From: Eric Harney <eharney@redhat.com>
Date: Tue, 5 Feb 2013 23:02:46 +0000 (-0500)
Subject: Add LIO configuration for iSCSI initiators
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=79551a68d3dfc3cfe4113f022dfdb4d26b11d336;p=openstack-build%2Fcinder-build.git

Add LIO configuration for iSCSI initiators

LIO requires iSCSI initiator IQNs to be specified in an ACL to be
allowed to connect to the target. Currently this is only done for
the IQN of the initiator on the cinder-volume node.

This patch allows setting lio_initiator_iqns in cinder.conf to
provide access to other nodes.  (Remote Nova compute nodes.)

Change-Id: I7ddee542fcd3fba5b6f142ad15459c08cfedc9d2
---

diff --git a/bin/cinder-rtstool b/bin/cinder-rtstool
index 09d2a1d60..745ca1afd 100755
--- a/bin/cinder-rtstool
+++ b/bin/cinder-rtstool
@@ -33,7 +33,7 @@ class RtstoolImportError(RtstoolError):
     pass
 
 
-def create(backing_device, name, userid, password):
+def create(backing_device, name, userid, password, initiator_iqns=None):
     try:
         rtsroot = rtslib.root.RTSRoot()
     except rtslib.utils.RTSLibError:
@@ -78,10 +78,19 @@ def create(backing_device, name, userid, password):
     acl_new.chap_userid = userid
     acl_new.chap_password = password
 
-    tpg_new.enable = 1
-
     m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
 
+    if initiator_iqns:
+        initiator_iqns = initiator_iqns.strip(' ')
+        for i in initiator_iqns.split(','):
+            acl_new = rtslib.NodeACL(tpg_new, i, mode='create')
+            acl_new.chap_userid = userid
+            acl_new.chap_password = password
+
+            m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+
+    tpg_new.enable = 1
+
     try:
         rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
     except rtslib.utils.RTSLibError:
@@ -127,7 +136,9 @@ def verify_rtslib():
 
 def usage():
     print "Usage:"
-    print sys.argv[0], "create [device] [name] [userid] [password]"
+    print sys.argv[0], \
+        "create [device] [name] [userid] [password]", \
+        "<initiator_iqn,iqn2,iqn3,...>"
     print sys.argv[0], "get-targets"
     print sys.argv[0], "delete [iqn]"
     print sys.argv[0], "verify"
@@ -145,12 +156,19 @@ def main(argv=None):
         if len(argv) < 6:
             usage()
 
+        if len(argv) > 7:
+            usage()
+
         backing_device = argv[2]
         name = argv[3]
         userid = argv[4]
         password = argv[5]
+        initiator_iqns = None
+
+        if len(argv) > 6:
+            initiator_iqns = argv[6]
 
-        create(backing_device, name, userid, password)
+        create(backing_device, name, userid, password, initiator_iqns)
 
     elif argv[1] == 'get-targets':
         get_targets()
diff --git a/cinder/volume/iscsi.py b/cinder/volume/iscsi.py
index 59fa6095c..2219b99f3 100644
--- a/cinder/volume/iscsi.py
+++ b/cinder/volume/iscsi.py
@@ -40,7 +40,15 @@ iscsi_helper_opt = [cfg.StrOpt('iscsi_helper',
                                     'directory'),
                     cfg.StrOpt('iet_conf',
                                default='/etc/iet/ietd.conf',
-                               help='IET configuration file'), ]
+                               help='IET configuration file'),
+                    cfg.StrOpt('lio_initiator_iqns',
+                               default='',
+                               help=('Comma-separatd list of initiator IQNs '
+                                     'allowed to connect to the '
+                                     'iSCSI target. (From Nova compute nodes.)'
+                                     )
+                               )
+                    ]
 
 FLAGS = flags.FLAGS
 FLAGS.register_opts(iscsi_helper_opt)
@@ -353,14 +361,20 @@ class LioAdm(TargetAdmin):
         if chap_auth != None:
             (chap_auth_userid, chap_auth_password) = chap_auth.split(' ')[1:]
 
+        extra_args = []
+        if FLAGS.lio_initiator_iqns:
+            extra_args.append(FLAGS.lio_initiator_iqns)
+
         try:
-            self._execute('cinder-rtstool',
-                          'create',
-                          path,
-                          name,
-                          chap_auth_userid,
-                          chap_auth_password,
-                          run_as_root=True)
+            command_args = ['cinder-rtstool',
+                            'create',
+                            path,
+                            name,
+                            chap_auth_userid,
+                            chap_auth_password]
+            if extra_args != []:
+                command_args += extra_args
+            self._execute(*command_args, run_as_root=True)
         except exception.ProcessExecutionError as e:
                 LOG.error(_("Failed to create iscsi target for volume "
                             "id:%(vol_id)s.") % locals())
diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index 071b7ad9d..b44bc8c74 100644
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -1130,6 +1130,10 @@
 # IET configuration file (string value)
 #iet_conf=/etc/iet/ietd.conf
 
+# Comma-separatd list of initiator IQNs allowed to connect to
+# the iSCSI target. (From Nova compute nodes.) (string value)
+#lio_initiator_iqns=
+
 
 #
 # Options defined in cinder.volume.manager