Merge "libvirt: handle missing rbd_secret_uuid from old connection info" into stable/ocata

This commit is contained in:
Jenkins 2017-06-14 04:13:55 +00:00 committed by Gerrit Code Review
commit 4ace336a25
2 changed files with 45 additions and 1 deletions

View File

@ -139,6 +139,38 @@ class LibvirtNetVolumeDriverTestCase(
self.assertEqual(self.uuid, tree.find('./auth/secret').get('uuid'))
libvirt_driver.disconnect_volume(connection_info, "vde")
def test_libvirt_rbd_driver_auth_enabled_flags_secret_uuid_fallback(self):
"""The values from the cinder connection_info take precedence over
nova.conf values, unless it's old connection data where the
secret_uuid wasn't set on the cinder side for the original connection
which is now persisted in the
nova.block_device_mappings.connection_info column and used here. In
this case we fallback to use the local config for secret_uuid.
"""
libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host)
connection_info = self.rbd_connection(self.vol)
secret_type = 'ceph'
connection_info['data']['auth_enabled'] = True
connection_info['data']['auth_username'] = self.user
connection_info['data']['secret_type'] = secret_type
# Fake out cinder not setting the secret_uuid in the old connection.
connection_info['data']['secret_uuid'] = None
flags_uuid = '37152720-1785-11e2-a740-af0c1d8b8e4b'
flags_user = 'bar'
self.flags(rbd_user=flags_user,
rbd_secret_uuid=flags_uuid,
group='libvirt')
conf = libvirt_driver.get_config(connection_info, self.disk_info)
tree = conf.format_dom()
self._assertNetworkAndProtocolEquals(tree)
self.assertEqual(self.user, tree.find('./auth').get('username'))
self.assertEqual(secret_type, tree.find('./auth/secret').get('type'))
# Assert that the secret_uuid comes from CONF.libvirt.rbd_secret_uuid.
self.assertEqual(flags_uuid, tree.find('./auth/secret').get('uuid'))
libvirt_driver.disconnect_volume(connection_info, "vde")
def test_libvirt_rbd_driver_auth_disabled(self):
libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host)
connection_info = self.rbd_connection(self.vol)

View File

@ -62,13 +62,25 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
auth_enabled = netdisk_properties.get('auth_enabled')
if auth_enabled:
conf.auth_username = netdisk_properties['auth_username']
conf.auth_secret_uuid = netdisk_properties['secret_uuid']
# We started preferring Cinder config for rbd auth values starting
# in Ocata, but if we have a guest connection from before that when
# secret_uuid wasn't configured in Cinder, we need to fallback to
# get it from local nova.conf.
if netdisk_properties['secret_uuid'] is not None:
conf.auth_secret_uuid = netdisk_properties['secret_uuid']
else:
LOG.debug('Falling back to Nova configuration for RBD auth '
'secret_uuid value.')
conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
# secret_type is always hard-coded to 'ceph' in cinder
conf.auth_secret_type = netdisk_properties['secret_type']
elif CONF.libvirt.rbd_secret_uuid:
# Anyone relying on falling back to nova config is probably having
# this work accidentally and we'll remove that support in the
# 16.0.0 Pike release.
# NOTE(mriedem): We'll have to be extra careful about this in case
# the reason we got here is due to an old volume connection created
# before we started preferring the Cinder settings in Ocata.
LOG.warning(_LW('Falling back to Nova configuration values for '
'RBD authentication. Cinder should be configured '
'for auth with Ceph volumes. This fallback will '