def _set_chap_str(self, chap_str):
username, self.password_str = chap_str.split('/', 1)
if encryption_available() and len(self.password_str) > 0:
self.password = self._encrypt()
else:
self.password = self.password_str
def __init__(self, chap_str):
self.error = False
self.error_msg = ''
if '/' in chap_str:
self.user, self.password_str = chap_str.split('/', 1)
if len(self.password_str) > 16 and encryption_available():
self.password = self._decrypt()
else:
self.password = self.password_str
else:
self.user = ''
self.password = ''
def set_discovery_auth_config(username, password, mutual_username,
mutual_password, config):
encryption_enabled = encryption_available()
discovery_auth_config = {
'username': '',
'password': '',
'password_encryption_enabled': encryption_enabled,
'mutual_username': '',
'mutual_password': '',
'mutual_password_encryption_enabled': encryption_enabled
}
if username != '':
chap = CHAP(username, password, encryption_enabled)
chap_mutual = CHAP(mutual_username, mutual_password,
encryption_enabled)
discovery_auth_config['username'] = chap.user
discovery_auth_config['password'] = chap.encrypted_password(
encryption_enabled)
discovery_auth_config['mutual_username'] = chap_mutual.user
discovery_auth_config['mutual_password'] = \
chap_mutual.encrypted_password(encryption_enabled)
config.update_item('discovery_auth', '', discovery_auth_config)
def configure_auth(self, username, password, mutual_username, mutual_password, target_config):
"""
Attempt to configure authentication for the client
:return:
"""
auth_enabled = (username and password)
self.logger.debug("configuring auth username={}, password={}, mutual_username={}, "
"mutual_password={}".format(username, password, mutual_username,
mutual_password))
acl_chap_userid = self.acl.chap_userid
acl_chap_password = self.acl.chap_password
acl_chap_mutual_userid = self.acl.chap_mutual_userid
acl_chap_mutual_password = self.acl.chap_mutual_password
try:
self.logger.debug("Updating the ACL")
if username != acl_chap_userid or \
password != acl_chap_password:
self.acl.chap_userid = username
self.acl.chap_password = password
new_chap = CHAP(username, password, False)
self.logger.debug("chap object set to: {},{},{}".format(
new_chap.user, new_chap.password, new_chap.password_str))
if new_chap.error:
self.error = True
self.error_msg = new_chap.error_msg
return
if mutual_username != acl_chap_mutual_userid or \
mutual_password != acl_chap_mutual_password:
self.acl.chap_mutual_userid = mutual_username
self.acl.chap_mutual_password = mutual_password
new_chap_mutual = CHAP(mutual_username, mutual_password, False)
self.logger.debug("chap mutual object set to: {},{},{}".format(
new_chap_mutual.user, new_chap_mutual.password,
new_chap_mutual.password_str))
if new_chap_mutual.error:
self.error = True
self.error_msg = new_chap_mutual.error_msg
return
if auth_enabled:
self.tpg.set_attribute('authentication', '1')
else:
self.try_disable_auth(self.tpg)
self.logger.debug("Updating config object meta data")
encryption_enabled = encryption_available()
if username != acl_chap_userid:
self.metadata['auth']['username'] = new_chap.user
if password != acl_chap_password:
self.metadata['auth']['password'] = new_chap.encrypted_password(encryption_enabled)
self.metadata['auth']['password_encryption_enabled'] = encryption_enabled
if mutual_username != acl_chap_mutual_userid:
self.metadata['auth']['mutual_username'] = new_chap_mutual.user
if mutual_password != acl_chap_mutual_password:
self.metadata['auth']['mutual_password'] = \
new_chap_mutual.encrypted_password(encryption_enabled)
self.metadata['auth']['mutual_password_encryption_enabled'] = encryption_enabled
except RTSLibError as err:
self.error = True
self.error_msg = ("Unable to configure authentication "
"for {} - ".format(self.iqn,
err))
self.logger.error("(Client.configure_auth) failed to set "
"credentials for {}".format(self.iqn))
else:
self.change_count += 1
self._update_acl(target_config)
def _upgrade_config(self):
if self.config['version'] >= Config.seed_config['version']:
return
if self.config['version'] <= 2:
