def create_export(self, context, volume, volume_path, conf):
"""Creates an export for a logical volume."""
iscsi_name = "%s%s" % (conf.iscsi_target_prefix,
volume['name'])
max_targets = conf.safe_get('iscsi_num_targets')
(iscsi_target, lun) = self._get_target_and_lun(context,
volume,
max_targets)
chap_username = utils.generate_username()
chap_password = utils.generate_password()
chap_auth = self._iscsi_authentication('IncomingUser',
chap_username,
chap_password)
# NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
# should clean this all up at some point in the future
tid = self.create_iscsi_target(iscsi_name,
iscsi_target,
0,
volume_path,
chap_auth)
data = {}
data['location'] = self._iscsi_location(
conf.iscsi_ip_address, tid, iscsi_name, conf.iscsi_port, lun)
data['auth'] = self._iscsi_authentication(
'CHAP', chap_username, chap_password)
return data
def test_generate_password(self):
password = utils.generate_password()
self.assertTrue([c for c in password if c in '0123456789'])
self.assertTrue([c for c in password
if c in 'abcdefghijklmnopqrstuvwxyz'])
self.assertTrue([c for c in password
if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'])
def _create_server(self, connector):
server_info = None
chap_enabled = self.configuration.hplefthand_iscsi_chap_enabled
try:
server_info = self.client.getServerByName(connector['host'])
chap_secret = server_info['chapTargetSecret']
if not chap_enabled and chap_secret:
LOG.warning(_('CHAP secret exists for host %s but CHAP is '
'disabled') % connector['host'])
if chap_enabled and chap_secret is None:
LOG.warning(_('CHAP is enabled, but server secret not '
'configured on server %s') % connector['host'])
return server_info
except hpexceptions.HTTPNotFound:
# server does not exist, so create one
pass
optional = None
if chap_enabled:
chap_secret = utils.generate_password()
optional = {'chapName': connector['initiator'],
'chapTargetSecret': chap_secret,
'chapAuthenticationRequired': True
}
server_info = self.client.createServer(connector['host'],
connector['initiator'],
optional)
return server_info
def create_export(self, context, volume):
"""Creates an export for a logical volume."""
#BOOKMARK(jdg)
iscsi_name = "%s%s" % (FLAGS.iscsi_target_prefix, volume['name'])
volume_path = "/dev/%s/%s" % (FLAGS.volume_group, volume['name'])
model_update = {}
# TODO(jdg): In the future move all of the dependent stuff into the
# cooresponding target admin class
if not isinstance(self.tgtadm, iscsi.TgtAdm):
lun = 0
self._ensure_iscsi_targets(context, volume['host'])
iscsi_target = self.db.volume_allocate_iscsi_target(
context, volume['id'], volume['host'])
else:
lun = 1 # For tgtadm the controller is lun 0, dev starts at lun 1
iscsi_target = 0 # NOTE(jdg): Not used by tgtadm
# Use the same method to generate the username and the password.
chap_username = utils.generate_username()
chap_password = utils.generate_password()
chap_auth = _iscsi_authentication('IncomingUser', chap_username,
chap_password)
# NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
# should clean this all up at some point in the future
tid = self.tgtadm.create_iscsi_target(iscsi_name, iscsi_target, 0,
volume_path, chap_auth)
model_update['provider_location'] = _iscsi_location(
FLAGS.iscsi_ip_address, tid, iscsi_name, lun)
model_update['provider_auth'] = _iscsi_authentication(
'CHAP', chap_username, chap_password)
return model_update
def create_export(self, context, volume):
"""Creates an export for a logical volume."""
