| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LVM target drivers usually only support unique subsystems/targets, so a
specific subsystem/target is created for each volume.
While this is good from a deployment point of view, it is insufficient
from a testing perspective, since it limits the code paths that can be
tested in os-brick.
Being able to test these 2 different paths in os-brick is very
important, because the shared case usually present very particular
issues: Leftover devices caused by race conditions between nova and
cinder, premature subsystem/target disconnection, not disconnecting
subsystem/target, etc.
Thanks to this patch we'll be able to increase the testing possibilities
of the NVMe-oF os-brick connector to cover combinations of:
- Different connection properties formats: old & new
- Different target sharing: shared & non shared
Change-Id: I396db66f72fbf1f31f279d4431c64c9004a1a665
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On ghange Icae9802713867fa148bc041c86beb010086dacc9 we changed from
using the nvmet CLI interface to using it as a Python library.
In that change we incorrectly wrote the ``setup`` methods signature and
they are all missing the ``err_func`` parameter. It is not failing
because that's on the non-privileged side of things, and then on the
privileged side it forcefully adds the parameter on the call to the
actual library.
This patch adds the missing parameter and handles it on the
non-privileged side.
Change-Id: I615497616d87dfc1683977feafcfbfb9fab8e248
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The nvmet target was using the nvmetcli command to manage the NVMe-oF
targets, but the command has a big limitation when it comes to
controlling it's behaviour through the command line, as it can only
restore all its configuration and small parts, such as ports or
subsystems, cannot be directly modified without entering into the
interactive mode.
Due to this limitation the nvmet target would:
- Save current nvmet configuration
- Make changes to the json data
- Restore the updated configuration
The problem with this process, besides being slow because it runs a CLI
command and uses temporary files, is that the restoration completely
deletes EVERYTHING, before recreating it again. This means that all
hosts that are connected to volumes will suddenly experience a
disconnect to the volumes (because the namespace and subsystems have
disappeared) and will keep retrying to connect. The reconnect succeeds
after the configuration has been restored by nvmet, but that's 10 to 20
seconds that hosts cannot access volumes (this may block things in VMs)
and will present nnvme kernel log error messages.
To fix all these issues, speed and disconnect, this patch stops using
the nvmetcli as a CLI and uses it as a Python library, since that's the
most feature rich functionality of nvmetcli.
Querying the nvmet system can be done directly with the library, but to
make changes (create/destroy ports, subsystems, namespaces) it requires
privileges, so this patch adds a privsep wrapper for the operations that
we use and cannot be done as a normal user.
The nvmet wrapper doesn't provide privsep support for ALL operations,
only for those that we currently use.
Due to the client-server architecture of privsep and nvmet using non
primitive instances as parameters, the privsep wrapper needs custom
serialization code to pass these instances.
As a side effect of the refactoring we also fix a bug were we tried to
create the port over and over again on each create_export call which
resulted in nvme kernel warning logs.
Closes-Bug: #1964391
Closes-Bug: #1964394
Change-Id: Icae9802713867fa148bc041c86beb010086dacc9
|
|/
|
|
|
|
|
| |
We are close to the Zed release removing IET iSCSI target.
Closes-Bug: #1988317
Change-Id: If8116daa9be69f0e95d5a1edf4a7ad7a9c0ecd86
|
|
|
|
|
|
|
|
|
| |
This was for a driver that is no longer in the tree.
It is also broken -- it refers to an exception class
that doesn't exist (exception.UnableToExecuteHyperScaleCmd).
Change-Id: I856376aa29e076d501ee19cbb386329017363dad
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The flake8-logging-format extension includes several checks for things
we've had to try to catch in code reviews until now. This enables the
extension and fixes the few cases where things had slipped through code
review.
G200: Logging statements should not include the exception in logged string
is disabled since that triggers a lot more issues, some of which may be
acceptable. That can be left as a follow up exercise if we want to clean
those up and enable all checks.
Change-Id: I1dedc0b31f78f518c2ab5dee5ed7abda1c1d9296
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit a62c9dfdd41ab0be8bedd99ca39b82701d73ef4f.
