LIO iSCSI initiator ACL auto-config

Currently, IQNs of remote nova compute nodes must be specified in
cinder.conf for them to be added to LIO's ACLs for LUNs.

This change will handle this at volume-attach time instead.

Change-Id: I278ce737042b15bd4d100d331564c1377bac0c55

diff --git a/bin/cinder-rtstool b/bin/cinder-rtstool
index 745ca1afdf46cb89dbf643d67fdc377446fa20cc..5781b7ed9e1d546a0d02f1fed11a6b73d90e2da9 100755 (executable)
--- a/bin/cinder-rtstool
+++ b/bin/cinder-rtstool
@@ -78,7 +78,7 @@ def create(backing_device, name, userid, password, initiator_iqns=None):
     acl_new.chap_userid = userid
     acl_new.chap_password = password
 
-    m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+    rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
 
     if initiator_iqns:
         initiator_iqns = initiator_iqns.strip(' ')
@@ -87,7 +87,7 @@ def create(backing_device, name, userid, password, initiator_iqns=None):
             acl_new.chap_userid = userid
             acl_new.chap_password = password
 
-            m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+            rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
 
     tpg_new.enable = 1
 
@@ -105,6 +105,36 @@ def create(backing_device, name, userid, password, initiator_iqns=None):
         pass
 
 
+def add_initiator(target_iqn, initiator_iqn, userid, password):
+    try:
+        rtsroot = rtslib.root.RTSRoot()
+    except rtslib.utils.RTSLibError:
+        print _('Ensure that configfs is mounted at /sys/kernel/config.')
+        raise
+
+    # Look for the target
+    target = None
+    for t in rtsroot.targets:
+        if t.dump()['wwn'] == target_iqn:
+            target = t
+            break
+    if target == None:
+        raise RtstoolError(_('Could not find target %s') % target_iqn)
+
+    tpg = target.tpgs.next()  # get the first one
+    for acl in tpg.dump()['node_acls']:
+        # See if this ACL configuration already exists
+        if acl['node_wwn'] == initiator_iqn:
+            # No further action required
+            return
+
+    acl_new = rtslib.NodeACL(tpg, initiator_iqn, mode='create')
+    acl_new.chap_userid = userid
+    acl_new.chap_password = password
+
+    rtslib.MappedLUN(acl_new, 0, tpg_lun=0)
+
+
 def get_targets():
     rtsroot = rtslib.root.RTSRoot()
     for x in rtsroot.targets:
@@ -139,6 +169,8 @@ def usage():
     print sys.argv[0], \
         "create [device] [name] [userid] [password]", \
         "<initiator_iqn,iqn2,iqn3,...>"
+    print sys.argv[0], \
+        "add-initiator [target_iqn] [userid] [password] [initiator_iqn]"
     print sys.argv[0], "get-targets"
     print sys.argv[0], "delete [iqn]"
     print sys.argv[0], "verify"
@@ -170,6 +202,17 @@ def main(argv=None):
 
         create(backing_device, name, userid, password, initiator_iqns)
 
+    elif argv[1] == 'add-initiator':
+        if len(argv) < 6:
+            usage()
+
+        target_iqn = argv[2]
+        userid = argv[3]
+        password = argv[4]
+        initiator_iqn = argv[5]
+
+        add_initiator(target_iqn, initiator_iqn, userid, password)
+
     elif argv[1] == 'get-targets':
         get_targets()
 

diff --git a/cinder/exception.py b/cinder/exception.py
index 24d13e984da2476d7341ea926b5376148e831650..c5dd7e61ad9867344755fa845e9ef5161bd48884 100644 (file)
--- a/cinder/exception.py
+++ b/cinder/exception.py
@@ -307,6 +307,10 @@ class ISCSITargetCreateFailed(CinderException):
     message = _("Failed to create iscsi target for volume %(volume_id)s.")
 
 
+class ISCSITargetAttachFailed(CinderException):
+    message = _("Failed to attach iSCSI target for volume %(volume_id)s.")
+
+
 class ISCSITargetRemoveFailed(CinderException):
     message = _("Failed to remove iscsi target for volume %(volume_id)s.")
 

diff --git a/cinder/volume/driver.py b/cinder/volume/driver.py
index 4ee0a1920c2ea5d2e016119b4372004f0be7d24e..d293985d8fe3e37af1f946a9a40c1de017ac27c7 100644 (file)
--- a/cinder/volume/driver.py
+++ b/cinder/volume/driver.py
@@ -333,6 +333,9 @@ class ISCSIDriver(VolumeDriver):
 
         """
 
+        if self.configuration.iscsi_helper == 'lioadm':
+            self.tgtadm.initialize_connection(volume, connector)
+
         iscsi_properties = self._get_iscsi_properties(volume)
         return {
             'driver_volume_type': 'iscsi',

diff --git a/cinder/volume/iscsi.py b/cinder/volume/iscsi.py
index 50c7fe1ebdb40079e1f266d0506c018ebd872128..ae664b767b4399adec7ce672c8d03c81b06d47b9 100644 (file)
--- a/cinder/volume/iscsi.py
+++ b/cinder/volume/iscsi.py
@@ -416,6 +416,25 @@ class LioAdm(TargetAdmin):
         if tid is None:
             raise exception.NotFound()
 
+    def initialize_connection(self, volume, connector):
+        volume_iqn = volume['provider_location'].split(' ')[1]
+
+        (auth_method, auth_user, auth_pass) = \
+            volume['provider_auth'].split(' ', 3)
+
+        # Add initiator iqns to target ACL
+        try:
+            self._execute('cinder-rtstool', 'add-initiator',
+                          volume_iqn,
+                          auth_user,
+                          auth_pass,
+                          connector['initiator'],
+                          run_as_root=True)
+        except exception.ProcessExecutionError as e:
+            LOG.error(_("Failed to add initiator iqn %s to target") %
+                      connector['initiator'])
+            raise exception.ISCSITargetAttachFailed(volume_id=volume['id'])
+
 
 def get_target_admin():
     if FLAGS.iscsi_helper == 'tgtadm':