Esempio n. 1
0
    def create_export(self, context, volume, volume_path, conf):
        """Creates an export for a logical volume."""
        iscsi_name = "%s%s" % (conf.iscsi_target_prefix,
                               volume['name'])
        max_targets = conf.safe_get('iscsi_num_targets')
        (iscsi_target, lun) = self._get_target_and_lun(context,
                                                       volume,
                                                       max_targets)

        chap_username = utils.generate_username()
        chap_password = utils.generate_password()
        chap_auth = self._iscsi_authentication('IncomingUser',
                                               chap_username,
                                               chap_password)
        # NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
        # should clean this all up at some point in the future
        tid = self.create_iscsi_target(iscsi_name,
                                       iscsi_target,
                                       0,
                                       volume_path,
                                       chap_auth)
        data = {}
        data['location'] = self._iscsi_location(
            conf.iscsi_ip_address, tid, iscsi_name, conf.iscsi_port, lun)
        data['auth'] = self._iscsi_authentication(
            'CHAP', chap_username, chap_password)
        return data
Esempio n. 2
0
 def test_generate_password(self):
     password = utils.generate_password()
     self.assertTrue([c for c in password if c in '0123456789'])
     self.assertTrue([c for c in password
                      if c in 'abcdefghijklmnopqrstuvwxyz'])
     self.assertTrue([c for c in password
                      if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'])
Esempio n. 3
0
    def _create_server(self, connector):
        server_info = None
        chap_enabled = self.configuration.hplefthand_iscsi_chap_enabled
        try:
            server_info = self.client.getServerByName(connector['host'])
            chap_secret = server_info['chapTargetSecret']
            if not chap_enabled and chap_secret:
                LOG.warning(_('CHAP secret exists for host %s but CHAP is '
                              'disabled') % connector['host'])
            if chap_enabled and chap_secret is None:
                LOG.warning(_('CHAP is enabled, but server secret not '
                              'configured on server %s') % connector['host'])
            return server_info
        except hpexceptions.HTTPNotFound:
            # server does not exist, so create one
            pass

        optional = None
        if chap_enabled:
            chap_secret = utils.generate_password()
            optional = {'chapName': connector['initiator'],
                        'chapTargetSecret': chap_secret,
                        'chapAuthenticationRequired': True
                        }
        server_info = self.client.createServer(connector['host'],
                                               connector['initiator'],
                                               optional)
        return server_info
Esempio n. 4
0
    def create_export(self, context, volume):
        """Creates an export for a logical volume."""
        #BOOKMARK(jdg)

        iscsi_name = "%s%s" % (FLAGS.iscsi_target_prefix, volume['name'])
        volume_path = "/dev/%s/%s" % (FLAGS.volume_group, volume['name'])
        model_update = {}

        # TODO(jdg): In the future move all of the dependent stuff into the
        # cooresponding target admin class
        if not isinstance(self.tgtadm, iscsi.TgtAdm):
            lun = 0
            self._ensure_iscsi_targets(context, volume['host'])
            iscsi_target = self.db.volume_allocate_iscsi_target(
                context, volume['id'], volume['host'])
        else:
            lun = 1  # For tgtadm the controller is lun 0, dev starts at lun 1
            iscsi_target = 0  # NOTE(jdg): Not used by tgtadm

        # Use the same method to generate the username and the password.
        chap_username = utils.generate_username()
        chap_password = utils.generate_password()
        chap_auth = _iscsi_authentication('IncomingUser', chap_username,
                                          chap_password)
        # NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
        # should clean this all up at some point in the future
        tid = self.tgtadm.create_iscsi_target(iscsi_name, iscsi_target, 0,
                                              volume_path, chap_auth)
        model_update['provider_location'] = _iscsi_location(
            FLAGS.iscsi_ip_address, tid, iscsi_name, lun)
        model_update['provider_auth'] = _iscsi_authentication(
            'CHAP', chap_username, chap_password)
        return model_update
Esempio n. 5
0
    def create_export(self, context, volume):
        """Creates an export for a logical volume."""

        iscsi_name = "%s%s" % (self.configuration.iscsi_target_prefix, volume["name"])
        volume_path = "/dev/%s/%s" % (self.configuration.volume_group, volume["name"])
        model_update = {}

        # TODO(jdg): In the future move all of the dependent stuff into the
        # cooresponding target admin class
        if not isinstance(self.tgtadm, iscsi.TgtAdm):
            lun = 0
            self._ensure_iscsi_targets(context, volume["host"])
            iscsi_target = self.db.volume_allocate_iscsi_target(context, volume["id"], volume["host"])
        else:
            lun = 1  # For tgtadm the controller is lun 0, dev starts at lun 1
            iscsi_target = 0  # NOTE(jdg): Not used by tgtadm