self.add_item("groups", element_name=None, initial_value={})
self.update_item("version", element_name=None, element_value=3)
if self.config['version'] == 3:
iqn = self.config['gateways']['iqn']
gateways = {}
portals = {}
for host, gateway_v3 in self.config['gateways'].items():
if isinstance(gateway_v3, dict):
portal = gateway_v3
portal.pop('iqn')
active_luns = portal.pop('active_luns')
updated = portal.pop('updated', None)
created = portal.pop('created', None)
gateway = {'active_luns': active_luns}
if created:
gateway['created'] = created
if updated:
gateway['updated'] = updated
gateways[host] = gateway
portals[host] = portal
for _, client in self.config['clients'].items():
client.pop('created', None)
client.pop('updated', None)
client['auth']['chap_mutual'] = ''
for _, group in self.config['groups'].items():
group.pop('created', None)
group.pop('updated', None)
target = {
'disks': list(self.config['disks'].keys()),
'clients': self.config['clients'],
'portals': portals,
'groups': self.config['groups'],
'controls': self.config['controls'],
'ip_list': self.config['gateways']['ip_list']
}
self.add_item('discovery_auth', None, {
'chap': '',
'chap_mutual': ''
})
self.add_item("targets", None, {})
self.add_item("targets", iqn, target)
self.update_item("targets", iqn, target)
self.del_item('controls', None)
self.del_item('clients', None)
self.del_item('groups', None)
self.update_item("gateways", None, gateways)
self.update_item("version", None, 4)
if self.config['version'] == 4:
for disk_id, disk in self.config['disks'].items():
disk['backstore'] = USER_RBD
self.update_item("disks", disk_id, disk)
self.update_item("version", None, 5)
if self.config['version'] == 5:
for target_iqn, target in self.config['targets'].items():
target['acl_enabled'] = True
self.update_item("targets", target_iqn, target)
self.update_item("version", None, 6)
if self.config['version'] == 6:
new_disks = {}
old_disks = []
for disk_id, disk in self.config['disks'].items():
disk['backstore_object_name'] = disk_id
new_disk_id = disk_id.replace('.', '/')
new_disks[new_disk_id] = disk
old_disks.append(disk_id)
for old_disk_id in old_disks:
self.del_item('disks', old_disk_id)
for new_disk_id, new_disk in new_disks.items():
self.add_item("disks", new_disk_id, new_disk)
for iqn, target in self.config['targets'].items():
new_disk_ids = []
for disk_id in target['disks']:
new_disk_id = disk_id.replace('.', '/')
new_disk_ids.append(new_disk_id)
target['disks'] = new_disk_ids
for _, client in target['clients'].items():
new_luns = {}
for lun_id, lun in client['luns'].items():
new_lun_id = lun_id.replace('.', '/')
new_luns[new_lun_id] = lun
client['luns'] = new_luns
for _, group in target['groups'].items():
new_group_disks = {}
for group_disk_id, group_disk in group['disks'].items():
new_group_disk_id = group_disk_id.replace('.', '/')
new_group_disks[new_group_disk_id] = group_disk
group['disks'] = new_group_disks
self.update_item("targets", iqn, target)
self.update_item("version", None, 7)
if self.config['version'] == 7:
if '/' in self.config['discovery_auth']['chap']:
duser, dpassword = self.config['discovery_auth']['chap'].split(
'/', 1)
else:
duser = ''
dpassword = ''
self.config['discovery_auth']['username'] = duser
self.config['discovery_auth']['password'] = dpassword
self.config['discovery_auth'][
'password_encryption_enabled'] = False
self.config['discovery_auth'].pop('chap', None)
if '/' in self.config['discovery_auth']['chap_mutual']:
dmuser, dmpassword = self.config['discovery_auth'][
'chap_mutual'].split('/', 1)
else:
dmuser = ''
dmpassword = ''
self.config['discovery_auth']['mutual_username'] = dmuser
self.config['discovery_auth']['mutual_password'] = dmpassword
self.config['discovery_auth'][
'mutual_password_encryption_enabled'] = False
self.config['discovery_auth'].pop('chap_mutual', None)
self.update_item("discovery_auth", None,
self.config['discovery_auth'])
for target_iqn, target in self.config['targets'].items():
for _, client in target['clients'].items():
if '/' in client['auth']['chap']:
