diff options
| author | Lee Yarwood <lyarwood@redhat.com> | 2021-01-28 11:21:16 +0000 |
|---|---|---|
| committer | Lee Yarwood <lyarwood@redhat.com> | 2021-02-01 16:00:32 +0000 |
| commit | 5d1adb2604de37ad6717a604b87d9fbaf35f0999 (patch) | |
| tree | 3a611082027739be3fafeadd027f35d093df11c5 /nova | |
| parent | cf1db74731198b573cc3693c7923c665b43fcf9c (diff) | |
| download | nova-5d1adb2604de37ad6717a604b87d9fbaf35f0999.tar.gz | |
libvirt: Use specific user when probing encrypted rbd disks during extend
I0c3f14100a18107f7e416293f3d4fcc641ce5e55 introduced new logic when
extending LUKSv1 encrypted rbd volumes. As part of this qemu-img is used
to probe the rbd volume to determine the size of the LUKSv1 header.
The URI used to point to the rbd volume did not provide a user and
assumed that n-cpu/privsep would have access to the admin keyring. This
isn't always the case in most environments and would result in a failure
to probe the disk when the admin keyring wasn't available.
This change resolves this by appending the `id:$username` option to the
end of the URI provided to qemu-img using the `auth_username` found in
the connection_info from Cinder.
Closes-Bug: #1913575
Change-Id: Ia6d6dcdd7042f2aef6b3abeb5cd0f7525678a3b7
(cherry picked from commit b62a1abd616cea7fdfcad18e1cf548767d67b6dd)
Diffstat (limited to 'nova')
| -rw-r--r-- | nova/tests/unit/virt/libvirt/test_driver.py | 5 | ||||
| -rw-r--r-- | nova/virt/libvirt/driver.py | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index 291679e8f2..93e3c7c13e 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -10017,6 +10017,8 @@ class LibvirtConnTestCase(test.NoDBTestCase, 'serial': uuids.volume_id, 'driver_volume_type': 'rbd', 'data': {'name': 'pool/volume', + 'auth_enabled': 'true', + 'auth_username': 'username', 'access_mode': 'rw'} } disk_1 = mock.Mock(spec=vconfig.LibvirtConfigGuestDisk, @@ -10058,7 +10060,8 @@ class LibvirtConnTestCase(test.NoDBTestCase, mock_get_encryption_metadata.assert_called_once_with( self.context, drvr._volume_api, uuids.volume_id, connection_info) - mock_qemu_img_info.assert_called_once_with('rbd:pool/volume') + mock_qemu_img_info.assert_called_once_with( + 'rbd:pool/volume:id=username') # Assert that the Libvirt call to resize the device within the instance # is called with the LUKSv1 payload offset taken into account. diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index f3791204e4..e79d5e1358 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -2150,7 +2150,11 @@ class LibvirtDriver(driver.ComputeDriver): if 'device_path' in connection_info['data']: path = connection_info['data']['device_path'] elif connection_info['driver_volume_type'] == 'rbd': - path = 'rbd:%s' % (connection_info['data']['name']) + volume_name = connection_info['data']['name'] + path = f"rbd:{volume_name}" + if connection_info['data'].get('auth_enabled'): + username = connection_info['data']['auth_username'] + path = f"rbd:{volume_name}:id={username}" else: path = 'unknown' raise exception.DiskNotFound(location='unknown') |