iscsi_name = "%s%s" % (self.configuration.iscsi_target_prefix, volume["name"])
volume_path = "/dev/%s/%s" % (self.configuration.volume_group, volume["name"])
model_update = {}
# TODO(jdg): In the future move all of the dependent stuff into the
# cooresponding target admin class
if not isinstance(self.tgtadm, iscsi.TgtAdm):
lun = 0
self._ensure_iscsi_targets(context, volume["host"])
iscsi_target = self.db.volume_allocate_iscsi_target(context, volume["id"], volume["host"])
else:
lun = 1 # For tgtadm the controller is lun 0, dev starts at lun 1
iscsi_target = 0 # NOTE(jdg): Not used by tgtadm
# Use the same method to generate the username and the password.
chap_username = utils.generate_username()
chap_password = utils.generate_password()
chap_auth = self._iscsi_authentication("IncomingUser", chap_username, chap_password)
# NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
# should clean this all up at some point in the future
tid = self.tgtadm.create_iscsi_target(iscsi_name, iscsi_target, 0, volume_path, chap_auth)
model_update["provider_location"] = self._iscsi_location(
self.configuration.iscsi_ip_address, tid, iscsi_name, lun
)
model_update["provider_auth"] = self._iscsi_authentication("CHAP", chap_username, chap_password)
return model_update
def create_export(self, context, volume):
"""Creates an export for a logical volume."""
iser_name = "%s%s" % (self.configuration.iscsi_target_prefix,
volume['name'])
volume_path = "/dev/%s/%s" % (self.configuration.volume_group,
volume['name'])
model_update = {}
# TODO(jdg): In the future move all of the dependent stuff into the
# cooresponding target admin class
if not isinstance(self.tgtadm, iscsi.TgtAdm):
lun = 0
self._ensure_iser_targets(context, volume['host'])
iser_target = self.db.volume_allocate_iscsi_target(
context, volume['id'], volume['host'])
else:
lun = 1 # For tgtadm the controller is lun 0, dev starts at lun 1
iser_target = 0
# Use the same method to generate the username and the password.
chap_username = utils.generate_username()
chap_password = utils.generate_password()
chap_auth = self._iser_authentication('IncomingUser', chap_username,
chap_password)
tid = self.tgtadm.create_iscsi_target(iser_name, iser_target, 0,
volume_path, chap_auth)
model_update['provider_location'] = self._iser_location(
self.configuration.iscsi_ip_address, tid, iser_name, lun)
model_update['provider_auth'] = self._iser_authentication(
'CHAP', chap_username, chap_password)
return model_update
def test_generate_password(self):
password = utils.generate_password()
self.assertTrue([c for c in password if c in '0123456789'])
self.assertTrue(
[c for c in password if c in 'abcdefghijklmnopqrstuvwxyz'])
self.assertTrue(
[c for c in password if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'])
def _create_server(self, connector):
server_info = None
chap_enabled = self.configuration.hplefthand_iscsi_chap_enabled
try:
server_info = self.client.getServerByName(connector['host'])
chap_secret = server_info['chapTargetSecret']
if not chap_enabled and chap_secret:
LOG.warning(
_('CHAP secret exists for host %s but CHAP is '
'disabled') % connector['host'])
if chap_enabled and chap_secret is None:
LOG.warning(
_('CHAP is enabled, but server secret not '
'configured on server %s') % connector['host'])
return server_info
except hpexceptions.HTTPNotFound:
# server does not exist, so create one
pass
optional = None
if chap_enabled:
chap_secret = utils.generate_password()
optional = {
'chapName': connector['initiator'],
'chapTargetSecret': chap_secret,
'chapAuthenticationRequired': True
}
server_info = self.client.createServer(connector['host'],
connector['initiator'],
optional)
return server_info
def create_export(self, context, volume, volume_path):
"""Creates an export for a logical volume."""
iscsi_name = "%s%s" % (CONF.iscsi_target_prefix, volume['name'])
iscsi_target, lun = self._get_target_and_lun(context, volume)
chap_username = utils.generate_username()
chap_password = utils.generate_password()
chap_auth = self._iscsi_authentication('IncomingUser', chap_username,
chap_password)
# NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
# should clean this all up at some point in the future
tid = self.create_iscsi_target(iscsi_name, iscsi_target, 0,
volume_path, chap_auth)
data = {}
data['location'] = self._iscsi_location(CONF.iscsi_ip_address, tid,
iscsi_name, lun)
data['auth'] = self._iscsi_authentication('CHAP', chap_username,
chap_password)
return data
def create_key(self, ctxt, **kwargs):
"""Creates a key.
This implementation returns a UUID for the created key. A
NotAuthorized exception is raised if the specified context is None.