user, password = client['auth']['chap'].split('/', 1)
else:
user = ''
password = ''
client['auth']['username'] = user
client['auth']['password'] = password
client['auth']['password_encryption_enabled'] = \
(len(password) > 16 and encryption_available())
client['auth'].pop('chap', None)
if '/' in client['auth']['chap_mutual']:
muser, mpassword = client['auth']['chap_mutual'].split(
'/', 1)
else:
muser = ''
mpassword = ''
client['auth']['mutual_username'] = muser
client['auth']['mutual_password'] = mpassword
client['auth']['mutual_password_encryption_enabled'] = \
(len(mpassword) > 16 and encryption_available())
client['auth'].pop('chap_mutual', None)
self.update_item("targets", target_iqn, target)
self.update_item("version", None, 8)
self.commit("retain")
def _upgrade_config(self):
if self.config['version'] >= Config.seed_config['version']:
return
if self.config['version'] <= 2:
self.add_item("groups", element_name=None, initial_value={})
self.update_item("version", element_name=None, element_value=3)
if self.config['version'] == 3:
iqn = self.config['gateways']['iqn']
gateways = {}
portals = {}
for host, gateway_v3 in self.config['gateways'].items():
if isinstance(gateway_v3, dict):
portal = gateway_v3
portal.pop('iqn')
active_luns = portal.pop('active_luns')
updated = portal.pop('updated', None)
created = portal.pop('created', None)
gateway = {
'active_luns': active_luns
}
if created:
gateway['created'] = created
if updated:
gateway['updated'] = updated
gateways[host] = gateway
portals[host] = portal
for _, client in self.config['clients'].items():
client.pop('created', None)
client.pop('updated', None)
client['auth']['chap_mutual'] = ''
for _, group in self.config['groups'].items():
group.pop('created', None)
group.pop('updated', None)
target = {
'disks': list(self.config['disks'].keys()),
'clients': self.config['clients'],
'portals': portals,
'groups': self.config['groups'],
'controls': self.config.get('controls', {}),
'ip_list': self.config['gateways']['ip_list']
}
self.add_item('discovery_auth', None, {
'chap': '',
'chap_mutual': ''
})
self.add_item("targets", None, {})
self.add_item("targets", iqn, target)
self.update_item("targets", iqn, target)
if 'controls' in self.config:
self.del_item('controls', None)
self.del_item('clients', None)
self.del_item('groups', None)
self.update_item("gateways", None, gateways)
self.update_item("version", None, 4)
if self.config['version'] == 4:
for disk_id, disk in self.config['disks'].items():
disk['backstore'] = USER_RBD
self.update_item("disks", disk_id, disk)
self.update_item("version", None, 5)
if self.config['version'] == 5:
for target_iqn, target in self.config['targets'].items():
target['acl_enabled'] = True
self.update_item("targets", target_iqn, target)
self.update_item("version", None, 6)
if self.config['version'] == 6:
new_disks = {}
old_disks = []
for disk_id, disk in self.config['disks'].items():
disk['backstore_object_name'] = disk_id
new_disk_id = disk_id.replace('.', '/')
new_disks[new_disk_id] = disk
old_disks.append(disk_id)
for old_disk_id in old_disks:
self.del_item('disks', old_disk_id)
for new_disk_id, new_disk in new_disks.items():
self.add_item("disks", new_disk_id, new_disk)
for iqn, target in self.config['targets'].items():
new_disk_ids = []
for disk_id in target['disks']:
new_disk_id = disk_id.replace('.', '/')
new_disk_ids.append(new_disk_id)
target['disks'] = new_disk_ids
for _, client in target['clients'].items():
new_luns = {}
for lun_id, lun in client['luns'].items():
new_lun_id = lun_id.replace('.', '/')
new_luns[new_lun_id] = lun
client['luns'] = new_luns
for _, group in target['groups'].items():
new_group_disks = {}
for group_disk_id, group_disk in group['disks'].items():
new_group_disk_id = group_disk_id.replace('.', '/')
new_group_disks[new_group_disk_id] = group_disk
group['disks'] = new_group_disks
self.update_item("targets", iqn, target)
self.update_item("version", None, 7)
if self.config['version'] == 7:
if '/' in self.config['discovery_auth']['chap']:
duser, dpassword = self.config['discovery_auth']['chap'].split('/', 1)
