Allow unprivileged RADOS users to access rbd volumes.

This makes it possible to access rbd volumes with RADOS users with
restricted privileges. Previously, the admin user was always used.

This requires libvirt 0.9.8 or higher.

Change-Id: Ia4665c2a93a58a1c1290f467a3d9cd6cd22d7bd5

1 files changed, 13 insertions, 2 deletions

diff --git a/nova/volume/driver.py b/nova/volume/driver.py
index ffdd1f520..8b316befc 100644
--- a/nova/volume/driver.py
+++ b/nova/volume/driver.py
@@ -56,7 +56,14 @@ volume_opts = [
                help='The port that the iSCSI daemon is listening on'),
     cfg.StrOpt('rbd_pool',
                default='rbd',
-               help='the rbd pool in which volumes are stored'),
+               help='the RADOS pool in which rbd volumes are stored'),
+    cfg.StrOpt('rbd_user',
+               default=None,
+               help='the RADOS client name for accessing rbd volumes'),
+    cfg.StrOpt('rbd_secret_uuid',
+               default=None,
+               help='the libvirt uuid of the secret for the rbd_user'
+                    'volumes'),
     ]
 
 FLAGS = flags.FLAGS
@@ -546,7 +553,11 @@ class RBDDriver(VolumeDriver):
         return {
             'driver_volume_type': 'rbd',
             'data': {
-                'name': '%s/%s' % (FLAGS.rbd_pool, volume['name'])
+                'name': '%s/%s' % (FLAGS.rbd_pool, volume['name']),
+                'auth_enabled': FLAGS.rbd_secret_uuid is not None,
+                'auth_username': FLAGS.rbd_user,
+                'secret_type': 'ceph',
+                'secret_uuid': FLAGS.rbd_secret_uuid,
             }
         }