openstack/cinder
Code Issues Proposed changes

Add LIO configuration for iSCSI initiators

Browse Source 
LIO requires iSCSI initiator IQNs to be specified in an ACL to be
allowed to connect to the target. Currently this is only done for
the IQN of the initiator on the cinder-volume node.

This patch allows setting lio_initiator_iqns in cinder.conf to
provide access to other nodes.  (Remote Nova compute nodes.)

Change-Id: I7ddee542fcd3fba5b6f142ad15459c08cfedc9d2
This commit is contained in:
Eric Harney 2013-02-05 18:02:46 -05:00
parent d5ac3cb692
commit 79551a68d3
3 changed files with 49 additions and 13 deletions

28
bin/cinder-rtstool

@ -33,7 +33,7 @@ class RtstoolImportError(RtstoolError):
pass
def create(backing_device, name, userid, password):
def create(backing_device, name, userid, password, initiator_iqns=None):
try:
rtsroot = rtslib.root.RTSRoot()
except rtslib.utils.RTSLibError:
@ -78,10 +78,19 @@ def create(backing_device, name, userid, password):
acl_new.chap_userid = userid
acl_new.chap_password = password
tpg_new.enable = 1
m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
if initiator_iqns:
initiator_iqns = initiator_iqns.strip(' ')
for i in initiator_iqns.split(','):
acl_new = rtslib.NodeACL(tpg_new, i, mode='create')
acl_new.chap_userid = userid
acl_new.chap_password = password
m = rtslib.MappedLUN(acl_new, lun_new.lun, lun_new.lun)
tpg_new.enable = 1
try:
rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
except rtslib.utils.RTSLibError:
@ -127,7 +136,9 @@ def verify_rtslib():
def usage():
print "Usage:"
print sys.argv[0], "create [device] [name] [userid] [password]"
print sys.argv[0], \
"create [device] [name] [userid] [password]", \
"<initiator_iqn,iqn2,iqn3,...>"
print sys.argv[0], "get-targets"
print sys.argv[0], "delete [iqn]"
print sys.argv[0], "verify"
@ -145,12 +156,19 @@ def main(argv=None):
if len(argv) < 6:
usage()
if len(argv) > 7:
usage()
backing_device = argv[2]
name = argv[3]
userid = argv[4]
password = argv[5]
initiator_iqns = None
create(backing_device, name, userid, password)
if len(argv) > 6:
initiator_iqns = argv[6]
create(backing_device, name, userid, password, initiator_iqns)
elif argv[1] == 'get-targets':
get_targets()

30
cinder/volume/iscsi.py

@ -40,7 +40,15 @@ iscsi_helper_opt = [cfg.StrOpt('iscsi_helper',
'directory'),
cfg.StrOpt('iet_conf',
default='/etc/iet/ietd.conf',
help='IET configuration file'), ]
help='IET configuration file'),
cfg.StrOpt('lio_initiator_iqns',
default='',
help=('Comma-separatd list of initiator IQNs '
'allowed to connect to the '
'iSCSI target. (From Nova compute nodes.)'
)
)
]
FLAGS = flags.FLAGS
FLAGS.register_opts(iscsi_helper_opt)
@ -353,14 +361,20 @@ class LioAdm(TargetAdmin):
if chap_auth != None:
(chap_auth_userid, chap_auth_password) = chap_auth.split(' ')[1:]
extra_args = []
if FLAGS.lio_initiator_iqns:
extra_args.append(FLAGS.lio_initiator_iqns)
try:
self._execute('cinder-rtstool',
'create',
path,
name,
chap_auth_userid,
chap_auth_password,
run_as_root=True)
command_args = ['cinder-rtstool',
'create',
path,
name,
chap_auth_userid,
chap_auth_password]
if extra_args != []:
command_args += extra_args
self._execute(*command_args, run_as_root=True)
except exception.ProcessExecutionError as e:
LOG.error(_("Failed to create iscsi target for volume "
"id:%(vol_id)s.") % locals())

4
etc/cinder/cinder.conf.sample

@ -1130,6 +1130,10 @@
# IET configuration file (string value)
#iet_conf=/etc/iet/ietd.conf
# Comma-separatd list of initiator IQNs allowed to connect to
# the iSCSI target. (From Nova compute nodes.) (string value)
#lio_initiator_iqns=
#
# Options defined in cinder.volume.manager