virt/libvirt/volume/test_net.py32
-rw-r--r--nova/virt/libvirt/volume/net.py14
2 files changed, 45 insertions, 1 deletions
diff --git a/nova/tests/unit/virt/libvirt/volume/test_net.py b/nova/tests/unit/virt/libvirt/volume/test_net.py
index cec1a83..49947d1 100644
--- a/nova/tests/unit/virt/libvirt/volume/test_net.py
+++ b/nova/tests/unit/virt/libvirt/volume/test_net.py
@@ -139,6 +139,38 @@ class LibvirtNetVolumeDriverTestCase(
139 self.assertEqual(self.uuid, tree.find('./auth/secret').get('uuid')) 139 self.assertEqual(self.uuid, tree.find('./auth/secret').get('uuid'))
140 libvirt_driver.disconnect_volume(connection_info, "vde") 140 libvirt_driver.disconnect_volume(connection_info, "vde")
141 141
142 def test_libvirt_rbd_driver_auth_enabled_flags_secret_uuid_fallback(self):
143 """The values from the cinder connection_info take precedence over
144 nova.conf values, unless it's old connection data where the
145 secret_uuid wasn't set on the cinder side for the original connection
146 which is now persisted in the
147 nova.block_device_mappings.connection_info column and used here. In
148 this case we fallback to use the local config for secret_uuid.
149 """
150 libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host)
151 connection_info = self.rbd_connection(self.vol)
152 secret_type = 'ceph'
153 connection_info['data']['auth_enabled'] = True
154 connection_info['data']['auth_username'] = self.user
155 connection_info['data']['secret_type'] = secret_type
156 # Fake out cinder not setting the secret_uuid in the old connection.
157 connection_info['data']['secret_uuid'] = None
158
159 flags_uuid = '37152720-1785-11e2-a740-af0c1d8b8e4b'
160 flags_user = 'bar'
161 self.flags(rbd_user=flags_user,
162 rbd_secret_uuid=flags_uuid,
163 group='libvirt')
164
165 conf = libvirt_driver.get_config(connection_info, self.disk_info)
166 tree = conf.format_dom()
167 self._assertNetworkAndProtocolEquals(tree)
168 self.assertEqual(self.user, tree.find('./auth').get('username'))
169 self.assertEqual(secret_type, tree.find('./auth/secret').get('type'))
170 # Assert that the secret_uuid comes from CONF.libvirt.rbd_secret_uuid.
171 self.assertEqual(flags_uuid, tree.find('./auth/secret').get('uuid'))
172 libvirt_driver.disconnect_volume(connection_info, "vde")
173
142 def test_libvirt_rbd_driver_auth_disabled(self): 174 def test_libvirt_rbd_driver_auth_disabled(self):
143 libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host) 175 libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host)
144 connection_info = self.rbd_connection(self.vol) 176 connection_info = self.rbd_connection(self.vol)
diff --git a/nova/virt/libvirt/volume/net.py b/nova/virt/libvirt/volume/net.py
index a405433..8692495 100644
--- a/nova/virt/libvirt/volume/net.py
+++ b/nova/virt/libvirt/volume/net.py
@@ -62,13 +62,25 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
62 auth_enabled = netdisk_properties.get('auth_enabled') 62 auth_enabled = netdisk_properties.get('auth_enabled')
63 if auth_enabled: 63 if auth_enabled:
64 conf.auth_username = netdisk_properties['auth_username'] 64 conf.auth_username = netdisk_properties['auth_username']
65 conf.auth_secret_uuid = netdisk_properties['secret_uuid'] 65 # We started preferring Cinder config for rbd auth values starting
66 # in Ocata, but if we have a guest connection from before that when
67 # secret_uuid wasn't configured in Cinder, we need to fallback to
68 # get it from local nova.conf.
69 if netdisk_properties['secret_uuid'] is not None:
70 conf.auth_secret_uuid = netdisk_properties['secret_uuid']
71 else:
72 LOG.debug('Falling back to Nova configuration for RBD auth '
73 'secret_uuid value.')
74 conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
66 # secret_type is always hard-coded to 'ceph' in cinder 75 # secret_type is always hard-coded to 'ceph' in cinder
67 conf.auth_secret_type = netdisk_properties['secret_type'] 76 conf.auth_secret_type = netdisk_properties['secret_type']
68 elif CONF.libvirt.rbd_secret_uuid: 77 elif CONF.libvirt.rbd_secret_uuid:
69 # Anyone relying on falling back to nova config is probably having 78 # Anyone relying on falling back to nova config is probably having
70 # this work accidentally and we'll remove that support in the 79 # this work accidentally and we'll remove that support in the
71 # 16.0.0 Pike release. 80 # 16.0.0 Pike release.
81 # NOTE(mriedem): We'll have to be extra careful about this in case
82 # the reason we got here is due to an old volume connection created
83 # before we started preferring the Cinder settings in Ocata.
72 LOG.warning(_LW('Falling back to Nova configuration values for ' 84 LOG.warning(_LW('Falling back to Nova configuration values for '
73 'RBD authentication. Cinder should be configured ' 85 'RBD authentication. Cinder should be configured '
74 'for auth with Ceph volumes. This fallback will ' 86 'for auth with Ceph volumes. This fallback will '