diff --git a/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml b/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml index 8028bb1a54..9732ac236c 100644 --- a/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml +++ b/doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml @@ -61,17 +61,27 @@ iSCSI CHAP Authentication - If using iSCSI for data access, all new hosts created by - the driver on the Storwize family or SVC system has a - randomly-generated CHAP secret associated with them. + If using iSCSI for data access and the + storwize_svc_iscsi_chap_enabled is set to + True, the driver will associate + randomly-generated CHAP secrets with all hosts + on the Storwize family system. OpenStack compute nodes use these secrets when creating iSCSI connections. - CHAP secrets are not added to existing - hosts. + CHAP secrets are added to existing hosts as well + as newly-created ones. If the CHAP option is enabled, + hosts will not be able to access the storage without + the generated secrets. - CHAP secrets are passed from Cinder to Nova + Not all OpenStack Compute drivers support CHAP + authentication. Please check compatibility before using. + + + + CHAP secrets are passed from OpenStack Block Storage + to Compute in clear text. This communication should be secured to ensure that CHAP secrets are not discovered. @@ -447,6 +457,18 @@ supports 'iSCSI' or 'FC') + + + storwize_svc_iscsi_chap_enabled + + + + Optional + True + Configure CHAP authentication for + iSCSI connections + + storwize_svc_multipath_enabled