diff options
| author | Corey Bryant <corey.bryant@canonical.com> | 2018-12-21 08:23:32 -0500 |
|---|---|---|
| committer | Corey Bryant <corey.bryant@canonical.com> | 2019-01-08 01:37:31 +0000 |
| commit | 779e58e97612d9fcb15d8a926fa8e9ddcf88feba (patch) | |
| tree | 6d6b9b31a22670f1718059df6f32a14e77a997a3 | |
| parent | 8c663dbd25a0dab1c2d903efc7cf7fc3d9d07b00 (diff) | |
| download | nova-779e58e97612d9fcb15d8a926fa8e9ddcf88feba.tar.gz | |
Ensure rbd auth fallback uses matching credentials
As of Ocata, cinder config is preferred for rbd auth values with a
fallback to nova values [1]. The fallback path, for the case when
rbd_user is configured in cinder.conf and rbd_secret_uuid is not
configured in cinder.conf, results in the mismatched use of cinder
rbd_user with nova rbd_secret_uuid.
This fixes that fallback path to use nova rbd_user from nova.conf
with rbd_secret_uuid from nova.conf.
[1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3
Thanks to David Ames for this fix.
Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d
Co-Authored-By: David Ames <david.ames@canonical.com>
Closes-Bug: #1809454
(cherry picked from commit 47b7c4f3cc582bf463fd0c796df84736a0074f48)
(cherry picked from commit f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04)
(cherry picked from commit accef50f9648dc40f1a6f457f83f5359e9dd2a24)
(cherry picked from commit a7e25aa3d2088e2726988c03e84b3b5ea47bfb7e)
| -rw-r--r-- | nova/tests/unit/virt/libvirt/volume/test_net.py | 5 | ||||
| -rw-r--r-- | nova/virt/libvirt/volume/net.py | 5 |
2 files changed, 7 insertions, 3 deletions
diff --git a/nova/tests/unit/virt/libvirt/volume/test_net.py b/nova/tests/unit/virt/libvirt/volume/test_net.py index 49947d1fa4..bd4699c974 100644 --- a/nova/tests/unit/virt/libvirt/volume/test_net.py +++ b/nova/tests/unit/virt/libvirt/volume/test_net.py @@ -145,7 +145,8 @@ class LibvirtNetVolumeDriverTestCase( secret_uuid wasn't set on the cinder side for the original connection which is now persisted in the nova.block_device_mappings.connection_info column and used here. In - this case we fallback to use the local config for secret_uuid. + this case we fallback to use the local config for secret_uuid and + username. """ libvirt_driver = net.LibvirtNetVolumeDriver(self.fake_host) connection_info = self.rbd_connection(self.vol) @@ -165,7 +166,7 @@ class LibvirtNetVolumeDriverTestCase( conf = libvirt_driver.get_config(connection_info, self.disk_info) tree = conf.format_dom() self._assertNetworkAndProtocolEquals(tree) - self.assertEqual(self.user, tree.find('./auth').get('username')) + self.assertEqual(flags_user, tree.find('./auth').get('username')) self.assertEqual(secret_type, tree.find('./auth/secret').get('type')) # Assert that the secret_uuid comes from CONF.libvirt.rbd_secret_uuid. self.assertEqual(flags_uuid, tree.find('./auth/secret').get('uuid')) diff --git a/nova/virt/libvirt/volume/net.py b/nova/virt/libvirt/volume/net.py index 8692495e99..e1386ea0a8 100644 --- a/nova/virt/libvirt/volume/net.py +++ b/nova/virt/libvirt/volume/net.py @@ -69,8 +69,11 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver): if netdisk_properties['secret_uuid'] is not None: conf.auth_secret_uuid = netdisk_properties['secret_uuid'] else: + # If we're using the rbd_secret_uuid from nova.conf we need to + # use the rbd_user from nova.conf as well. LOG.debug('Falling back to Nova configuration for RBD auth ' - 'secret_uuid value.') + 'secret_uuid and username values.') + conf.auth_username = CONF.libvirt.rbd_user conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid # secret_type is always hard-coded to 'ceph' in cinder conf.auth_secret_type = netdisk_properties['secret_type'] |