ci: add support for TLS connection

Signed-off-by: Boris Glimcher <[email protected]>
opiproject · Sep 28, 2023 · 5ce1aad · 5ce1aad
1 parent 202c6ed
commit 5ce1aad
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/pkg/frontend/nvme_controller.go b/pkg/frontend/nvme_controller.go
@@ -24,7 +24,6 @@ import (
 	"go.einride.tech/aip/resourceid"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/emptypb"
 )
 
@@ -75,15 +74,22 @@ func NewNvmeTCPTransport(listenAddr string) NvmeTransport {
 	}
 }
 
-func (c *nvmeTCPTransport) Params(_ *pb.NvmeController, nqn string) (spdk.NvmfSubsystemAddListenerParams, error) {
+func (c *nvmeTCPTransport) Params(ctrl *pb.NvmeController, nqn string) (spdk.NvmfSubsystemAddListenerParams, error) {
 	result := spdk.NvmfSubsystemAddListenerParams{}
 	result.Nqn = nqn
-	result.SecureChannel = false
+
+	if *ctrl.Spec.NvmeControllerId < 0 {
+		result.SecureChannel = true
+	} else {
+		result.SecureChannel = false
+	}
+
 	result.ListenAddress.Trtype = "tcp"
 	result.ListenAddress.Traddr = c.listenAddr.String()
 	result.ListenAddress.Trsvcid = c.listenPort
 	result.ListenAddress.Adrfam = c.protocol
 
+	log.Printf("NvmfSubsystemAddListener params: %v", result)
 	return result, nil
 }
 
@@ -130,10 +136,8 @@ func (s *Server) CreateNvmeController(_ context.Context, in *pb.CreateNvmeContro
 		return nil, status.Errorf(codes.InvalidArgument, msg)
 	}
 	response := utils.ProtoClone(in.NvmeController)
-	response.Spec.NvmeControllerId = proto.Int32(-1)
 	response.Status = &pb.NvmeControllerStatus{Active: true}
 	s.Nvme.Controllers[in.NvmeController.Name] = response
-
 	return response, nil
 }
 

diff --git a/pkg/frontend/nvme_subsystem.go b/pkg/frontend/nvme_subsystem.go
@@ -62,7 +62,7 @@ func (s *Server) CreateNvmeSubsystem(_ context.Context, in *pb.CreateNvmeSubsyst
 		Nqn:           in.NvmeSubsystem.Spec.Nqn,
 		SerialNumber:  in.NvmeSubsystem.Spec.SerialNumber,
 		ModelNumber:   in.NvmeSubsystem.Spec.ModelNumber,
-		AllowAnyHost:  true,
+		AllowAnyHost:  false,
 		MaxNamespaces: int(in.NvmeSubsystem.Spec.MaxNamespaces),
 	}
 	var result spdk.NvmfCreateSubsystemResult

diff --git a/scripts/tests.sh b/scripts/tests.sh
@@ -80,5 +80,19 @@ grep "Total" log.txt
 "${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 DeleteNvmeController "{name : '//storage.opiproject.org/subsystems/subsystem1/controllers/controller1'}"
 "${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 DeleteNvmeSubsystem "{name : '//storage.opiproject.org/subsystems/subsystem1'}"
 
+# test nvme with TLS
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 CreateNvmeSubsystem  "{nvme_subsystem_id:  'subsystem2',  nvme_subsystem  : {spec : {nqn: 'nqn.2022-09.io.spdk:opitest2', serial_number: 'myserial1', model_number: 'mymodel1', max_namespaces: 11} } }"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 CreateNvmeController "{nvme_controller_id: 'controller2', parent: '//storage.opiproject.org/subsystems/subsystem2', nvme_controller : {spec : {nvme_controller_id: -2, pcie_id : {physical_function : 0, virtual_function : 0, port_id: 0}, max_nsq:5, max_ncq:5 } } }"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 CreateNvmeNamespace  "{nvme_namespace_id:  'namespace2',  parent: '//storage.opiproject.org/subsystems/subsystem2', nvme_namespace  : {spec : {volume_name_ref : { value : 'Malloc1' }, host_nsid : 1 } } }"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 GetNvmeSubsystem "{name : '//storage.opiproject.org/subsystems/subsystem2'}"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 GetNvmeController "{name : '//storage.opiproject.org/subsystems/subsystem2/controllers/controller2'}"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 GetNvmeNamespace "{name :  '//storage.opiproject.org/subsystems/subsystem2/namespaces/namespace2'}"
+# docker run --rm --network=host --privileged -v /dev/hugepages:/dev/hugepages ghcr.io/opiproject/spdk:main spdk_nvme_identify -r 'traddr:127.0.0.1 trtype:TCP adrfam:IPv4 trsvcid:7777 hostnqn:nqn.2014-08.org.nvmexpress:uuid:feb98abe-d51f-40c8-b348-2753f3571d3c'
+docker run --rm --network=host --privileged -v /dev/hugepages:/dev/hugepages -v /tmp/opikey.txt:/tmp/opikey.txt ghcr.io/opiproject/spdk:main spdk_nvme_perf     -r 'traddr:127.0.0.1 trtype:TCP adrfam:IPv4 trsvcid:7777 subnqn:nqn.2022-09.io.spdk:opitest2 hostnqn:nqn.2014-08.org.nvmexpress:uuid:feb98abe-d51f-40c8-b348-2753f3571d3c' -c 0x1 -q 1 -o 4096 -w randread -t 10 -S ssl --psk-path /tmp/opikey.txt | tee log.txt
+grep "Total" log.txt
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 DeleteNvmeNamespace "{name : '//storage.opiproject.org/subsystems/subsystem2/namespaces/namespace2'}"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 DeleteNvmeController "{name : '//storage.opiproject.org/subsystems/subsystem2/controllers/controller2'}"
+"${grpc_cli[@]}" call --json_input --json_output opi-spdk-server:50051 DeleteNvmeSubsystem "{name : '//storage.opiproject.org/subsystems/subsystem2'}"
+
 # this is last line
 docker-compose ps -a