def _set_chap_str(self, chap_str): username, self.password_str = chap_str.split('/', 1) if encryption_available() and len(self.password_str) > 0: self.password = self._encrypt() else: self.password = self.password_str
def __init__(self, chap_str): self.error = False self.error_msg = '' if '/' in chap_str: self.user, self.password_str = chap_str.split('/', 1) if len(self.password_str) > 16 and encryption_available(): self.password = self._decrypt() else: self.password = self.password_str else: self.user = '' self.password = ''
def set_discovery_auth_config(username, password, mutual_username, mutual_password, config): encryption_enabled = encryption_available() discovery_auth_config = { 'username': '', 'password': '', 'password_encryption_enabled': encryption_enabled, 'mutual_username': '', 'mutual_password': '', 'mutual_password_encryption_enabled': encryption_enabled } if username != '': chap = CHAP(username, password, encryption_enabled) chap_mutual = CHAP(mutual_username, mutual_password, encryption_enabled) discovery_auth_config['username'] = chap.user discovery_auth_config['password'] = chap.encrypted_password( encryption_enabled) discovery_auth_config['mutual_username'] = chap_mutual.user discovery_auth_config['mutual_password'] = \ chap_mutual.encrypted_password(encryption_enabled) config.update_item('discovery_auth', '', discovery_auth_config)
def configure_auth(self, username, password, mutual_username, mutual_password, target_config): """ Attempt to configure authentication for the client :return: """ auth_enabled = (username and password) self.logger.debug("configuring auth username={}, password={}, mutual_username={}, " "mutual_password={}".format(username, password, mutual_username, mutual_password)) acl_chap_userid = self.acl.chap_userid acl_chap_password = self.acl.chap_password acl_chap_mutual_userid = self.acl.chap_mutual_userid acl_chap_mutual_password = self.acl.chap_mutual_password try: self.logger.debug("Updating the ACL") if username != acl_chap_userid or \ password != acl_chap_password: self.acl.chap_userid = username self.acl.chap_password = password new_chap = CHAP(username, password, False) self.logger.debug("chap object set to: {},{},{}".format( new_chap.user, new_chap.password, new_chap.password_str)) if new_chap.error: self.error = True self.error_msg = new_chap.error_msg return if mutual_username != acl_chap_mutual_userid or \ mutual_password != acl_chap_mutual_password: self.acl.chap_mutual_userid = mutual_username self.acl.chap_mutual_password = mutual_password new_chap_mutual = CHAP(mutual_username, mutual_password, False) self.logger.debug("chap mutual object set to: {},{},{}".format( new_chap_mutual.user, new_chap_mutual.password, new_chap_mutual.password_str)) if new_chap_mutual.error: self.error = True self.error_msg = new_chap_mutual.error_msg return if auth_enabled: self.tpg.set_attribute('authentication', '1') else: self.try_disable_auth(self.tpg) self.logger.debug("Updating config object meta data") encryption_enabled = encryption_available() if username != acl_chap_userid: self.metadata['auth']['username'] = new_chap.user if password != acl_chap_password: self.metadata['auth']['password'] = new_chap.encrypted_password(encryption_enabled) self.metadata['auth']['password_encryption_enabled'] = encryption_enabled if mutual_username != acl_chap_mutual_userid: self.metadata['auth']['mutual_username'] = new_chap_mutual.user if mutual_password != acl_chap_mutual_password: self.metadata['auth']['mutual_password'] = \ new_chap_mutual.encrypted_password(encryption_enabled) self.metadata['auth']['mutual_password_encryption_enabled'] = encryption_enabled except RTSLibError as err: self.error = True self.error_msg = ("Unable to configure authentication " "for {} - ".format(self.iqn, err)) self.logger.error("(Client.configure_auth) failed to set " "credentials for {}".format(self.iqn)) else: self.change_count += 1 self._update_acl(target_config)
