sma: crypto support for nvmf/tcp devices
The nvmf/tcp devices will now support attaching volumes with encryption enabled. This basically boils down to getting the crypto bdev name through the CryptoEngine.get_crypto_bdev() interface (instead of just using volume_id) and specyfing UUID/NGUID when attaching namespaces to a subsystem. Signed-off-by: Konrad Sztyber <konrad.sztyber@intel.com> Change-Id: Iefddbf07675152aa2e042564eb87c457b6995b9b Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/13871 Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com> Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: <sebastian.brzezinka@intel.com>
This commit is contained in:
Konrad Sztyber
Ben Walker
parent
e1068a862c
commit
c16dab7e37
@ -15,3 +15,7 @@ def format_volume_id(volume_id):
|
|||||||
except ValueError:
|
except ValueError:
|
||||||
pass
|
pass
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
def volume_id_to_nguid(uuid):
|
||||||
|
return uuid.replace('-', '')
|
||||||
|
|||||||
@ -3,7 +3,8 @@ import logging
|
|||||||
import uuid
|
import uuid
|
||||||
from spdk.rpc.client import JSONRPCException
|
from spdk.rpc.client import JSONRPCException
|
||||||
from .device import DeviceManager, DeviceException
|
from .device import DeviceManager, DeviceException
|
||||||
from ..common import format_volume_id
|
from ..common import format_volume_id, volume_id_to_nguid
|
||||||
|
from ..volume import get_crypto_engine, CryptoException
|
||||||
from ..proto import sma_pb2
|
from ..proto import sma_pb2
|
||||||
from ..proto import nvmf_tcp_pb2
|
from ..proto import nvmf_tcp_pb2
|
||||||
|
|
||||||
@ -95,11 +96,14 @@ class NvmfTcpDeviceManager(DeviceManager):
|
|||||||
'listen_address': {'trtype': 'tcp', **addr}})
|
'listen_address': {'trtype': 'tcp', **addr}})
|
||||||
volume_id = format_volume_id(request.volume.volume_id)
|
volume_id = format_volume_id(request.volume.volume_id)
|
||||||
if volume_id is not None:
|
if volume_id is not None:
|
||||||
|
bdev_name = get_crypto_engine().get_crypto_bdev(volume_id) or volume_id
|
||||||
result = client.call('nvmf_subsystem_add_ns',
|
result = client.call('nvmf_subsystem_add_ns',
|
||||||
{'nqn': params.subnqn,
|
{'nqn': params.subnqn,
|
||||||
'namespace': {
|
'namespace': {
|
||||||
'bdev_name': volume_id}})
|
'bdev_name': bdev_name,
|
||||||
except JSONRPCException:
|
'uuid': volume_id,
|
||||||
|
'nguid': volume_id_to_nguid(volume_id)}})
|
||||||
|
except (JSONRPCException, CryptoException):
|
||||||
try:
|
try:
|
||||||
client.call('nvmf_delete_subsystem', {'nqn': params.subnqn})
|
client.call('nvmf_delete_subsystem', {'nqn': params.subnqn})
|
||||||
except JSONRPCException:
|
except JSONRPCException:
|
||||||
@ -127,8 +131,9 @@ class NvmfTcpDeviceManager(DeviceManager):
|
|||||||
|
|
||||||
def _find_bdev(self, client, guid):
|
def _find_bdev(self, client, guid):
|
||||||
try:
|
try:
|
||||||
return client.call('bdev_get_bdevs', {'name': guid})[0]
|
bdev_name = get_crypto_engine().get_crypto_bdev(guid) or guid
|
||||||
except JSONRPCException:
|
return client.call('bdev_get_bdevs', {'name': bdev_name})[0]
|
||||||
|
except (JSONRPCException, CryptoException):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@_check_transport
|
@_check_transport
|
||||||
@ -155,7 +160,9 @@ class NvmfTcpDeviceManager(DeviceManager):
|
|||||||
result = client.call('nvmf_subsystem_add_ns',
|
result = client.call('nvmf_subsystem_add_ns',
|
||||||
{'nqn': nqn,
|
{'nqn': nqn,
|
||||||
'namespace': {
|
'namespace': {
|
||||||
'bdev_name': bdev['name']}})
|
'bdev_name': bdev['name'],
|
||||||
|
'uuid': volume_id,
|
||||||
|
'nguid': volume_id_to_nguid(volume_id)}})
|
||||||
if not result:
|
if not result:
|
||||||
raise DeviceException(grpc.StatusCode.INTERNAL,
|
raise DeviceException(grpc.StatusCode.INTERNAL,
|
||||||
'Failed to attach volume')
|
'Failed to attach volume')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user