"""
if ctxt is None:
raise exception.NotAuthorized()
# generate the key
key_length = kwargs.get('key_length', 256)
# hex digit => 4 bits
hex_string = utils.generate_password(length=key_length / 4,
symbolgroups='0123456789ABCDEF')
_bytes = array.array('B', hex_string.decode('hex')).tolist()
_key = key.SymmetricKey('AES', _bytes)
return self.store_key(ctxt, _key)
def create_key(self, ctxt, **kwargs):
"""Creates a key.
This implementation returns a UUID for the created key. A
NotAuthorized exception is raised if the specified context is None.
"""
if ctxt is None:
raise exception.NotAuthorized()
# generate the key
key_length = kwargs.get('key_length', 256)
# hex digit => 4 bits
hex_string = utils.generate_password(length=key_length / 4,
symbolgroups='0123456789ABCDEF')
_bytes = array.array('B', hex_string.decode('hex')).tolist()
_key = key.SymmetricKey('AES', _bytes)
return self.store_key(ctxt, _key)
def _create_export(self, context, volume, vg=None):
"""Creates an export for a logical volume."""
if vg is None:
vg = self.configuration.volume_group
iscsi_name = "%s%s" % (self.configuration.iscsi_target_prefix,
volume['name'])
volume_path = "/dev/%s/%s" % (vg, volume['name'])
model_update = {}
# TODO(jdg): In the future move all of the dependent stuff into the
# corresponding target admin class
if not isinstance(self.tgtadm, iscsi.TgtAdm):
lun = 0
self._ensure_iscsi_targets(context, volume['host'])
iscsi_target = self.db.volume_allocate_iscsi_target(context,
volume['id'],
volume['host'])
else:
lun = 1 # For tgtadm the controller is lun 0, dev starts at lun 1
iscsi_target = 0 # NOTE(jdg): Not used by tgtadm
# Use the same method to generate the username and the password.
chap_username = utils.generate_username()
chap_password = utils.generate_password()
chap_auth = self._iscsi_authentication('IncomingUser', chap_username,
chap_password)
tid = self._create_tgtadm_target(iscsi_name, iscsi_target,
volume_path, chap_auth)
model_update['provider_location'] = self._iscsi_location(
self.configuration.iscsi_ip_address, tid, iscsi_name, lun)
model_update['provider_auth'] = self._iscsi_authentication(
'CHAP', chap_username, chap_password)
return model_update
def add_chap_secret_to_host(self, host_name):
"""Generate and store a randomly-generated CHAP secret for the host."""
chap_secret = utils.generate_password()
self.ssh.add_chap_secret(chap_secret, host_name)
return chap_secret
def _generate_hex_key(self, **kwargs):
key_length = kwargs.get('key_length', 256)
# hex digit => 4 bits
hex_encoded = utils.generate_password(length=key_length / 4,
symbolgroups='0123456789ABCDEF')
return hex_encoded
def _get_service(self, volume):
"""Get the available service parameters for a given volume using
its type.
:param volume: dictionary volume reference
"""
label = None
if volume['volume_type']:
label = volume['volume_type']['name']
label = label or 'default'
if label not in self.config['services'].keys():
# default works if no match is found
label = 'default'
LOG.info(_("Using default: instead of %s") % label)
LOG.info(_("Available services: %s")
% self.config['services'].keys())
if label in self.config['services'].keys():
svc = self.config['services'][label]
# HNAS - one time lookup
# see if the client supports CHAP authentication and if
# iscsi_secret has already been set, retrieve the secret if
# available, otherwise generate and store
if self.config['chap_enabled'] == 'True':
# it may not exist, create and set secret
if 'iscsi_secret' not in svc:
LOG.info(_("Retrieving secret for service: %s")
% label)
out = self.bend.get_targetsecret(self.config['hnas_cmd'],
self.config['mgmt_ip0'],
self.config['username'],
self.config['password'],
'cinder-' + label,
svc['hdp'])
svc['iscsi_secret'] = out
if svc['iscsi_secret'] == "":
svc['iscsi_secret'] = utils.generate_password()[0:15]
self.bend.set_targetsecret(self.config['hnas_cmd'],
self.config['mgmt_ip0'],
self.config['username'],
self.config['password'],
svc['iscsi_target'],
svc['hdp'],
svc['iscsi_secret'])
LOG.info("Set tgt CHAP secret for service: %s"
% (label))
else:
