From e0e912b084923e6da831533c21b10e46f48d2cf1 Mon Sep 17 00:00:00 2001 From: Minmin Ren Date: Tue, 14 May 2019 09:02:28 +0000 Subject: [PATCH] Add rbd secret_uuid in secondary config - Update initialize_connection to return active backend connection data. - Add secret_uuid support in secondary config For example: replication_device = backend_id:secondary, conf:/etc/ceph/secondary.conf, user:SECONDARY_UDER, secret_uuid:SENDARY_SECRET_UUID Closes-Bug #1828974 Change-Id: I1692310ef8ddc8ace88c4209fa447722ee422aaf --- cinder/tests/unit/volume/drivers/test_rbd.py | 43 +++++++++++++------ cinder/volume/drivers/rbd.py | 24 +++++++---- ...d_secret_uuid_config-c74d65e6d3d610c6.yaml | 6 +++ 3 files changed, 52 insertions(+), 21 deletions(-) create mode 100644 releasenotes/notes/rbd_replication_add_secret_uuid_config-c74d65e6d3d610c6.yaml diff --git a/cinder/tests/unit/volume/drivers/test_rbd.py b/cinder/tests/unit/volume/drivers/test_rbd.py index bc4ca68a6ad..c89d621ff18 100644 --- a/cinder/tests/unit/volume/drivers/test_rbd.py +++ b/cinder/tests/unit/volume/drivers/test_rbd.py @@ -268,7 +268,8 @@ class RBDTestCase(test.TestCase): cfg = [{'backend_id': 'secondary-backend'}] expected = [{'name': 'secondary-backend', 'conf': '/etc/ceph/secondary-backend.conf', - 'user': 'cinder'}] + 'user': 'cinder', + 'secret_uuid': self.cfg.rbd_secret_uuid}] self.driver._parse_replication_configs(cfg) self.assertEqual(expected, self.driver._replication_targets) @@ -280,10 +281,12 @@ class RBDTestCase(test.TestCase): {'backend_id': 'tertiary-backend'}] expected = [{'name': 'secondary-backend', 'conf': 'foo', - 'user': 'bar'}, + 'user': 'bar', + 'secret_uuid': self.cfg.rbd_secret_uuid}, {'name': 'tertiary-backend', 'conf': '/etc/ceph/tertiary-backend.conf', - 'user': 'cinder'}] + 'user': 'cinder', + 'secret_uuid': self.cfg.rbd_secret_uuid}] self.driver._parse_replication_configs(cfg[:num_targets]) self.assertEqual(expected[:num_targets], self.driver._replication_targets) @@ -297,16 +300,19 @@ class RBDTestCase(test.TestCase): self.assertEqual([], self.driver._target_names) self.assertEqual({'name': self.cfg.rbd_cluster_name, 'conf': self.cfg.rbd_ceph_conf, - 'user': self.cfg.rbd_user}, + 'user': self.cfg.rbd_user, + 'secret_uuid': self.cfg.rbd_secret_uuid}, self.driver._active_config) def test_do_setup_replication(self): cfg = [{'backend_id': 'secondary-backend', 'conf': 'foo', - 'user': 'bar'}] + 'user': 'bar', + 'secret_uuid': 'secondary_secret_uuid'}] expected = [{'name': 'secondary-backend', 'conf': 'foo', - 'user': 'bar'}] + 'user': 'bar', + 'secret_uuid': 'secondary_secret_uuid'}] with mock.patch.object(self.driver.configuration, 'safe_get', return_value=cfg): @@ -315,16 +321,19 @@ class RBDTestCase(test.TestCase): self.assertEqual(expected, self.driver._replication_targets) self.assertEqual({'name': self.cfg.rbd_cluster_name, 'conf': self.cfg.rbd_ceph_conf, - 'user': self.cfg.rbd_user}, + 'user': self.cfg.rbd_user, + 'secret_uuid': self.cfg.rbd_secret_uuid}, self.driver._active_config) def test_do_setup_replication_failed_over(self): cfg = [{'backend_id': 'secondary-backend', 'conf': 'foo', - 'user': 'bar'}] + 'user': 'bar', + 'secret_uuid': 'secondary_secret_uuid'}] expected = [{'name': 'secondary-backend', 'conf': 'foo', - 'user': 'bar'}] + 'user': 'bar', + 'secret_uuid': 'secondary_secret_uuid'}] self.driver._active_backend_id = 'secondary-backend' with mock.patch.object(self.driver.configuration, 'safe_get', @@ -1516,6 +1525,9 @@ class RBDTestCase(test.TestCase): keyring_data = "[client.cinder]\n key = test\n" mock_keyring.return_value = keyring_data + self.driver._active_config = {'name': 'secondary_id', + 'user': 'foo', + 'conf': 'bar'} expected = { 'driver_volume_type': 'rbd', 'data': { @@ -1523,11 +1535,11 @@ class RBDTestCase(test.TestCase): self.volume_a.name), 'hosts': hosts, 'ports': ports, - 'cluster_name': self.cfg.rbd_cluster_name, + 'cluster_name': 'secondary_id', 'auth_enabled': True, - 'auth_username': self.cfg.rbd_user, + 'auth_username': 'foo', 'secret_type': 'ceph', - 'secret_uuid': None, + 'secret_uuid': self.cfg.rbd_secret_uuid, 'volume_id': self.volume_a.id, 'discard': True, 'keyring': keyring_data, @@ -1540,6 +1552,13 @@ class RBDTestCase(test.TestCase): expected['data']['keyring'] = None self._initialize_connection_helper(expected, hosts, ports) + self.driver._active_config = {'name': 'secondary_id', + 'user': 'foo', + 'conf': 'bar', + 'secret_uuid': 'secondary_secret_uuid'} + expected['data']['secret_uuid'] = 'secondary_secret_uuid' + self._initialize_connection_helper(expected, hosts, ports) + def test__get_keyring_contents_no_config_file(self): self.cfg.rbd_keyring_conf = '' self.assertIsNone(self.driver._get_keyring_contents()) diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py index 616ccfee02f..1d6925011ff 100644 --- a/cinder/volume/drivers/rbd.py +++ b/cinder/volume/drivers/rbd.py @@ -261,7 +261,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, return { 'name': self.configuration.rbd_cluster_name, 'conf': self.configuration.rbd_ceph_conf, - 'user': self.configuration.rbd_user + 'user': self.configuration.rbd_user, + 'secret_uuid': self.configuration.rbd_secret_uuid } raise exception.InvalidReplicationTarget( reason=_('RBD: Unknown failover target host %s.') % target_id) @@ -291,10 +292,13 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, self.SYSCONFDIR + name + '.conf') user = replication_device.get( 'user', self.configuration.rbd_user or 'cinder') + secret_uuid = replication_device.get( + 'secret_uuid', self.configuration.rbd_secret_uuid) # Pool has to be the same in all clusters replication_target = {'name': name, 'conf': utils.convert_str(conf), - 'user': utils.convert_str(user)} + 'user': utils.convert_str(user), + 'secret_uuid': secret_uuid} LOG.info('Adding replication target: %s.', name) self._replication_targets.append(replication_target) self._target_names.append(name) @@ -302,7 +306,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, def _get_config_tuple(self, remote=None): if not remote: remote = self._active_config - return (remote.get('name'), remote.get('conf'), remote.get('user')) + return (remote.get('name'), remote.get('conf'), remote.get('user'), + remote.get('secret_uuid', None)) def _trash_purge(self): LOG.info("Purging trash for backend '%s'", self._backend_name) @@ -375,7 +380,7 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, def _ceph_args(self): args = [] - name, conf, user = self._get_config_tuple() + name, conf, user, secret_uuid = self._get_config_tuple() if user: args.extend(['--id', user]) @@ -391,7 +396,7 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, self.configuration.rados_connection_interval, self.configuration.rados_connection_retries) def _do_conn(pool, remote, timeout): - name, conf, user = self._get_config_tuple(remote) + name, conf, user, secret_uuid = self._get_config_tuple(remote) if pool is not None: pool = utils.convert_str(pool) @@ -1389,6 +1394,7 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, def initialize_connection(self, volume, connector): hosts, ports = self._get_mon_addrs() + name, conf, user, secret_uuid = self._get_config_tuple() data = { 'driver_volume_type': 'rbd', 'data': { @@ -1396,11 +1402,11 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, volume.name), 'hosts': hosts, 'ports': ports, - 'cluster_name': self.configuration.rbd_cluster_name, - 'auth_enabled': (self.configuration.rbd_user is not None), - 'auth_username': self.configuration.rbd_user, + 'cluster_name': name, + 'auth_enabled': (user is not None), + 'auth_username': user, 'secret_type': 'ceph', - 'secret_uuid': self.configuration.rbd_secret_uuid, + 'secret_uuid': secret_uuid, 'volume_id': volume.id, "discard": True, 'keyring': self._get_keyring_contents(), diff --git a/releasenotes/notes/rbd_replication_add_secret_uuid_config-c74d65e6d3d610c6.yaml b/releasenotes/notes/rbd_replication_add_secret_uuid_config-c74d65e6d3d610c6.yaml new file mode 100644 index 00000000000..4623ecc2aa2 --- /dev/null +++ b/releasenotes/notes/rbd_replication_add_secret_uuid_config-c74d65e6d3d610c6.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Rbd replication secondary device could set different user and keyring with primary cluster. + Secondary secret_uuid value is configed in libvirt secret, and libvirtd using secondary secret + reconnect to secondary cluster after Cinder failover host.