else:
duser = ''
dpassword = ''
self.config['discovery_auth']['username'] = duser
self.config['discovery_auth']['password'] = dpassword
self.config['discovery_auth']['password_encryption_enabled'] = False
self.config['discovery_auth'].pop('chap', None)
if '/' in self.config['discovery_auth']['chap_mutual']:
dmuser, dmpassword = self.config['discovery_auth']['chap_mutual'].split('/', 1)
else:
dmuser = ''
dmpassword = ''
self.config['discovery_auth']['mutual_username'] = dmuser
self.config['discovery_auth']['mutual_password'] = dmpassword
self.config['discovery_auth']['mutual_password_encryption_enabled'] = False
self.config['discovery_auth'].pop('chap_mutual', None)
self.update_item("discovery_auth", None, self.config['discovery_auth'])
for target_iqn, target in self.config['targets'].items():
for _, client in target['clients'].items():
if '/' in client['auth']['chap']:
user, password = client['auth']['chap'].split('/', 1)
else:
user = ''
password = ''
client['auth']['username'] = user
client['auth']['password'] = password
client['auth']['password_encryption_enabled'] = \
(len(password) > 16 and encryption_available())
client['auth'].pop('chap', None)
if '/' in client['auth']['chap_mutual']:
muser, mpassword = client['auth']['chap_mutual'].split('/', 1)
else:
muser = ''
mpassword = ''
client['auth']['mutual_username'] = muser
client['auth']['mutual_password'] = mpassword
client['auth']['mutual_password_encryption_enabled'] = \
(len(mpassword) > 16 and encryption_available())
client['auth'].pop('chap_mutual', None)
self.update_item("targets", target_iqn, target)
self.update_item("version", None, 8)
if self.config['version'] == 8:
for target_iqn, target in self.config['targets'].items():
for _, portal in target['portals'].items():
portal['portal_ip_addresses'] = [portal['portal_ip_address']]
portal.pop('portal_ip_address')
self.update_item("targets", target_iqn, target)
self.update_item("version", None, 9)
if self.config['version'] == 9 or self.config['version'] == 9.5:
# temporary field to store the gateways already upgraded from v9 to v10
gateways_upgraded = self.config.get('gateways_upgraded')
if not gateways_upgraded:
gateways_upgraded = []
self.add_item('gateways_upgraded', None, gateways_upgraded)
this_shortname = socket.gethostname().split('.')[0]
this_fqdn = socket.getfqdn()
if this_fqdn not in gateways_upgraded:
gateways_config = self.config['gateways']
gateway_config = gateways_config.get(this_shortname)
if gateway_config:
gateways_config.pop(this_shortname)
gateways_config[this_fqdn] = gateway_config
self.update_item("gateways", None, gateways_config)
for target_iqn, target in self.config['targets'].items():
portals_config = target['portals']
portal_config = portals_config.get(this_shortname)
if portal_config:
portals_config.pop(this_shortname)
portals_config[this_fqdn] = portal_config
self.update_item("targets", target_iqn, target)
for disk_id, disk in self.config['disks'].items():
if disk.get('allocating_host') == this_shortname:
disk['allocating_host'] = this_fqdn
if disk.get('owner') == this_shortname:
disk['owner'] = this_fqdn
self.update_item("disks", disk_id, disk)
gateways_upgraded.append(this_fqdn)
self.update_item("gateways_upgraded", None, gateways_upgraded)
if any(gateway_name not in gateways_upgraded
for gateway_name in self.config['gateways'].keys()):
# upgrade from v9 to v10 is still in progress, some gateways are not upgraded yet
self.update_item("version", None, 9.5)
else:
self.del_item("gateways_upgraded", None)
self.update_item("version", None, 10)
if self.config['version'] == 10:
for target_iqn, target in self.config['targets'].items():
target['auth'] = {
'username': '',
'password': '',
'password_encryption_enabled': False,
'mutual_username': '',
'mutual_password': '',
'mutual_password_encryption_enabled': False
}
disks = {}
for disk_index, disk in enumerate(sorted(target['disks'])):
disks[disk] = {
'lun_id': disk_index
}
target['disks'] = disks
self.update_item("targets", target_iqn, target)
self.update_item("version", None, 11)
self.commit("retain")
