Add LIO configuration for iSCSI initiators

LIO requires iSCSI initiator IQNs to be specified in an ACL to be
allowed to connect to the target. Currently this is only done for
the IQN of the initiator on the cinder-volume node.

This patch allows setting lio_initiator_iqns in cinder.conf to
provide access to other nodes.  (Remote Nova compute nodes.)

Change-Id: I7ddee542fcd3fba5b6f142ad15459c08cfedc9d2

diff --git a/bin/cinder-rtstool b/bin/cinder-rtstool
index 09d2a1d60e37d1cb1d83657111cb84629b835e89..745ca1afdf46cb89dbf643d67fdc377446fa20cc 100755 (executable)
--- a/bin/cinder-rtstool
+++ b/bin/cinder-rtstool
@@ -33,7 +33,7 @@ class RtstoolImportError(RtstoolError):
     pass
 
 
-def create(backing_device, name, userid, password):
+def create(backing_device, name, userid, password, initiator_iqns=None):
     try:
         rtsroot = rtslib.root.RTSRoot()
     except rtslib.utils.RTSLibError:
@@ -78,10 +78,19 @@ def create(backing_device, name, userid, password):
     acl_new.chap_userid = userid
     acl_new.chap_password = password
 
-    tpg_new.enable = 1
-
     m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
 
+    if initiator_iqns:
+        initiator_iqns = initiator_iqns.strip(' ')
+        for i in initiator_iqns.split(','):
+            acl_new = rtslib.NodeACL(tpg_new, i, mode='create')
+            acl_new.chap_userid = userid
+            acl_new.chap_password = password
+
+            m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+
+    tpg_new.enable = 1
+
     try:
         rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
     except rtslib.utils.RTSLibError:
@@ -127,7 +136,9 @@ def verify_rtslib():
 
 def usage():
     print "Usage:"
-    print sys.argv[0], "create [device] [name] [userid] [password]"
+    print sys.argv[0], \
+        "create [device] [name] [userid] [password]", \
+        "<initiator_iqn,iqn2,iqn3,...>"
     print sys.argv[0], "get-targets"
     print sys.argv[0], "delete [iqn]"
     print sys.argv[0], "verify"
@@ -145,12 +156,19 @@ def main(argv=None):
         if len(argv) < 6:
             usage()
 
+        if len(argv) > 7:
+            usage()
+
         backing_device = argv[2]
         name = argv[3]
         userid = argv[4]
         password = argv[5]
+        initiator_iqns = None
+
+        if len(argv) > 6:
+            initiator_iqns = argv[6]
 
-        create(backing_device, name, userid, password)
+        create(backing_device, name, userid, password, initiator_iqns)
 
     elif argv[1] == 'get-targets':
         get_targets()

diff --git a/cinder/volume/iscsi.py b/cinder/volume/iscsi.py
index 59fa6095c3fd8490a16d450120b82adaa12ae11c..2219b99f3bb0d04b79e73bbc9635d49ba2cedbce 100644 (file)
--- a/cinder/volume/iscsi.py
+++ b/cinder/volume/iscsi.py
@@ -40,7 +40,15 @@ iscsi_helper_opt = [cfg.StrOpt('iscsi_helper',
                                     'directory'),
                     cfg.StrOpt('iet_conf',
                                default='/etc/iet/ietd.conf',
-                               help='IET configuration file'), ]
+                               help='IET configuration file'),
+                    cfg.StrOpt('lio_initiator_iqns',
+                               default='',
+                               help=('Comma-separatd list of initiator IQNs '
+                                     'allowed to connect to the '
+                                     'iSCSI target. (From Nova compute nodes.)'
+                                     )
+                               )
+                    ]
 
 FLAGS = flags.FLAGS
 FLAGS.register_opts(iscsi_helper_opt)
@@ -353,14 +361,20 @@ class LioAdm(TargetAdmin):
         if chap_auth != None:
             (chap_auth_userid, chap_auth_password) = chap_auth.split(' ')[1:]
 
+        extra_args = []
+        if FLAGS.lio_initiator_iqns:
+            extra_args.append(FLAGS.lio_initiator_iqns)
+
         try:
-            self._execute('cinder-rtstool',
-                          'create',
-                          path,
-                          name,
-                          chap_auth_userid,
-                          chap_auth_password,
-                          run_as_root=True)
+            command_args = ['cinder-rtstool',
+                            'create',
+                            path,
+                            name,
+                            chap_auth_userid,
+                            chap_auth_password]
+            if extra_args != []:
+                command_args += extra_args
+            self._execute(*command_args, run_as_root=True)
         except exception.ProcessExecutionError as e:
                 LOG.error(_("Failed to create iscsi target for volume "
                             "id:%(vol_id)s.") % locals())

diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index 071b7ad9d23dae970cdde5b2d69694ae2e2f22cb..b44bc8c747d4e91550c9c5b075485f6364c6dc3f 100644 (file)
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -1130,6 +1130,10 @@
 # IET configuration file (string value)
 #iet_conf=/etc/iet/ietd.conf
 
+# Comma-separatd list of initiator IQNs allowed to connect to
+# the iSCSI target. (From Nova compute nodes.) (string value)
+#lio_initiator_iqns=
+
 
 #
 # Options defined in cinder.volume.manager