def _upgrade_config(self): if self.config['version'] >= Config.seed_config['version']: return if self.config['version'] <= 2: self.add_item("groups", element_name=None, initial_value={}) self.update_item("version", element_name=None, element_value=3) if self.config['version'] == 3: iqn = self.config['gateways']['iqn'] gateways = {} portals = {} for host, gateway_v3 in self.config['gateways'].items(): if isinstance(gateway_v3, dict): portal = gateway_v3 portal.pop('iqn') active_luns = portal.pop('active_luns') updated = portal.pop('updated', None) created = portal.pop('created', None) gateway = {'active_luns': active_luns} if created: gateway['created'] = created if updated: gateway['updated'] = updated gateways[host] = gateway portals[host] = portal for _, client in self.config['clients'].items(): client.pop('created', None) client.pop('updated', None) client['auth']['chap_mutual'] = '' for _, group in self.config['groups'].items(): group.pop('created', None) group.pop('updated', None) target = { 'disks': list(self.config['disks'].keys()), 'clients': self.config['clients'], 'portals': portals, 'groups': self.config['groups'], 'controls': self.config['controls'], 'ip_list': self.config['gateways']['ip_list'] } self.add_item('discovery_auth', None, { 'chap': '', 'chap_mutual': '' }) self.add_item("targets", None, {}) self.add_item("targets", iqn, target) self.update_item("targets", iqn, target) self.del_item('controls', None) self.del_item('clients', None) self.del_item('groups', None) self.update_item("gateways", None, gateways) self.update_item("version", None, 4) if self.config['version'] == 4: for disk_id, disk in self.config['disks'].items(): disk['backstore'] = USER_RBD self.update_item("disks", disk_id, disk) self.update_item("version", None, 5) if self.config['version'] == 5: for target_iqn, target in self.config['targets'].items(): target['acl_enabled'] = True self.update_item("targets", target_iqn, target) self.update_item("version", None, 6) if self.config['version'] == 6: new_disks = {} old_disks = [] for disk_id, disk in self.config['disks'].items(): disk['backstore_object_name'] = disk_id new_disk_id = disk_id.replace('.', '/') new_disks[new_disk_id] = disk old_disks.append(disk_id) for old_disk_id in old_disks: self.del_item('disks', old_disk_id) for new_disk_id, new_disk in new_disks.items(): self.add_item("disks", new_disk_id, new_disk) for iqn, target in self.config['targets'].items(): new_disk_ids = [] for disk_id in target['disks']: new_disk_id = disk_id.replace('.', '/') new_disk_ids.append(new_disk_id) target['disks'] = new_disk_ids for _, client in target['clients'].items(): new_luns = {} for lun_id, lun in client['luns'].items(): new_lun_id = lun_id.replace('.', '/') new_luns[new_lun_id] = lun client['luns'] = new_luns for _, group in target['groups'].items(): new_group_disks = {} for group_disk_id, group_disk in group['disks'].items(): new_group_disk_id = group_disk_id.replace('.', '/') new_group_disks[new_group_disk_id] = group_disk group['disks'] = new_group_disks self.update_item("targets", iqn, target) self.update_item("version", None, 7) if self.config['version'] == 7: if '/' in self.config['discovery_auth']['chap']: duser, dpassword = self.config['discovery_auth']['chap'].split( '/', 1) else: duser = '' dpassword = '' self.config['discovery_auth']['username'] = duser self.config['discovery_auth']['password'] = dpassword self.config['discovery_auth'][ 'password_encryption_enabled'] = False self.config['discovery_auth'].pop('chap', None) if '/' in self.config['discovery_auth']['chap_mutual']: dmuser, dmpassword = self.config['discovery_auth'][ 'chap_mutual'].split('/', 1) else: dmuser = '' dmpassword = '' self.config['discovery_auth']['mutual_username'] = dmuser self.config['discovery_auth']['mutual_password'] = dmpassword self.config['discovery_auth'][ 'mutual_password_encryption_enabled'] = False self.config['discovery_auth'].pop('chap_mutual', None) self.update_item("discovery_auth", None, self.config['discovery_auth']) for target_iqn, target in self.config['targets'].items(): for _, client in target['clients'].items(): if '/' in client['auth']['chap']: user, password = client['auth']['chap'].split('/', 1) else: user = '' password = '' client['auth']['username'] = user client['auth']['password'] = password client['auth']['password_encryption_enabled'] = \ (len(password) > 16 and encryption_available()) client['auth'].pop('chap', None) if '/' in client['auth']['chap_mutual']: muser, mpassword = client['auth']['chap_mutual'].split( '/', 1) else: muser = '' mpassword = '' client['auth']['mutual_username'] = muser client['auth']['mutual_password'] = mpassword client['auth']['mutual_password_encryption_enabled'] = \ (len(mpassword) > 16 and encryption_available()) client['auth'].pop('chap_mutual', None) self.update_item("targets", target_iqn, target) self.update_item("version", None, 8) self.commit("retain")
def _upgrade_config(self): if self.config['version'] >= Config.seed_config['version']: return if self.config['version'] <= 2: self.add_item("groups", element_name=None, initial_value={}) self.update_item("version", element_name=None, element_value=3) if self.config['version'] == 3: iqn = self.config['gateways']['iqn'] gateways = {} portals = {} for host, gateway_v3 in self.config['gateways'].items(): if isinstance(gateway_v3, dict): portal = gateway_v3 portal.pop('iqn') active_luns = portal.pop('active_luns') updated = portal.pop('updated', None) created = portal.pop('created', None) gateway = { 'active_luns': active_luns } if created: gateway['created'] = created if updated: gateway['updated'] = updated gateways[host] = gateway portals[host] = portal for _, client in self.config['clients'].items(): client.pop('created', None) client.pop('updated', None) client['auth']['chap_mutual'] = '' for _, group in self.config['groups'].items(): group.pop('created', None) group.pop('updated', None) target = { 'disks': list(self.config['disks'].keys()), 'clients': self.config['clients'], 'portals': portals, 'groups': self.config['groups'], 'controls': self.config.get('controls', {}), 'ip_list': self.config['gateways']['ip_list'] } self.add_item('discovery_auth', None, { 'chap': '', 'chap_mutual': '' }) self.add_item("targets", None, {}) self.add_item("targets", iqn, target) self.update_item("targets", iqn, target) if 'controls' in self.config: self.del_item('controls', None) self.del_item('clients', None) self.del_item('groups', None) self.update_item("gateways", None, gateways) self.update_item("version", None, 4) if self.config['version'] == 4: for disk_id, disk in self.config['disks'].items(): disk['backstore'] = USER_RBD self.update_item("disks", disk_id, disk) self.update_item("version", None, 5) if self.config['version'] == 5: for target_iqn, target in self.config['targets'].items(): target['acl_enabled'] = True self.update_item("targets", target_iqn, target) self.update_item("version", None, 6) if self.config['version'] == 6: new_disks = {} old_disks = [] for disk_id, disk in self.config['disks'].items(): disk['backstore_object_name'] = disk_id new_disk_id = disk_id.replace('.', '/') new_disks[new_disk_id] = disk old_disks.append(disk_id) for old_disk_id in old_disks: self.del_item('disks', old_disk_id) for new_disk_id, new_disk in new_disks.items(): self.add_item("disks", new_disk_id, new_disk) for iqn, target in self.config['targets'].items(): new_disk_ids = [] for disk_id in target['disks']: new_disk_id = disk_id.replace('.', '/') new_disk_ids.append(new_disk_id) target['disks'] = new_disk_ids for _, client in target['clients'].items(): new_luns = {} for lun_id, lun in client['luns'].items(): new_lun_id = lun_id.replace('.', '/') new_luns[new_lun_id] = lun client['luns'] = new_luns for _, group in target['groups'].items(): new_group_disks = {} for group_disk_id, group_disk in group['disks'].items(): new_group_disk_id = group_disk_id.replace('.', '/') new_group_disks[new_group_disk_id] = group_disk group['disks'] = new_group_disks self.update_item("targets", iqn, target) self.update_item("version", None, 7) if self.config['version'] == 7: if '/' in self.config['discovery_auth']['chap']: duser, dpassword = self.config['discovery_auth']['chap'].split('/', 