Linstor: Add controller token auth support#13470
Conversation
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 18340 |
With Linstor 1.34.0 a new authentication mode is supported: * Bearer token To support that it had to be implemented in the java-linstor library and we need to store the auth token per storage pool. Also per default with this auth mode Linstor will run with HTTPS enabled, so we also have to support that.
StaticInputsForm.fillValue() only seeded defaults for currently-displayed fields, so a display-gated switch with checked:true bound to an undefined value and rendered as off once revealed. Seed checked switch/checkbox fields even while hidden, so the Linstor 'Allow self-signed certificate' toggle defaults on in the zone creation wizard.
rp-
force-pushed
the
linstor-4.22-token-auth-support
branch
from
d9093e9 to
785957f
Compare
boring-cyborg
Bot
added
component:integration-test
Python
|
@DaanHoogland what is actual the right way to tag for milestone here? I would like this to be in 4.23.0 and also in the next 4.22? |
|
4.22.2 is good, for it to make 23, it must be merged before the freeze though. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✖️ debian ✔️ suse15. SL-JID 18389 |
|
@rp- |
yes ready |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 18392 |
|
@blueorangutan test |
|
@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
|
[SF] Trillian test result (tid-16447)
|
DaanHoogland
left a comment
DaanHoogland
left a comment
There was a problem hiding this comment.
merge when ready @rp-
4 participants
Description
Linstor 1.34.0 will add support for a new bearer token authentication method, and this PR will add support for exactly that.
The PR will simply update the java-linstor library that adds authentication support and adds 2 new config values
to set an explicit token and also to enable/disable use of untrusted https controller certificates.
How to enable token authentication in Linstor can be read here: https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-linstor-token-authentication
Linstor 1.34.0 is currently only released as release canidate.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
This change is running now since 2 weeks on our internal Cloudstack cluster, additionally fresh
Linstor/Cloudstack cluster installs with token authentication have been tested.
How did you try to break this feature and the system with this change?
The good thing about the changes is, that it is rather a works or doesn't work thing, as the changes are on the base communication.