Exemple #1
0
    def get_config(self, connection_info, disk_info):
        """Returns xml for libvirt."""
        conf = super(LibvirtNetVolumeDriver,
                     self).get_config(connection_info, disk_info)

        netdisk_properties = connection_info['data']
        conf.source_type = "network"
        conf.source_protocol = connection_info['driver_volume_type']
        conf.source_name = netdisk_properties.get('name')
        conf.source_hosts = netdisk_properties.get('hosts', [])
        conf.source_ports = netdisk_properties.get('ports', [])
        if conf.source_protocol == 'rbd':
            self._set_auth_config_rbd(conf, netdisk_properties)
        elif conf.source_protocol == 'iscsi':
            try:
                conf.source_name = ("%(target_iqn)s/%(target_lun)s" %
                                    netdisk_properties)
                target_portal = netdisk_properties['target_portal']
            except KeyError:
                raise exception.InternalError(_("Invalid volume source data"))

            ip, port = utils.parse_server_string(target_portal)
            if ip == '' or port == '':
                raise exception.InternalError(_("Invalid target_lun"))
            conf.source_hosts = [ip]
            conf.source_ports = [port]
            self._set_auth_config_iscsi(conf, netdisk_properties)
        return conf
Exemple #2
0
    def get_config(self, connection_info, disk_info):
        """Returns xml for libvirt."""
        conf = super(LibvirtNetVolumeDriver,
                     self).get_config(connection_info, disk_info)

        netdisk_properties = connection_info['data']
        conf.source_type = "network"
        conf.source_protocol = connection_info['driver_volume_type']
        conf.source_name = netdisk_properties.get('name')
        conf.source_hosts = netdisk_properties.get('hosts', [])
        conf.source_ports = netdisk_properties.get('ports', [])
        if conf.source_protocol == 'rbd':
            self._set_auth_config_rbd(conf, netdisk_properties)
        elif conf.source_protocol == 'iscsi':
            try:
                conf.source_name = ("%(target_iqn)s/%(target_lun)s" %
                                    netdisk_properties)
                target_portal = netdisk_properties['target_portal']
            except KeyError:
                raise exception.InternalError(_("Invalid volume source data"))

            ip, port = utils.parse_server_string(target_portal)
            if ip == '' or port == '':
                raise exception.InternalError(_("Invalid target_lun"))
            conf.source_hosts = [ip]
            conf.source_ports = [port]
            self._set_auth_config_iscsi(conf, netdisk_properties)
        return conf
    def _login_target_portal(self, target_portal):
        (target_address, target_port) = utils.parse_server_string(target_portal)