# We set blank password when the client does not
# support CHAP. Later on, if the client tries to create a new
# target that does not exists in the backend, we check for this
# value and use a temporary dummy password.
if 'iscsi_secret' not in svc:
# Warns in the first time
LOG.info("CHAP authentication disabled")
svc['iscsi_secret'] = ""
if 'iscsi_target' not in svc:
LOG.info(_("Retrieving target for service: %s") % label)
out = self.bend.get_targetiqn(self.config['hnas_cmd'],
self.config['mgmt_ip0'],
self.config['username'],
self.config['password'],
'cinder-' + label,
svc['hdp'],
svc['iscsi_secret'])
svc['iscsi_target'] = out
self.config['services'][label] = svc
service = (svc['iscsi_ip'], svc['iscsi_port'], svc['ctl'],
svc['port'], svc['hdp'], svc['iscsi_target'],
svc['iscsi_secret'])
else:
LOG.info(_("Available services: %s")
% self.config['services'].keys())
LOG.error(_("No configuration found for service: %s")
% label)
raise exception.ParameterNotFound(param=label)
return service
def add_chap_secret_to_host(self, host_name):
"""Generate and store a randomly-generated CHAP secret for the host."""
chap_secret = utils.generate_password()
self.ssh.add_chap_secret(chap_secret, host_name)
return chap_secret
def _get_service(self, volume):
"""Get the available service parameters for a given volume using
its type.
:param volume: dictionary volume reference
"""
label = None
if volume['volume_type']:
label = volume['volume_type']['name']
label = label or 'default'
if label not in self.config['services'].keys():
# default works if no match is found
label = 'default'
LOG.info(_("Using default: instead of %s") % label)
LOG.info(
_("Available services: %s") % self.config['services'].keys())
if label in self.config['services'].keys():
svc = self.config['services'][label]
# HNAS - one time lookup
# see if the client supports CHAP authentication and if
# iscsi_secret has already been set, retrieve the secret if
# available, otherwise generate and store
if self.config['chap_enabled'] == 'True':
# it may not exist, create and set secret
if 'iscsi_secret' not in svc:
LOG.info(_("Retrieving secret for service: %s") % label)
out = self.bend.get_targetsecret(self.config['hnas_cmd'],
self.config['mgmt_ip0'],
self.config['username'],
self.config['password'],
'cinder-' + label,
svc['hdp'])
svc['iscsi_secret'] = out
if svc['iscsi_secret'] == "":
svc['iscsi_secret'] = utils.generate_password()[0:15]
self.bend.set_targetsecret(
self.config['hnas_cmd'], self.config['mgmt_ip0'],
self.config['username'], self.config['password'],
svc['iscsi_target'], svc['hdp'],
svc['iscsi_secret'])
LOG.info("Set tgt CHAP secret for service: %s" %
(label))
else:
# We set blank password when the client does not
# support CHAP. Later on, if the client tries to create a new
# target that does not exists in the backend, we check for this
# value and use a temporary dummy password.
if 'iscsi_secret' not in svc:
# Warns in the first time
LOG.info("CHAP authentication disabled")
svc['iscsi_secret'] = ""
if 'iscsi_target' not in svc:
LOG.info(_("Retrieving target for service: %s") % label)
out = self.bend.get_targetiqn(self.config['hnas_cmd'],
self.config['mgmt_ip0'],
self.config['username'],
self.config['password'],
'cinder-' + label, svc['hdp'],
svc['iscsi_secret'])
svc['iscsi_target'] = out
self.config['services'][label] = svc
service = (svc['iscsi_ip'], svc['iscsi_port'], svc['ctl'],
svc['port'], svc['hdp'], svc['iscsi_target'],
svc['iscsi_secret'])
else:
LOG.info(
_("Available services: %s") % self.config['services'].keys())
LOG.error(_("No configuration found for service: %s") % label)
raise exception.ParameterNotFound(param=label)
return service
def _generate_hex_key(self, **kwargs):
key_length = kwargs.get('key_length', 256)
# hex digit => 4 bits
hex_encoded = utils.generate_password(length=key_length / 4,
symbolgroups='0123456789ABCDEF')
return hex_encoded