tripleo

iscsid.conf for nova, cinder, glance etc. should match whats in the isscid container

Bug #1932181 reported by Ade Lee on 2021-06-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	Alan Bishop	tripleo xena-2

Bug Description

When testing setting the chap algorithms to something other than the default (md5), we found that only the iscsid.conf in the iscsid container was changed. The iscsid.conf file in the other containers did not change.

This resulted in iscsidadm calls in those containers which requested connections using md5 (the default) which the iscsid initiator did not honor.

The iscsid.conf should be same in all the containers.

Tags:

Alan Bishop (alan-bishop) on 2021-06-16

Changed in tripleo:
assignee:	nobody → Alan Bishop (alan-bishop)
importance:	Undecided → Medium
status:	New → Triaged
milestone:	none → xena-1
tags:	added: wallaby-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-16: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/796714

Changed in tripleo:
status:	Triaged → In Progress

Marios Andreou (marios-b) on 2021-06-22

Changed in tripleo:
milestone:	xena-1 → xena-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-22: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/796714
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/48fd886a03b8d8249b6ea539b76bbd50e081a85e
Submitter: "Zuul (22348)"
Branch: master

commit 48fd886a03b8d8249b6ea539b76bbd50e081a85e
Author: Alan Bishop <email address hidden>
Date: Wed Jun 16 06:35:03 2021 -0700

Distribute iscsid.conf to all containers using iscsi

This patch updates the way files related to iscsi are distributed
to the cinder, glance and nova containers that use the protocol.

    Previously it was thought that only the iscsid container needs
    access to /etc/iscsi/iscsid.conf, but the LP bug reveals the client
    side also reads the file in order to determine the list of chap
    algorithms to offer when initiating an iscsi connection.

    The bug was exposed when testing a secure environment that uses a
    non-default list of chap algorithms. The iscsid container was using
    the customized list, but the client containers (e.g. nova) were
    using the default list, which caused iscsid to reject connections.

Closes-Bug: #1932181
Change-Id: Iad255451726867dc172404513fdac4ad0599c4c0

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-06: Fix proposed to tripleo-heat-templates (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803777

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-26: Fix merged to tripleo-heat-templates (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803777
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/922680c4017f33efd8493a6ba7e5e53d2f5d7ebd
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 922680c4017f33efd8493a6ba7e5e53d2f5d7ebd
Author: Alan Bishop <email address hidden>
Date: Wed Jun 16 06:35:03 2021 -0700

Distribute iscsid.conf to all containers using iscsi

This patch updates the way files related to iscsi are distributed
to the cinder, glance and nova containers that use the protocol.

    Closes-Bug: #1932181
    Change-Id: Iad255451726867dc172404513fdac4ad0599c4c0
    (cherry picked from commit 48fd886a03b8d8249b6ea539b76bbd50e081a85e)