        output = self.execute("iscsicli.exe", "ListTargetPortals")
        pattern = r"Address and Socket *: (.*)"
        portals = [addr.split() for addr in re.findall(pattern, output)]
        LOG.debug("Ensuring connection to portal: %s" % target_portal)
        if [target_address, str(target_port)] in portals:
            self.execute("iscsicli.exe", "RefreshTargetPortal", target_address, target_port)
        else:
            # Adding target portal to iscsi initiator. Sending targets
            self.execute(
                "iscsicli.exe",
                "AddTargetPortal",
                target_address,
                target_port,
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
                "*",
            )
Exemple #4
0
 def test_parse_server_string(self):
     result = utils.parse_server_string('::1')
     self.assertEqual(('::1', ''), result)
     result = utils.parse_server_string('[::1]:8773')
     self.assertEqual(('::1', '8773'), result)
     result = utils.parse_server_string('2001:db8::192.168.1.1')
     self.assertEqual(('2001:db8::192.168.1.1', ''), result)
     result = utils.parse_server_string('[2001:db8::192.168.1.1]:8773')
     self.assertEqual(('2001:db8::192.168.1.1', '8773'), result)
     result = utils.parse_server_string('192.168.1.1')
     self.assertEqual(('192.168.1.1', ''), result)
     result = utils.parse_server_string('192.168.1.2:8773')
     self.assertEqual(('192.168.1.2', '8773'), result)
     result = utils.parse_server_string('192.168.1.3')
     self.assertEqual(('192.168.1.3', ''), result)
     result = utils.parse_server_string('www.example.com:8443')
     self.assertEqual(('www.example.com', '8443'), result)
     result = utils.parse_server_string('www.example.com')
     self.assertEqual(('www.example.com', ''), result)
     # error case
     result = utils.parse_server_string('www.exa:mple.com:8443')
     self.assertEqual(('', ''), result)
Exemple #5
0
 def test_parse_server_string(self):
     result = utils.parse_server_string('::1')
     self.assertEqual(('::1', ''), result)
     result = utils.parse_server_string('[::1]:8773')
     self.assertEqual(('::1', '8773'), result)
     result = utils.parse_server_string('2001:db8::192.168.1.1')
     self.assertEqual(('2001:db8::192.168.1.1', ''), result)
     result = utils.parse_server_string('[2001:db8::192.168.1.1]:8773')
     self.assertEqual(('2001:db8::192.168.1.1', '8773'), result)
     result = utils.parse_server_string('192.168.1.1')
     self.assertEqual(('192.168.1.1', ''), result)
     result = utils.parse_server_string('192.168.1.2:8773')
     self.assertEqual(('192.168.1.2', '8773'), result)
     result = utils.parse_server_string('192.168.1.3')
     self.assertEqual(('192.168.1.3', ''), result)
     result = utils.parse_server_string('www.example.com:8443')
     self.assertEqual(('www.example.com', '8443'), result)
     result = utils.parse_server_string('www.example.com')
     self.assertEqual(('www.example.com', ''), result)
     # error case
     result = utils.parse_server_string('www.exa:mple.com:8443')
     self.assertEqual(('', ''), result)
Exemple #6
0
 def test_parse_server_string(self):
     result = utils.parse_server_string("::1")
     self.assertEqual(("::1", ""), result)
     result = utils.parse_server_string("[::1]:8773")
     self.assertEqual(("::1", "8773"), result)
     result = utils.parse_server_string("2001:db8::192.168.1.1")
     self.assertEqual(("2001:db8::192.168.1.1", ""), result)
     result = utils.parse_server_string("[2001:db8::192.168.1.1]:8773")
     self.assertEqual(("2001:db8::192.168.1.1", "8773"), result)
     result = utils.parse_server_string("192.168.1.1")
     self.assertEqual(("192.168.1.1", ""), result)
     result = utils.parse_server_string("192.168.1.2:8773")
     self.assertEqual(("192.168.1.2", "8773"), result)
     result = utils.parse_server_string("192.168.1.3")
     self.assertEqual(("192.168.1.3", ""), result)
     result = utils.parse_server_string("www.example.com:8443")
     self.assertEqual(("www.example.com", "8443"), result)
     result = utils.parse_server_string("www.example.com")
     self.assertEqual(("www.example.com", ""), result)
     # error case
     result = utils.parse_server_string("www.exa:mple.com:8443")
     self.assertEqual(("", ""), result)
Exemple #7
0
    def login_storage_target(self, target_lun, target_iqn, target_portal):
        """Add target portal, list targets and logins to the target."""
        (target_address, target_port) = utils.parse_server_string(target_portal)

        # Adding target portal to iscsi initiator. Sending targets
        portal = self._conn_storage.MSFT_iSCSITargetPortal
        portal.New(TargetPortalAddress=target_address, TargetPortalPortNumber=target_port)
        # Connecting to the target
        target = self._conn_storage.MSFT_iSCSITarget
        target.Connect(NodeAddress=target_iqn, IsPersistent=True)
        # Waiting the disk to be mounted.
        # TODO(pnavarro): Check for the operation to end instead of
        # relying on a timeout
        time.sleep(CONF.hyperv.volume_attach_retry_interval)
Exemple #8
0
    def login_storage_target(self, target_lun, target_iqn, target_portal):
        """Add target portal, list targets and logins to the target."""
        (target_address,
         target_port) = utils.parse_server_string(target_portal)

        #Adding target portal to iscsi initiator. Sending targets
        self.execute('iscsicli.exe ' + 'AddTargetPortal ' + target_address +
                     ' ' + target_port + ' * * * * * * * * * * * * *')
        #Listing targets
        self.execute('iscsicli.exe ' + 'ListTargets')
        #Sending login
        self.execute('iscsicli.exe ' + 'qlogintarget ' + target_iqn)
        #Waiting the disk to be mounted.
        #TODO(pnavarro): Check for the operation to end instead of
        #relying on a timeout
        time.sleep(CONF.hyperv.volume_attach_retry_interval)
    def login_storage_target(self, target_lun, target_iqn, target_portal):
        """Add target portal, list targets and logins to the target."""
        (target_address,
         target_port) = utils.parse_server_string(target_portal)