        # Use the same method to generate the username and the password.
        chap_username = utils.generate_username()
        chap_password = utils.generate_password()
        chap_auth = self._iscsi_authentication("IncomingUser", chap_username, chap_password)
        # NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
        # should clean this all up at some point in the future
        tid = self.tgtadm.create_iscsi_target(iscsi_name, iscsi_target, 0, volume_path, chap_auth)
        model_update["provider_location"] = self._iscsi_location(
            self.configuration.iscsi_ip_address, tid, iscsi_name, lun
        )
        model_update["provider_auth"] = self._iscsi_authentication("CHAP", chap_username, chap_password)
        return model_update
Esempio n. 6
0
    def create_export(self, context, volume):
        """Creates an export for a logical volume."""

        iser_name = "%s%s" % (self.configuration.iscsi_target_prefix,
                              volume['name'])
        volume_path = "/dev/%s/%s" % (self.configuration.volume_group,
                                      volume['name'])
        model_update = {}

        # TODO(jdg): In the future move all of the dependent stuff into the
        # cooresponding target admin class
        if not isinstance(self.tgtadm, iscsi.TgtAdm):
            lun = 0
            self._ensure_iser_targets(context, volume['host'])
            iser_target = self.db.volume_allocate_iscsi_target(
                context, volume['id'], volume['host'])
        else:
            lun = 1  # For tgtadm the controller is lun 0, dev starts at lun 1
            iser_target = 0

        # Use the same method to generate the username and the password.
        chap_username = utils.generate_username()
        chap_password = utils.generate_password()
        chap_auth = self._iser_authentication('IncomingUser', chap_username,
                                              chap_password)
        tid = self.tgtadm.create_iscsi_target(iser_name, iser_target, 0,
                                              volume_path, chap_auth)
        model_update['provider_location'] = self._iser_location(
            self.configuration.iscsi_ip_address, tid, iser_name, lun)
        model_update['provider_auth'] = self._iser_authentication(
            'CHAP', chap_username, chap_password)
        return model_update
Esempio n. 7
0
 def test_generate_password(self):
     password = utils.generate_password()
     self.assertTrue([c for c in password if c in '0123456789'])
     self.assertTrue(
         [c for c in password if c in 'abcdefghijklmnopqrstuvwxyz'])
     self.assertTrue(
         [c for c in password if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'])
Esempio n. 8
0
    def _create_server(self, connector):
        server_info = None
        chap_enabled = self.configuration.hplefthand_iscsi_chap_enabled
        try:
            server_info = self.client.getServerByName(connector['host'])
            chap_secret = server_info['chapTargetSecret']
            if not chap_enabled and chap_secret:
                LOG.warning(
                    _('CHAP secret exists for host %s but CHAP is '
                      'disabled') % connector['host'])
            if chap_enabled and chap_secret is None:
                LOG.warning(
                    _('CHAP is enabled, but server secret not '
                      'configured on server %s') % connector['host'])
            return server_info
        except hpexceptions.HTTPNotFound:
            # server does not exist, so create one
            pass

        optional = None
        if chap_enabled:
            chap_secret = utils.generate_password()
            optional = {
                'chapName': connector['initiator'],
                'chapTargetSecret': chap_secret,
                'chapAuthenticationRequired': True
            }
        server_info = self.client.createServer(connector['host'],
                                               connector['initiator'],
                                               optional)
        return server_info
Esempio n. 9
0
 def create_export(self, context, volume, volume_path):
     """Creates an export for a logical volume."""
     iscsi_name = "%s%s" % (CONF.iscsi_target_prefix, volume['name'])
     iscsi_target, lun = self._get_target_and_lun(context, volume)
     chap_username = utils.generate_username()
     chap_password = utils.generate_password()
     chap_auth = self._iscsi_authentication('IncomingUser', chap_username,
                                            chap_password)
     # NOTE(jdg): For TgtAdm case iscsi_name is the ONLY param we need
     # should clean this all up at some point in the future
     tid = self.create_iscsi_target(iscsi_name, iscsi_target, 0,
                                    volume_path, chap_auth)
     data = {}
     data['location'] = self._iscsi_location(CONF.iscsi_ip_address, tid,
                                             iscsi_name, lun)
     data['auth'] = self._iscsi_authentication('CHAP', chap_username,
                                               chap_password)
     return data
Esempio n. 10
0
    def create_key(self, ctxt, **kwargs):
        """Creates a key.

