diff options
| author | Josh Durgin <joshd@hq.newdream.net> | 2012-04-02 16:41:07 -0700 |
|---|---|---|
| committer | Josh Durgin <joshd@hq.newdream.net> | 2012-04-02 16:59:51 -0700 |
| commit | 01f24caba86c987b0109f743979a4e99e8afed11 (patch) | |
| tree | bdf33b12d34fcf976afc03c74a26e2f41446b1da /nova/virt | |
| parent | 276716e790b4f240347ae81357f58beeb4faf7a7 (diff) | |
Allow unprivileged RADOS users to access rbd volumes.
This makes it possible to access rbd volumes with RADOS users with
restricted privileges. Previously, the admin user was always used.
This requires libvirt 0.9.8 or higher.
Change-Id: Ia4665c2a93a58a1c1290f467a3d9cd6cd22d7bd5
Diffstat (limited to 'nova/virt')
| -rw-r--r-- | nova/virt/libvirt/config.py | 10 | ||||
| -rw-r--r-- | nova/virt/libvirt/volume.py | 5 |
2 files changed, 15 insertions, 0 deletions
diff --git a/nova/virt/libvirt/config.py b/nova/virt/libvirt/config.py index 63499eaf8..2ccfd35fb 100644 --- a/nova/virt/libvirt/config.py +++ b/nova/virt/libvirt/config.py @@ -86,6 +86,9 @@ class LibvirtConfigGuestDisk(LibvirtConfigGuestDevice): self.target_dev = None self.target_path = None self.target_bus = None + self.auth_username = None + self.auth_secret_type = None + self.auth_secret_uuid = None def format_dom(self): dev = super(LibvirtConfigGuestDisk, self).format_dom() @@ -114,6 +117,13 @@ class LibvirtConfigGuestDisk(LibvirtConfigGuestDevice): dev.append(etree.Element("source", protocol=self.source_protocol, name=self.source_host)) + if self.auth_secret_type is not None: + auth = etree.Element("auth") + auth.set("username", self.auth_username) + auth.append(etree.Element("secret", type=self.auth_secret_type, + uuid=self.auth_secret_uuid)) + dev.append(auth) + if self.source_type == "mount": dev.append(etree.Element("target", dir=self.target_path)) else: diff --git a/nova/virt/libvirt/volume.py b/nova/virt/libvirt/volume.py index 38f8c2dd0..23cf3390e 100644 --- a/nova/virt/libvirt/volume.py +++ b/nova/virt/libvirt/volume.py @@ -86,6 +86,11 @@ class LibvirtNetVolumeDriver(LibvirtVolumeDriver): conf.source_host = connection_info['data']['name'] conf.target_dev = mount_device conf.target_bus = "virtio" + netdisk_properties = connection_info['data'] + if netdisk_properties.get('auth_enabled'): + conf.auth_username = netdisk_properties['auth_username'] + conf.auth_secret_type = netdisk_properties['secret_type'] + conf.auth_secret_uuid = netdisk_properties['secret_uuid'] return conf |