        #Adding target portal to iscsi initiator. Sending targets
        portal = self._conn_storage.MSFT_iSCSITargetPortal
        portal.New(TargetPortalAddress=target_address,
                   TargetPortalPortNumber=target_port)
        #Connecting to the target
        target = self._conn_storage.MSFT_iSCSITarget
        target.Connect(NodeAddress=target_iqn, IsPersistent=True)
        #Waiting the disk to be mounted.
        #TODO(pnavarro): Check for the operation to end instead of
        #relying on a timeout
        time.sleep(CONF.hyperv.volume_attach_retry_interval)
Exemple #10
0
    def login_storage_target(self, target_lun, target_iqn, target_portal):
        """Add target portal, list targets and logins to the target."""
        (target_address, target_port) = utils.parse_server_string(target_portal)

        # Adding target portal to iscsi initiator. Sending targets
        self.execute(
            "iscsicli.exe " + "AddTargetPortal " + target_address + " " + target_port + " * * * * * * * * * * * * *"
        )
        # Listing targets
        self.execute("iscsicli.exe " + "LisTargets")
        # Sending login
        self.execute("iscsicli.exe " + "qlogintarget " + target_iqn)
        # Waiting the disk to be mounted.
        # TODO(pnavarro): Check for the operation to end instead of
        # relying on a timeout
        time.sleep(CONF.hyperv.volume_attach_retry_interval)
Exemple #11
0
    def _login_target_portal(self, target_portal):
        (target_address,
         target_port) = utils.parse_server_string(target_portal)

        output = self.execute('iscsicli.exe', 'ListTargetPortals')
        pattern = r'Address and Socket *: (.*)'
        portals = [addr.split() for addr in re.findall(pattern, output)]
        LOG.debug("Ensuring connection to portal: %s" % target_portal)
        if [target_address, str(target_port)] in portals:
            self.execute('iscsicli.exe', 'RefreshTargetPortal', target_address,
                         target_port)
        else:
            #Adding target portal to iscsi initiator. Sending targets
            self.execute('iscsicli.exe', 'AddTargetPortal', target_address,
                         target_port, '*', '*', '*', '*', '*', '*', '*', '*',
                         '*', '*', '*', '*', '*')
Exemple #12
0
    def _login_target_portal(self, target_portal):
        (target_address,
         target_port) = utils.parse_server_string(target_portal)

        # Checking if the portal is already connected.
        portal = self._conn_storage.query("SELECT * FROM "
                                          "MSFT_iSCSITargetPortal "
                                          "WHERE TargetPortalAddress='%s' "
                                          "AND TargetPortalPortNumber='%s'" %
                                          (target_address, target_port))
        if portal:
            portal[0].Update()
        else:
            # Adding target portal to iscsi initiator. Sending targets
            portal = self._conn_storage.MSFT_iSCSITargetPortal
            portal.New(TargetPortalAddress=target_address,
                       TargetPortalPortNumber=target_port)
Exemple #13
0
    def _login_target_portal(self, target_portal):
        (target_address,
         target_port) = utils.parse_server_string(target_portal)

        # Checking if the portal is already connected.
        portal = self._conn_storage.query("SELECT * FROM "
                                          "MSFT_iSCSITargetPortal "
                                          "WHERE TargetPortalAddress='%s' "
                                          "AND TargetPortalPortNumber='%s'"
                                          % (target_address, target_port))
        if portal:
            portal[0].Update()
        else:
            # Adding target portal to iscsi initiator. Sending targets
            portal = self._conn_storage.MSFT_iSCSITargetPortal
            portal.New(TargetPortalAddress=target_address,
                       TargetPortalPortNumber=target_port)
Exemple #14
0
    def get_config(self, connection_info, disk_info):
        """Returns xml for libvirt."""
        conf = super(LibvirtNetVolumeDriver,
                     self).get_config(connection_info, disk_info)

        netdisk_properties = connection_info['data']
        conf.source_type = "network"
        conf.source_protocol = connection_info['driver_volume_type']
        conf.source_name = netdisk_properties.get('name')
        conf.source_hosts = netdisk_properties.get('hosts', [])
        conf.source_ports = netdisk_properties.get('ports', [])
        auth_enabled = netdisk_properties.get('auth_enabled')
        if (conf.source_protocol == 'rbd' and
                CONF.libvirt.rbd_secret_uuid):
            conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
            auth_enabled = True  # Force authentication locally
            if CONF.libvirt.rbd_user:
                conf.auth_username = CONF.libvirt.rbd_user
        if conf.source_protocol == 'iscsi':
            try:
                conf.source_name = ("%(target_iqn)s/%(target_lun)s" %
                                    netdisk_properties)
                target_portal = netdisk_properties['target_portal']
            except KeyError:
                raise exception.NovaException(_("Invalid volume source data"))

