From 722fd3259bdcf096f789a01ca4c6772453ea7179 Mon Sep 17 00:00:00 2001
From: Ivan Pchelintsev <Ivan.Pchelintsev@dell.com>
Date: Tue, 19 May 2020 13:54:29 +0300
Subject: [PATCH] Remove VxFlex OS credentials from connection_properties

VxFlex OS password is not stored in block_device_mapping table. Instead of this
passwords are stored in a separate file and are retrieved during each attach/detach
operation.

Closes-Bug: #1823200
Change-Id: I174903e5d75e2e87f6c46cb7f9776a0ce16320dc
---
 .../drivers/dell_emc/vxflexos/driver.py       |  7 +++
 .../drivers/dell_emc/vxflexos/rest_client.py  |  2 -
 .../drivers/dell-emc-vxflex-driver.rst        | 51 +++++++++++++++++--
 3 files changed, 55 insertions(+), 5 deletions(-)

diff --git a/cinder/volume/drivers/dell_emc/vxflexos/driver.py b/cinder/volume/drivers/dell_emc/vxflexos/driver.py
index 2aecdc4d2..0ec93d6fa 100644
--- a/cinder/volume/drivers/dell_emc/vxflexos/driver.py
+++ b/cinder/volume/drivers/dell_emc/vxflexos/driver.py
@@ -853,6 +853,8 @@ class VxFlexOSDriver(driver.VolumeDriver):
         volume_name = flex_utils.id_to_base64(vol_or_snap.id)
         connection_properties["scaleIO_volname"] = volume_name
         connection_properties["scaleIO_volume_id"] = vol_or_snap.provider_id
+        connection_properties["config_group"] = self.configuration.config_group
+        connection_properties["failed_over"] = self._is_failed_over
 
         if vol_size is not None:
             extra_specs = self._get_volumetype_extraspecs(vol_or_snap)
@@ -1200,6 +1202,8 @@ class VxFlexOSDriver(driver.VolumeDriver):
             volume.id
         )
         connection_properties["scaleIO_volume_id"] = volume.provider_id
+        connection_properties["config_group"] = self.configuration.config_group
+        connection_properties["failed_over"] = self._is_failed_over
         device_info = self.connector.connect_volume(connection_properties)
         return device_info["path"]
 
@@ -1212,6 +1216,9 @@ class VxFlexOSDriver(driver.VolumeDriver):
             volume.id
         )
         connection_properties["scaleIO_volume_id"] = volume.provider_id
+        connection_properties["config_group"] = self.configuration.config_group
+        connection_properties["failed_over"] = self._is_failed_over
+
         self.connector.disconnect_volume(connection_properties, volume)
 
     def copy_image_to_volume(self, context, volume, image_service, image_id):
diff --git a/cinder/volume/drivers/dell_emc/vxflexos/rest_client.py b/cinder/volume/drivers/dell_emc/vxflexos/rest_client.py
index da65f673f..1408497ba 100644
--- a/cinder/volume/drivers/dell_emc/vxflexos/rest_client.py
+++ b/cinder/volume/drivers/dell_emc/vxflexos/rest_client.py
@@ -70,8 +70,6 @@ class RestClient(object):
             "serverIP": self.rest_ip,
             "serverPort": self.rest_port,
             "serverUsername": self.rest_username,
-            "serverPassword": self.rest_password,
-            "serverToken": self.rest_token,
             "iopsLimit": None,
             "bandwidthLimit": None,
         }
diff --git a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst
index b4bc83732..51792b8fc 100644
--- a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst
+++ b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst
@@ -220,6 +220,35 @@ parameters as follows:
    san_password = SIO_PASSWD
    san_thin_provision = false
 
+Connector configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Before using attach/detach volume operations VxFlex OS connector must be
+properly configured. On each node where VxFlex OS SDC is installed do the
+following:
+
+#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not
+   exist.
+
+   .. code-block:: console
+
+     $ mkdir -p /opt/emc/scaleio/openstack
+     $ touch /opt/emc/scaleio/openstack/connector.conf
+
+#. For each VxFlexOS section in the ``cinder.conf`` create the same section in
+   the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with
+   passwords. Example:
+
+   .. code-block:: ini
+
+      [vxflexos]
+      san_password = SIO_PASSWD
+      replicating_san_password = REPLICATION_SYSTEM_SIO_PASSWD # if applicable
+
+      [vxflexos-new]
+      san_password = SIO2_PASSWD
+      replicating_san_password = REPLICATION_SYSTEM_SIO2_PASSWD # if applicable
+
 .. _cg_configuration_options_emc:
 
 Configuration options
@@ -504,6 +533,22 @@ Volume migration is performed by issuing the following command:
 Using VxFlex OS Storage with a containerized overcloud
 ------------------------------------------------------
 
-When using a containerized overcloud, such as one deployed via TripleO or
-Red Hat OpenStack version 13 and above, install the Storage Data Client
-(SDC) on all nodes after deploying the overcloud.
+#. Create a file with below contents:
+
+   .. code-block:: yaml
+
+      parameter_defaults:
+        NovaComputeOptVolumes:
+          - /opt/emc/scaleio:/opt/emc/scaleio
+        CinderVolumeOptVolumes:
+          - /opt/emc/scaleio:/opt/emc/scaleio
+        GlanceApiOptVolumes:
+          - /opt/emc/scaleio:/opt/emc/scaleio
+
+
+   Name it whatever you like, e.g. ``vxflexos_volumes.yml``.
+
+#. Use ``-e`` to include this customization file to deploy command.
+
+#. Install the Storage Data Client (SDC) on all nodes after deploying
+   the overcloud.
-- 
2.17.1