diff --git a/0001-VxFlex-OS-password.patch b/0001-VxFlex-OS-password.patch new file mode 100644 index 0000000000000000000000000000000000000000..c68719cda989c205f8d377ebdfb21c57bf879aa7 --- /dev/null +++ b/0001-VxFlex-OS-password.patch @@ -0,0 +1,71 @@ +From 1662c1992cb756592cc08c6aa9d6318784887ed4 Mon Sep 17 00:00:00 2001 +From: Ivan Pchelintsev +Date: Fri, 29 May 2020 12:44:33 +0300 +Subject: [PATCH] Remove VxFlex OS credentials from connection_properties + +VxFlex OS password is not stored in block_device_mapping table. Instead of this +passwords are stored in separate file and are retrieved during each attach/detach +operation. + +Change-Id: Id3c32644d6d044c321883600c467bdef23c934f0 +--- + .../volume/drivers/dell_emc/scaleio/driver.py | 3 +-- + .../drivers/dell-emc-vxflex-driver.rst | 27 +++++++++++++++++++ + 2 files changed, 28 insertions(+), 2 deletions(-) + +diff --git a/cinder/volume/drivers/dell_emc/scaleio/driver.py b/cinder/volume/drivers/dell_emc/scaleio/driver.py +index 281f6e1d4..8a4d3270e 100644 +--- a/cinder/volume/drivers/dell_emc/scaleio/driver.py ++++ b/cinder/volume/drivers/dell_emc/scaleio/driver.py +@@ -226,8 +226,7 @@ class ScaleIODriver(driver.VolumeDriver): + 'serverIP': self.server_ip, + 'serverPort': self.server_port, + 'serverUsername': self.server_username, +- 'serverPassword': self.server_password, +- 'serverToken': self.server_token, ++ 'config_group': self.configuration.config_group, + 'iopsLimit': None, + 'bandwidthLimit': None, + } +diff --git a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst +index 7f354533f..29aa81cbd 100644 +--- a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst ++++ b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst +@@ -211,6 +211,33 @@ parameters as follows: + san_password = SIO_PASSWD + san_thin_provision = false + ++Connector configuration ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Before using attach/detach volume operations VxFlex OS connector must be ++properly configured. On each node where VxFlex OS SDC is installed do the ++following: ++ ++#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not ++ exist. ++ ++ .. code-block:: console ++ ++ $ mkdir -p /opt/emc/scaleio/openstack ++ $ touch /opt/emc/scaleio/openstack/connector.conf ++ ++#. For each VxFlexOS section in the ``cinder.conf`` create the same section in ++ the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with ++ passwords. Example: ++ ++ .. code-block:: ini ++ ++ [vxflexos] ++ san_password = SIO_PASSWD ++ ++ [vxflexos-new] ++ san_password = SIO2_PASSWD ++ + .. _cg_configuration_options_emc: + + Configuration options +-- +2.17.1 + + diff --git a/openstack-cinder.spec b/openstack-cinder.spec index 655c7985ac27ac7c7cfd5b4e3f90ea7e847a3dc5..280e18809b8ee6b0e9b12f77b6d497973446c319 100644 --- a/openstack-cinder.spec +++ b/openstack-cinder.spec @@ -8,7 +8,7 @@ access block storage volumes for use by Virtual Machine instances. Name: openstack-%{service} Version: 13.0.9 -Release: 5 +Release: 6 Summary: OpenStack Volume service License: ASL 2.0 URL: http://www.openstack.org/software/openstack-storage/ @@ -26,6 +26,8 @@ Source21: %{service}.logrotate Source22: %{service}-dist.conf Source23: os-brick.filters +Patch1: 0001-VxFlex-OS-password.patch + BuildRequires: python2-pbr BuildRequires: python2-reno BuildRequires: python2-devel @@ -425,6 +427,9 @@ exit 0 %endif %changelog +* Mon May 23 2022 liksh - 13.0.9-6 +- Fix CVE-2020-10755 + * Tue Jun 15 2021 OpenStack_SIG - Unify the permissions of some files * Tue Jun 15 2021 OpenStack_SIG