            ip, port = utils.parse_server_string(target_portal)
            if ip == '' or port == '':
                raise exception.NovaException(_("Invalid target_lun"))
            conf.source_hosts = [ip]
            conf.source_ports = [port]
            if netdisk_properties.get('auth_method') == 'CHAP':
                auth_enabled = True
                conf.auth_secret_type = 'iscsi'
                password = netdisk_properties.get('auth_password')
                conf.auth_secret_uuid = self._get_secret_uuid(conf, password)
        if auth_enabled:
            conf.auth_username = (conf.auth_username or
                                  netdisk_properties['auth_username'])
            conf.auth_secret_type = (conf.auth_secret_type or
                                     netdisk_properties['secret_type'])
            conf.auth_secret_uuid = (conf.auth_secret_uuid or
                                     netdisk_properties['secret_uuid'])
        return conf
Exemple #15
0
    def authenticate(self, access, signature, params, verb='GET',
                     server_string='127.0.0.1:8773', path='/',
                     check_type='ec2', headers=None):
        """Authenticates AWS request using access key and signature

        If the project is not specified, attempts to authenticate to
        a project with the same name as the user. This way, older tools
        that have no project knowledge will still work.

        @type access: str
        @param access: Access key for user in the form "access:project".

        @type signature: str
        @param signature: Signature of the request.

        @type params: list of str
        @param params: Web paramaters used for the signature.

        @type verb: str
        @param verb: Web request verb ('GET' or 'POST').

        @type server_string: str
        @param server_string: Web request server string.

        @type path: str
        @param path: Web request path.

        @type check_type: str
        @param check_type: Type of signature to check. 'ec2' for EC2, 's3' for
                           S3. Any other value will cause signature not to be
                           checked.

        @type headers: list
        @param headers: HTTP headers passed with the request (only needed for
                        s3 signature checks)

        @rtype: tuple (User, Project)
        @return: User and project that the request represents.
        """
        # TODO(vish): check for valid timestamp
        (access_key, _sep, project_id) = access.partition(':')

        LOG.debug(_('Looking up user: %r'), access_key)
        user = self.get_user_from_access_key(access_key)
        LOG.debug('user: %r', user)
        if user is None:
            LOG.audit(_("Failed authorization for access key %s"), access_key)
            raise exception.AccessKeyNotFound(access_key=access_key)

        # NOTE(vish): if we stop using project name as id we need better
        #             logic to find a default project for user
        if project_id == '':
            LOG.debug(_("Using project name = user name (%s)"), user.name)
            project_id = user.name

        project = self.get_project(project_id)
        if project is None:
            pjid = project_id
            uname = user.name
            LOG.audit(_("failed authorization: no project named %(pjid)s"
                    " (user=%(uname)s)") % locals())
            raise exception.ProjectNotFound(project_id=project_id)
        if not self.is_admin(user) and not self.is_project_member(user,
                                                                  project):
            uname = user.name
            uid = user.id
            pjname = project.name
            pjid = project.id
            LOG.audit(_("Failed authorization: user %(uname)s not admin"
                    " and not member of project %(pjname)s") % locals())
            raise exception.ProjectMembershipNotFound(project_id=pjid,
                                                      user_id=uid)
        if check_type == 's3':
            sign = signer.Signer(user.secret.encode())
            expected_signature = sign.s3_authorization(headers, verb, path)
            LOG.debug(_('user.secret: %s'), user.secret)
            LOG.debug(_('expected_signature: %s'), expected_signature)
            LOG.debug(_('signature: %s'), signature)
            if signature != expected_signature:
                LOG.audit(_("Invalid signature for user %s"), user.name)
                raise exception.InvalidSignature(signature=signature,
                                                 user=user)
        elif check_type == 'ec2':
            # NOTE(vish): hmac can't handle unicode, so encode ensures that
            #             secret isn't unicode
            expected_signature = signer.Signer(user.secret.encode()).generate(
                    params, verb, server_string, path)
            LOG.debug(_('user.secret: %s'), user.secret)
            LOG.debug(_('expected_signature: %s'), expected_signature)
            LOG.debug(_('signature: %s'), signature)
            if signature != expected_signature:
                (addr_str, port_str) = utils.parse_server_string(server_string)
                # If the given server_string contains port num, try without it.
                if port_str != '':
                    host_only_signature = signer.Signer(
                        user.secret.encode()).generate(params, verb,
                                                       addr_str, path)
                    LOG.debug(_('host_only_signature: %s'),
                              host_only_signature)
                    if signature == host_only_signature:
                        return (user, project)
                LOG.audit(_("Invalid signature for user %s"), user.name)
                raise exception.InvalidSignature(signature=signature,
                                                 user=user)
        return (user, project)