From 79551a68d3dfc3cfe4113f022dfdb4d26b11d336 Mon Sep 17 00:00:00 2001
From: Eric Harney <eharney@redhat.com>
Date: Tue, 5 Feb 2013 18:02:46 -0500
Subject: [PATCH] Add LIO configuration for iSCSI initiators

LIO requires iSCSI initiator IQNs to be specified in an ACL to be
allowed to connect to the target. Currently this is only done for
the IQN of the initiator on the cinder-volume node.

This patch allows setting lio_initiator_iqns in cinder.conf to
provide access to other nodes.  (Remote Nova compute nodes.)

Change-Id: I7ddee542fcd3fba5b6f142ad15459c08cfedc9d2
---
 bin/cinder-rtstool            | 28 +++++++++++++++++++++++-----
 cinder/volume/iscsi.py        | 30 ++++++++++++++++++++++--------
 etc/cinder/cinder.conf.sample |  4 ++++
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/bin/cinder-rtstool b/bin/cinder-rtstool
index 09d2a1d60..745ca1afd 100755
--- a/bin/cinder-rtstool
+++ b/bin/cinder-rtstool
@@ -33,7 +33,7 @@ class RtstoolImportError(RtstoolError):
     pass
 
 
-def create(backing_device, name, userid, password):
+def create(backing_device, name, userid, password, initiator_iqns=None):
     try:
         rtsroot = rtslib.root.RTSRoot()
     except rtslib.utils.RTSLibError:
@@ -78,10 +78,19 @@ def create(backing_device, name, userid, password):
     acl_new.chap_userid = userid
     acl_new.chap_password = password
 
-    tpg_new.enable = 1
-
     m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
 
+    if initiator_iqns:
+        initiator_iqns = initiator_iqns.strip(' ')
+        for i in initiator_iqns.split(','):
+            acl_new = rtslib.NodeACL(tpg_new, i, mode='create')
+            acl_new.chap_userid = userid
+            acl_new.chap_password = password
+
+            m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
+
+    tpg_new.enable = 1
+
     try:
         rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
     except rtslib.utils.RTSLibError:
@@ -127,7 +136,9 @@ def verify_rtslib():
 
 def usage():
     print "Usage:"
-    print sys.argv[0], "create [device] [name] [userid] [password]"
+    print sys.argv[0], \
+        "create [device] [name] [userid] [password]", \
+        "<initiator_iqn,iqn2,iqn3,...>"
     print sys.argv[0], "get-targets"
     print sys.argv[0], "delete [iqn]"
     print sys.argv[0], "verify"
@@ -145,12 +156,19 @@ def main(argv=None):
         if len(argv) < 6:
             usage()
 
+        if len(argv) > 7:
+            usage()
+
         backing_device = argv[2]
         name = argv[3]
         userid = argv[4]
         password = argv[5]
+        initiator_iqns = None
+
+        if len(argv) > 6:
+            initiator_iqns = argv[6]
 
-        create(backing_device, name, userid, password)
+        create(backing_device, name, userid, password, initiator_iqns)
 
     elif argv[1] == 'get-targets':
         get_targets()
diff --git a/cinder/volume/iscsi.py b/cinder/volume/iscsi.py
index 59fa6095c..2219b99f3 100644
--- a/cinder/volume/iscsi.py
+++ b/cinder/volume/iscsi.py
@@ -40,7 +40,15 @@ iscsi_helper_opt = [cfg.StrOpt('iscsi_helper',
                                     'directory'),
                     cfg.StrOpt('iet_conf',
                                default='/etc/iet/ietd.conf',
-                               help='IET configuration file'), ]
+                               help='IET configuration file'),
+                    cfg.StrOpt('lio_initiator_iqns',
+                               default='',
+                               help=('Comma-separatd list of initiator IQNs '
+                                     'allowed to connect to the '
+                                     'iSCSI target. (From Nova compute nodes.)'
+                                     )
+                               )
+                    ]
 
 FLAGS = flags.FLAGS
 FLAGS.register_opts(iscsi_helper_opt)
@@ -353,14 +361,20 @@ class LioAdm(TargetAdmin):
         if chap_auth != None:
             (chap_auth_userid, chap_auth_password) = chap_auth.split(' ')[1:]
 
+        extra_args = []
+        if FLAGS.lio_initiator_iqns:
+            extra_args.append(FLAGS.lio_initiator_iqns)
+
         try:
-            self._execute('cinder-rtstool',
-                          'create',
-                          path,
-                          name,
-                          chap_auth_userid,
-                          chap_auth_password,
-                          run_as_root=True)
+            command_args = ['cinder-rtstool',
+                            'create',
+                            path,
+                            name,
+                            chap_auth_userid,
+                            chap_auth_password]
+            if extra_args != []:
+                command_args += extra_args
+            self._execute(*command_args, run_as_root=True)
         except exception.ProcessExecutionError as e:
                 LOG.error(_("Failed to create iscsi target for volume "
                             "id:%(vol_id)s.") % locals())
diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index 071b7ad9d..b44bc8c74 100644
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -1130,6 +1130,10 @@
 # IET configuration file (string value)
 #iet_conf=/etc/iet/ietd.conf
 
+# Comma-separatd list of initiator IQNs allowed to connect to
+# the iSCSI target. (From Nova compute nodes.) (string value)
+#lio_initiator_iqns=
+
 
 #
 # Options defined in cinder.volume.manager
-- 
2.45.2