From 00685cf338b936048b9477d3a58fed9dc53dc5b4 Mon Sep 17 00:00:00 2001 From: Avishay Traeger Date: Sun, 13 Oct 2013 09:42:35 +0300 Subject: [PATCH] Add cinder storwize driver CHAP option Add description about the storwize_svc_iscsi_chap_enabled option, which was added late into Havana. Change-Id: I5faf884997e95b556daa4ccc6272da14c78ced7e --- .../drivers/ibm-storwize-svc-driver.xml | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml b/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml index 8028bb1a54..9732ac236c 100644 --- a/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml +++ b/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml @@ -61,17 +61,27 @@ iSCSI CHAP Authentication - If using iSCSI for data access, all new hosts created by - the driver on the Storwize family or SVC system has a - randomly-generated CHAP secret associated with them. + If using iSCSI for data access and the + storwize_svc_iscsi_chap_enabled is set to + True, the driver will associate + randomly-generated CHAP secrets with all hosts + on the Storwize family system. OpenStack compute nodes use these secrets when creating iSCSI connections. - CHAP secrets are not added to existing - hosts. + CHAP secrets are added to existing hosts as well + as newly-created ones. If the CHAP option is enabled, + hosts will not be able to access the storage without + the generated secrets. - CHAP secrets are passed from Cinder to Nova + Not all OpenStack Compute drivers support CHAP + authentication. Please check compatibility before using. + + + + CHAP secrets are passed from OpenStack Block Storage + to Compute in clear text. This communication should be secured to ensure that CHAP secrets are not discovered. @@ -447,6 +457,18 @@ supports 'iSCSI' or 'FC') + + + storwize_svc_iscsi_chap_enabled + + + + Optional + True + Configure CHAP authentication for + iSCSI connections + + storwize_svc_multipath_enabled