        This implementation returns a UUID for the created key. A
        NotAuthorized exception is raised if the specified context is None.
        """
        if ctxt is None:
            raise exception.NotAuthorized()

        # generate the key
        key_length = kwargs.get('key_length', 256)
        # hex digit => 4 bits
        hex_string = utils.generate_password(length=key_length / 4,
                                             symbolgroups='0123456789ABCDEF')

        _bytes = array.array('B', hex_string.decode('hex')).tolist()
        _key = key.SymmetricKey('AES', _bytes)

        return self.store_key(ctxt, _key)
Esempio n. 11
0
    def create_key(self, ctxt, **kwargs):
        """Creates a key.

        This implementation returns a UUID for the created key. A
        NotAuthorized exception is raised if the specified context is None.
        """
        if ctxt is None:
            raise exception.NotAuthorized()

        # generate the key
        key_length = kwargs.get('key_length', 256)
        # hex digit => 4 bits
        hex_string = utils.generate_password(length=key_length / 4,
                                             symbolgroups='0123456789ABCDEF')

        _bytes = array.array('B', hex_string.decode('hex')).tolist()
        _key = key.SymmetricKey('AES', _bytes)

        return self.store_key(ctxt, _key)
Esempio n. 12
0
    def _create_export(self, context, volume, vg=None):
        """Creates an export for a logical volume."""
        if vg is None:
            vg = self.configuration.volume_group

        iscsi_name = "%s%s" % (self.configuration.iscsi_target_prefix,
                               volume['name'])
        volume_path = "/dev/%s/%s" % (vg, volume['name'])
        model_update = {}

        # TODO(jdg): In the future move all of the dependent stuff into the
        # corresponding target admin class
        if not isinstance(self.tgtadm, iscsi.TgtAdm):
            lun = 0
            self._ensure_iscsi_targets(context, volume['host'])
            iscsi_target = self.db.volume_allocate_iscsi_target(context,
                                                                volume['id'],
                                                                volume['host'])
        else:
            lun = 1  # For tgtadm the controller is lun 0, dev starts at lun 1
            iscsi_target = 0  # NOTE(jdg): Not used by tgtadm

        # Use the same method to generate the username and the password.
        chap_username = utils.generate_username()
        chap_password = utils.generate_password()
        chap_auth = self._iscsi_authentication('IncomingUser', chap_username,
                                               chap_password)

        tid = self._create_tgtadm_target(iscsi_name, iscsi_target,
                                         volume_path, chap_auth)

        model_update['provider_location'] = self._iscsi_location(
            self.configuration.iscsi_ip_address, tid, iscsi_name, lun)
        model_update['provider_auth'] = self._iscsi_authentication(
            'CHAP', chap_username, chap_password)
        return model_update
Esempio n. 13
0
 def add_chap_secret_to_host(self, host_name):
     """Generate and store a randomly-generated CHAP secret for the host."""
     chap_secret = utils.generate_password()
     self.ssh.add_chap_secret(chap_secret, host_name)
     return chap_secret
Esempio n. 14
0
 def _generate_hex_key(self, **kwargs):
     key_length = kwargs.get('key_length', 256)
     # hex digit => 4 bits
     hex_encoded = utils.generate_password(length=key_length / 4,
                                           symbolgroups='0123456789ABCDEF')
     return hex_encoded
Esempio n. 15
0
    def _get_service(self, volume):
        """Get the available service parameters for a given volume using
           its type.
           :param volume: dictionary volume reference
        """

        label = None
        if volume['volume_type']:
            label = volume['volume_type']['name']

        label = label or 'default'
        if label not in self.config['services'].keys():
            # default works if no match is found
            label = 'default'
            LOG.info(_("Using default: instead of %s") % label)
            LOG.info(_("Available services: %s")
                     % self.config['services'].keys())

        if label in self.config['services'].keys():
            svc = self.config['services'][label]
            # HNAS - one time lookup
            # see if the client supports CHAP authentication and if
            # iscsi_secret has already been set, retrieve the secret if
            # available, otherwise generate and store
            if self.config['chap_enabled'] == 'True':
                # it may not exist, create and set secret
                if 'iscsi_secret' not in svc:
                    LOG.info(_("Retrieving secret for service: %s")
                             % label)

                    out = self.bend.get_targetsecret(self.config['hnas_cmd'],
                                                     self.config['mgmt_ip0'],
                                                     self.config['username'],
                                                     self.config['password'],
                                                     'cinder-' + label,
                                                     svc['hdp'])
                    svc['iscsi_secret'] = out
                    if svc['iscsi_secret'] == "":
                        svc['iscsi_secret'] = utils.generate_password()[0:15]
                        self.bend.set_targetsecret(self.config['hnas_cmd'],
                                                   self.config['mgmt_ip0'],
                                                   self.config['username'],
                                                   self.config['password'],
                                                   svc['iscsi_target'],
                                                   svc['hdp'],
                                                   svc['iscsi_secret'])

