Add the generation of the username and password for iSCSI target.

When a volume is created, a pair of username and password is generated by the
driver for tgtadm and ietadm.

Implementation of bpiSCSI-CHAP.

Change-Id: I4f382a96ba4553158dc609e8caf9e70486e30603

diff --git a/cinder/utils.py b/cinder/utils.py
index c6510a7ece466bdf71d1a925c87ead3e7321602d..752f11e04c219e55ac85989d13ac404a8c47ad50 100644 (file)
--- a/cinder/utils.py
+++ b/cinder/utils.py
@@ -413,6 +413,11 @@ def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
     return ''.join(password)
 
 
+def generate_username(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
+    # Use the same implementation as the password generation.
+    return generate_password(length, symbolgroups)
+
+
 def last_octet(address):
     return int(address.split('.')[-1])
 

diff --git a/cinder/volume/driver.py b/cinder/volume/driver.py
index 69c9d5ae76060e8aacc7815b21bb377581c2f736..f803ab5ea71ccf8438168f40babe6b25ef2c48f1 100644 (file)
--- a/cinder/volume/driver.py
+++ b/cinder/volume/driver.py
@@ -368,14 +368,22 @@ class ISCSIDriver(VolumeDriver):
             lun = 1  # For tgtadm the controller is lun 0, dev starts at lun 1
             iscsi_target = 0  # NOTE(jdg): Not used by tgtadm
 
+        # Use the same method to generate the username and the password.
+        chap_username = utils.generate_username()
+        chap_password = utils.generate_password()
+        chap_auth = _iscsi_authentication('IncomingUser', chap_username,
+                                          chap_password)
         # NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
         # should clean this all up at some point in the future
         tid = self.tgtadm.create_iscsi_target(iscsi_name,
                                               iscsi_target,
                                               0,
-                                              volume_path)
+                                              volume_path,
+                                              chap_auth)
         model_update['provider_location'] = _iscsi_location(
             FLAGS.iscsi_ip_address, tid, iscsi_name, lun)
+        model_update['provider_auth'] = _iscsi_authentication(
+            'CHAP', chap_username, chap_password)
         return model_update
 
     def remove_export(self, context, volume):
@@ -908,3 +916,7 @@ class LoggingVolumeDriver(VolumeDriver):
 
 def _iscsi_location(ip, target, iqn, lun=None):
     return "%s:%s,%s %s %s" % (ip, FLAGS.iscsi_port, target, iqn, lun)
+
+
+def _iscsi_authentication(chap, name, password):
+    return "%s %s %s" % (chap, name, password)

diff --git a/cinder/volume/iscsi.py b/cinder/volume/iscsi.py
index cb8d5df723456a7d3a1bd2b1ca659ee0730244a6..edf548f45197885905af7362a977ef48e60f2b17 100644 (file)
--- a/cinder/volume/iscsi.py
+++ b/cinder/volume/iscsi.py
@@ -59,7 +59,8 @@ class TargetAdmin(object):
     def _run(self, *args, **kwargs):
         self._execute(self._cmd, *args, run_as_root=True, **kwargs)
 
-    def create_iscsi_target(self, name, tid, lun, path, **kwargs):
+    def create_iscsi_target(self, name, tid, lun, path,
+                            chap_auth=None, **kwargs):
         """Create a iSCSI target and logical unit"""
         raise NotImplementedError()
 
@@ -105,19 +106,27 @@ class TgtAdm(TargetAdmin):
 
         return None
 
-    def create_iscsi_target(self, name, tid, lun, path, **kwargs):
+    def create_iscsi_target(self, name, tid, lun, path,
+                            chap_auth=None, **kwargs):
         # Note(jdg) tid and lun aren't used by TgtAdm but remain for
         # compatibility
 
         utils.ensure_tree(FLAGS.volumes_dir)
 
         vol_id = name.split(':')[1]
-        volume_conf = """
-            <target %s>
-                backing-store %s
-            </target>
-        """ % (name, path)
-
+        if chap_auth is None:
+            volume_conf = """
+                <target %s>
+                    backing-store %s
+                </target>
+            """ % (name, path)
+        else:
+            volume_conf = """
+                <target %s>
+                    backing-store %s
+                    %s
+                </target>
+            """ % (name, path, chap_auth)
         LOG.info(_('Creating volume: %s') % vol_id)
         volumes_dir = FLAGS.volumes_dir
         volume_path = os.path.join(volumes_dir, vol_id)
@@ -186,9 +195,13 @@ class IetAdm(TargetAdmin):
     def __init__(self, execute=utils.execute):
         super(IetAdm, self).__init__('ietadm', execute)
 
-    def create_iscsi_target(self, name, tid, lun, path, **kwargs):
+    def create_iscsi_target(self, name, tid, lun, path,
+                            chap_auth=None, **kwargs):
         self._new_target(name, tid, **kwargs)
         self._new_logicalunit(tid, lun, path, **kwargs)
+        if chap_auth is not None:
+            (type, username, password) = chap_auth.split()
+            self._new_auth(tid, type, username, password, **kwargs)
         return tid
 
     def remove_iscsi_target(self, tid, lun, vol_id, **kwargs):
@@ -225,6 +238,13 @@ class IetAdm(TargetAdmin):
                   '--lun=%d' % lun,
                   **kwargs)
 
+    def _new_auth(self, tid, type, username, password, **kwargs):
+        self._run('--op', 'new',
+                  '--tid=%s' % tid,
+                  '--user',
+                  '--params=%s=%s,Password=%s' % (type, username, password),
+                  **kwargs)
+
 
 def get_target_admin():
     if FLAGS.iscsi_helper == 'tgtadm':