1) else: duser = '' dpassword = '' self.config['discovery_auth']['username'] = duser self.config['discovery_auth']['password'] = dpassword self.config['discovery_auth']['password_encryption_enabled'] = False self.config['discovery_auth'].pop('chap', None) if '/' in self.config['discovery_auth']['chap_mutual']: dmuser, dmpassword = self.config['discovery_auth']['chap_mutual'].split('/', 1) else: dmuser = '' dmpassword = '' self.config['discovery_auth']['mutual_username'] = dmuser self.config['discovery_auth']['mutual_password'] = dmpassword self.config['discovery_auth']['mutual_password_encryption_enabled'] = False self.config['discovery_auth'].pop('chap_mutual', None) self.update_item("discovery_auth", None, self.config['discovery_auth']) for target_iqn, target in self.config['targets'].items(): for _, client in target['clients'].items(): if '/' in client['auth']['chap']: user, password = client['auth']['chap'].split('/', 1) else: user = '' password = '' client['auth']['username'] = user client['auth']['password'] = password client['auth']['password_encryption_enabled'] = \ (len(password) > 16 and encryption_available()) client['auth'].pop('chap', None) if '/' in client['auth']['chap_mutual']: muser, mpassword = client['auth']['chap_mutual'].split('/', 1) else: muser = '' mpassword = '' client['auth']['mutual_username'] = muser client['auth']['mutual_password'] = mpassword client['auth']['mutual_password_encryption_enabled'] = \ (len(mpassword) > 16 and encryption_available()) client['auth'].pop('chap_mutual', None) self.update_item("targets", target_iqn, target) self.update_item("version", None, 8) if self.config['version'] == 8: for target_iqn, target in self.config['targets'].items(): for _, portal in target['portals'].items(): portal['portal_ip_addresses'] = [portal['portal_ip_address']] portal.pop('portal_ip_address') self.update_item("targets", target_iqn, target) self.update_item("version", None, 9) if self.config['version'] == 9 or self.config['version'] == 9.5: # temporary field to store the gateways already upgraded from v9 to v10 gateways_upgraded = self.config.get('gateways_upgraded') if not gateways_upgraded: gateways_upgraded = [] self.add_item('gateways_upgraded', None, gateways_upgraded) this_shortname = socket.gethostname().split('.')[0] this_fqdn = socket.getfqdn() if this_fqdn not in gateways_upgraded: gateways_config = self.config['gateways'] gateway_config = gateways_config.get(this_shortname) if gateway_config: gateways_config.pop(this_shortname) gateways_config[this_fqdn] = gateway_config self.update_item("gateways", None, gateways_config) for target_iqn, target in self.config['targets'].items(): portals_config = target['portals'] portal_config = portals_config.get(this_shortname) if portal_config: portals_config.pop(this_shortname) portals_config[this_fqdn] = portal_config self.update_item("targets", target_iqn, target) for disk_id, disk in self.config['disks'].items(): if disk.get('allocating_host') == this_shortname: disk['allocating_host'] = this_fqdn if disk.get('owner') == this_shortname: disk['owner'] = this_fqdn self.update_item("disks", disk_id, disk) gateways_upgraded.append(this_fqdn) self.update_item("gateways_upgraded", None, gateways_upgraded) if any(gateway_name not in gateways_upgraded for gateway_name in self.config['gateways'].keys()): # upgrade from v9 to v10 is still in progress, some gateways are not upgraded yet self.update_item("version", None, 9.5) else: self.del_item("gateways_upgraded", None) self.update_item("version", None, 10) if self.config['version'] == 10: for target_iqn, target in self.config['targets'].items(): target['auth'] = { 'username': '', 'password': '', 'password_encryption_enabled': False, 'mutual_username': '', 'mutual_password': '', 'mutual_password_encryption_enabled': False } disks = {} for disk_index, disk in enumerate(sorted(target['disks'])): disks[disk] = { 'lun_id': disk_index } target['disks'] = disks self.update_item("targets", target_iqn, target) self.update_item("version", None, 11) self.commit("retain")