This did not account for cases where truncate is
called w/o elevated privileges.
Related-Bug: #1818504
Change-Id: I3cb85be854e68fda525cfebe254ce7c85d8e3d37
|
|
|
|
|
|
|
| |
This reverts commit 2e292ddeb4148e12b8972fa0a25c03ab4c5e61a8.
Related-Bug: #1818504
Change-Id: I3df664d16ed8af4471619904c8af9e3427891ac4
|
|
|
|
|
|
|
| |
Call truncate directly rather than shelling
out to truncate.
Change-Id: Ib9b1fcd268785c314a2fb8f4a9ee3fac57d68703
|
|
|
|
|
|
|
| |
Use oslo.privsep for the truncate command.
Change-Id: Ic287c64a4e0f663738e23d22e819b6ffee9c84c1
Signed-off-by: Charles Short <chucks@redhat.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Remove 'ln' command from rootwrap filter and oslo.privsep.
Change-Id: I78307620d4dd350656c3350aace2069c9929e850
Signed-off-by: Chuck Short <chucks@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Use oslo.privsep to run the lvconvert command.
Change-Id: I6c2dce7beb1c3f8bb777066f62ced134f763e640
Signed-off-by: Charles Short <chucks@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Use olso.privsep rather than oslo.rootwrap for the 'lvcreate'
Change-Id: I9e8f74ef74ef3f7cbbcf7967304246e9dfafb5c0
Signed-off-by: Charles Short <chucks@redhat.com>
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use oslo.privsep to use 'lvrename'.
Change-Id: Ied9cf22adbe8f2cec20b02f4aa122a1f2ec35aae
Signed-off-by: Charles Short <chucks@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Switch ietadm to use oslo.privsep rather than olso.rootwrap.
This is mostly a straight copy of the the methods used to
create targets.
Change-Id: Ia4dc63d75960935e770a7fef352b51a7c75be4d6
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use oslo.privsep for scstadmin and remove it from
etc/cinder/rootwrap.d/volume.filters.
Change-Id: I55c8d40ee082a32fa51c893845a0b0aa4dad1492
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|\ \ \
| |_|/
|/| | |
|
| |/
| |
| |
| |
| |
| |
| | |
Use umount to umount volumes via oslo.privsep.
Change-Id: I83972fbfaf0842800c65ed8c391e2089de9807fe
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Convert usage of tgt-admin and tgtadm to use privsep rather than
the rootwrap wrapper.
Change-Id: Ibdb94fc3aebb01fee6e2e76adeaa5d34a4af8753
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|/
|
|
|
|
|
| |
Move touch to privsep and remove it from volume.filters.
Change-Id: I169b45f1176537448871cf23b6362c7ffbb16fff
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|
|
|
|
|
|
|
| |
Rename file to path because most of these functions in the
file have to do with filesystem paths and the like.
Change-Id: I709d8f8722c6a477e50d0ee7fd9a368a16fe9cca
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|
|
|
|
|
|
| |
Use oslo.privsep for udevadm
Change-Id: Ib89354c9555c4b2c9f5a8331a788d7fe4ac46694
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|
|
|
|
|
|
|
| |
Move the hscli usage to privsep, this is basically a straight
copy of the hsexecute function.
Change-Id: I0a8f1502506b32fdd6599bc2d0c385ebeb968172
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Now that we have privsep support in cinder,
we can start using privsep in various drivers
so we can drop rootwrap support.
Change-Id: I3cff61b4cde16e00ad23d534c5281a2f1afcd29f
Signed-off-by: Chuck Short <chucks@redhat.com>
|
|
This includes implementing a first trivial example of how to use
privsep to run something as root, specifically the cgroup throttling
driver.
This code is modelled strongly on how nova has chosen to use privsep.
Consistency is probably good here, but it does imply that the cinder
team is ok with the decisons nova has made about implementation.
Change-Id: Ic401138a10a72cb4b976a1a6aba272cafcb40d8b
|