                        LOG.info("Set tgt CHAP secret for service: %s"
                                 % (label))
            else:
                # We set blank password when the client does not
                # support CHAP. Later on, if the client tries to create a new
                # target that does not exists in the backend, we check for this
                # value and use a temporary dummy password.
                if 'iscsi_secret' not in svc:
                    # Warns in the first time
                    LOG.info("CHAP authentication disabled")

                svc['iscsi_secret'] = ""

            if 'iscsi_target' not in svc:
                LOG.info(_("Retrieving target for service: %s") % label)

                out = self.bend.get_targetiqn(self.config['hnas_cmd'],
                                              self.config['mgmt_ip0'],
                                              self.config['username'],
                                              self.config['password'],
                                              'cinder-' + label,
                                              svc['hdp'],
                                              svc['iscsi_secret'])
                svc['iscsi_target'] = out

            self.config['services'][label] = svc

            service = (svc['iscsi_ip'], svc['iscsi_port'], svc['ctl'],
                       svc['port'], svc['hdp'], svc['iscsi_target'],
                       svc['iscsi_secret'])
        else:
            LOG.info(_("Available services: %s")
                     % self.config['services'].keys())
            LOG.error(_("No configuration found for service: %s")
                      % label)
            raise exception.ParameterNotFound(param=label)

        return service
Esempio n. 16
0
 def add_chap_secret_to_host(self, host_name):
     """Generate and store a randomly-generated CHAP secret for the host."""
     chap_secret = utils.generate_password()
     self.ssh.add_chap_secret(chap_secret, host_name)
     return chap_secret
Esempio n. 17
0
    def _get_service(self, volume):
        """Get the available service parameters for a given volume using
           its type.
           :param volume: dictionary volume reference
        """

        label = None
        if volume['volume_type']:
            label = volume['volume_type']['name']

        label = label or 'default'
        if label not in self.config['services'].keys():
            # default works if no match is found
            label = 'default'
            LOG.info(_("Using default: instead of %s") % label)
            LOG.info(
                _("Available services: %s") % self.config['services'].keys())

        if label in self.config['services'].keys():
            svc = self.config['services'][label]
            # HNAS - one time lookup
            # see if the client supports CHAP authentication and if
            # iscsi_secret has already been set, retrieve the secret if
            # available, otherwise generate and store
            if self.config['chap_enabled'] == 'True':
                # it may not exist, create and set secret
                if 'iscsi_secret' not in svc:
                    LOG.info(_("Retrieving secret for service: %s") % label)

                    out = self.bend.get_targetsecret(self.config['hnas_cmd'],
                                                     self.config['mgmt_ip0'],
                                                     self.config['username'],
                                                     self.config['password'],
                                                     'cinder-' + label,
                                                     svc['hdp'])
                    svc['iscsi_secret'] = out
                    if svc['iscsi_secret'] == "":
                        svc['iscsi_secret'] = utils.generate_password()[0:15]
                        self.bend.set_targetsecret(
                            self.config['hnas_cmd'], self.config['mgmt_ip0'],
                            self.config['username'], self.config['password'],
                            svc['iscsi_target'], svc['hdp'],
                            svc['iscsi_secret'])

                        LOG.info("Set tgt CHAP secret for service: %s" %
                                 (label))
            else:
                # We set blank password when the client does not
                # support CHAP. Later on, if the client tries to create a new
                # target that does not exists in the backend, we check for this
                # value and use a temporary dummy password.
                if 'iscsi_secret' not in svc:
                    # Warns in the first time
                    LOG.info("CHAP authentication disabled")

                svc['iscsi_secret'] = ""

            if 'iscsi_target' not in svc:
                LOG.info(_("Retrieving target for service: %s") % label)

                out = self.bend.get_targetiqn(self.config['hnas_cmd'],
                                              self.config['mgmt_ip0'],
                                              self.config['username'],
                                              self.config['password'],
                                              'cinder-' + label, svc['hdp'],
                                              svc['iscsi_secret'])
                svc['iscsi_target'] = out

            self.config['services'][label] = svc

            service = (svc['iscsi_ip'], svc['iscsi_port'], svc['ctl'],
                       svc['port'], svc['hdp'], svc['iscsi_target'],
                       svc['iscsi_secret'])
        else:
            LOG.info(
                _("Available services: %s") % self.config['services'].keys())
            LOG.error(_("No configuration found for service: %s") % label)
            raise exception.ParameterNotFound(param=label)

        return service
Esempio n. 18
0
 def _generate_hex_key(self, **kwargs):
     key_length = kwargs.get('key_length', 256)
     # hex digit => 4 bits
     hex_encoded = utils.generate_password(length=key_length / 4,
                                           symbolgroups='0123456789ABCDEF')
     return hex_encoded