From aadf0950c9c62f68a107c89c5b7c7632a2c732db Mon Sep 17 00:00:00 2001 From: Ivan Pchelintsev Date: Mon, 1 Jun 2020 11:50:01 +0300 Subject: [PATCH] Remove VxFlex OS credentials from connection_properties VxFlex OS password is not stored in block_device_mapping table. Instead of this passwords are stored in separate file and are retrieved during each attach/detach operation. Closes-Bug: #1823200 Change-Id: Ie9c41f37ab5c186b9f9aa92539a363d0b2388035 --- .../drivers/dell_emc/vxflexos/driver.py | 6 +-- .../drivers/dell-emc-vxflex-driver.rst | 49 +++++++++++++++++-- lower-constraints.txt | 2 +- .../bug-1823200-train-58d84b7a0530594f.yaml | 25 ++++++++++ requirements.txt | 2 +- 5 files changed, 76 insertions(+), 8 deletions(-) create mode 100644 releasenotes/notes/bug-1823200-train-58d84b7a0530594f.yaml diff --git a/cinder/volume/drivers/dell_emc/vxflexos/driver.py b/cinder/volume/drivers/dell_emc/vxflexos/driver.py index d59656e3c54..684115a804d 100644 --- a/cinder/volume/drivers/dell_emc/vxflexos/driver.py +++ b/cinder/volume/drivers/dell_emc/vxflexos/driver.py @@ -89,9 +89,10 @@ class VxFlexOSDriver(driver.VolumeDriver): 2.0.4 - Added compatibility with os_brick>1.15.3 2.0.5 - Change driver name, rename config file options 3.0.0 - Add support for VxFlex OS 3.0.x and for volumes compression + 3.0.0.1 - Fix for Bug #1823200. See OSSN-0086 for details. """ - VERSION = "3.0.0" + VERSION = "3.0.0.1" # ThirdPartySystems wiki CI_WIKI_NAME = "DELL_EMC_ScaleIO_CI" @@ -159,8 +160,7 @@ class VxFlexOSDriver(driver.VolumeDriver): 'serverIP': self.server_ip, 'serverPort': self.server_port, 'serverUsername': self.server_username, - 'serverPassword': self.server_password, - 'serverToken': self.server_token, + 'config_group': self.configuration.config_group, 'iopsLimit': None, 'bandwidthLimit': None, } diff --git a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst index 70df49c4b01..917b68ab823 100644 --- a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst +++ b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst @@ -212,6 +212,33 @@ parameters as follows: san_password = SIO_PASSWD san_thin_provision = false +Connector configuration +~~~~~~~~~~~~~~~~~~~~~~~ + +Before using attach/detach volume operations VxFlex OS connector must be +properly configured. On each node where VxFlex OS SDC is installed do the +following: + +#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not + exist. + + .. code-block:: console + + $ mkdir -p /opt/emc/scaleio/openstack + $ touch /opt/emc/scaleio/openstack/connector.conf + +#. For each VxFlex OS section in the ``cinder.conf`` create the same section in + the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with + passwords. Example: + + .. code-block:: ini + + [vxflexos] + san_password = SIO_PASSWD + + [vxflexos-new] + san_password = SIO2_PASSWD + .. _cg_configuration_options_emc: Configuration options @@ -343,6 +370,22 @@ limit volumes allocation only to data pools which supports compression. Using VxFlex OS Storage with a containerized overcloud ------------------------------------------------------ -When using a containerized overcloud, such as one deployed via TripleO or -Red Hat OpenStack version 13 and above, install the Storage Data Client -(SDC) on all nodes after deploying the overcloud. +#. Create a file with below contents: + + .. code-block:: yaml + + parameter_defaults: + NovaComputeOptVolumes: + - /opt/emc/scaleio:/opt/emc/scaleio + CinderVolumeOptVolumes: + - /opt/emc/scaleio:/opt/emc/scaleio + GlanceApiOptVolumes: + - /opt/emc/scaleio:/opt/emc/scaleio + + + Name it whatever you like, e.g. ``vxflexos_volumes.yml``. + +#. Use ``-e`` to include this customization file to deploy command. + +#. Install the Storage Data Client (SDC) on all nodes after deploying + the overcloud. diff --git a/lower-constraints.txt b/lower-constraints.txt index e68b63df461..b8a78195787 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -65,7 +65,7 @@ networkx==1.11 oauth2client==1.5.0 openstackdocstheme==1.20.0 os-api-ref==1.4.0 -os-brick==2.2.0 +os-brick==2.10.3 os-client-config==1.29.0 os-win==3.0.0 oslo.cache==1.29.0 diff --git a/releasenotes/notes/bug-1823200-train-58d84b7a0530594f.yaml b/releasenotes/notes/bug-1823200-train-58d84b7a0530594f.yaml new file mode 100644 index 00000000000..3da4d160280 --- /dev/null +++ b/releasenotes/notes/bug-1823200-train-58d84b7a0530594f.yaml @@ -0,0 +1,25 @@ +--- +upgrade: + - | + The fix for `Bug #1823200 + `_ requires + ``os-brick`` >= 2.10.3 but < 2.11.0. +security: + - | + Dell EMC VxFlex OS driver: This release contains a fix for + `Bug #1823200 `_. + See `OSSN-0086 `_ + for details. +fixes: + - | + `Bug #1823200 `_: + This release contains an updated Dell EMC VxFlex OS driver. It must + be used with ``os-brick`` >= 2.10.3 but < 2.11.0. + and requires that a new configuration file be deployed on compute + nodes, cinder nodes, and anywhere you would perform a volume attachment + in your deployment. + See the `Dell EMC VxFlex OS (ScaleIO) Storage driver + `_ + documentation for details about the configuration file, and see + `OSSN-0086 `_ for + more information about the security vulnerability. diff --git a/requirements.txt b/requirements.txt index 96785d63e02..30c429764ea 100644 --- a/requirements.txt +++ b/requirements.txt @@ -58,7 +58,7 @@ suds-jurko>=0.6 # LGPLv3+ WebOb>=1.7.1 # MIT oslo.i18n>=3.15.3 # Apache-2.0 oslo.vmware>=2.17.0 # Apache-2.0 -os-brick>=2.2.0 # Apache-2.0 +os-brick>=2.10.3 # Apache-2.0 os-win>=3.0.0 # Apache-2.0 tooz>=1.58.0 # Apache-2.0 google-api-python-client>=1.4.2 # Apache-2.0