Ensure rbd auth fallback uses matching credentials

As of Ocata, cinder config is preferred for rbd auth values with a fallback to nova values [1]. The fallback path, for the case when rbd_user is configured in cinder.conf and rbd_secret_uuid is not configured in cinder.conf, results in the mismatched use of cinder rbd_user with nova rbd_secret_uuid. This fixes that fallback path to use nova rbd_user from nova.conf with rbd_secret_uuid from nova.conf. [1] See commit f2d27f6a8a Thanks to David Ames for this fix. Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d Co-Authored-By: David Ames <david.ames@canonical.com> Closes-Bug: #1809454 (cherry picked from commit 47b7c4f3cc) (cherry picked from commit f5d8ee1bfc) (cherry picked from commit accef50f96)
2018-12-21 08:23:32 -05:00 · 2018-12-21 08:23:32 -05:00 · a7e25aa3d2
parent 745bd464f0
commit a7e25aa3d2
2 changed files with 7 additions and 3 deletions
--- a/nova/tests/unit/virt/libvirt/volume/test_net.py
+++ b/nova/tests/unit/virt/libvirt/volume/test_net.py
@ -150,7 +150,8 @@ class LibvirtNetVolumeDriverTestCase(
        secret_uuid wasn't set on the cinder side for the original connection
        which is now persisted in the
        nova.block_device_mappings.connection_info column and used here. In
-        this case we fallback to use the local config for secret_uuid.
+        this case we fallback to use the local config for secret_uuid and
+        username.
        """
        libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host)
        connection_info = self.rbd_connection(self.vol)
@ -170,7 +171,7 @@ class LibvirtNetVolumeDriverTestCase(
        conf = libvirt_driver.get_config(connection_info, self.disk_info)
        tree = conf.format_dom()
        self._assertNetworkAndProtocolEquals(tree)
-        self.assertEqual(self.user, tree.find('./auth').get('username'))
+        self.assertEqual(flags_user, tree.find('./auth').get('username'))
        self.assertEqual(secret_type, tree.find('./auth/secret').get('type'))
        # Assert that the secret_uuid comes from CONF.libvirt.rbd_secret_uuid.
        self.assertEqual(flags_uuid, tree.find('./auth/secret').get('uuid'))
--- a/nova/virt/libvirt/volume/net.py
+++ b/nova/virt/libvirt/volume/net.py
@ -69,8 +69,11 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
            if netdisk_properties['secret_uuid'] is not None:
                conf.auth_secret_uuid = netdisk_properties['secret_uuid']
            else:
+                # If we're using the rbd_secret_uuid from nova.conf we need to
+                # use the rbd_user from nova.conf as well.
                LOG.debug('Falling back to Nova configuration for RBD auth '
-                          'secret_uuid value.')
+                          'secret_uuid and username values.')
+                conf.auth_username = CONF.libvirt.rbd_user
                conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
            # secret_type is always hard-coded to 'ceph' in cinder
            conf.auth_secret_type = netdisk_properties['secret_type']