openstack/openstack-manuals
Code Issues Proposed changes

Merge "Add cinder storwize driver CHAP option"

Browse Source
This commit is contained in:
Jenkins 2013-10-13 10:55:25 +00:00 committed by Gerrit Code Review
commit 4081c3be07
1 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml
View File

@ -61,17 +61,27 @@
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>iSCSI CHAP Authentication</title> <title>iSCSI CHAP Authentication</title>
<para>If using iSCSI for data access, all new hosts created by <para>If using iSCSI for data access and the
the driver on the Storwize family or SVC system has a <literal>storwize_svc_iscsi_chap_enabled</literal> is set to
randomly-generated CHAP secret associated with them. <literal>True</literal>, the driver will associate
randomly-generated CHAP secrets with all hosts
on the Storwize family system.
OpenStack compute nodes use these secrets when creating OpenStack compute nodes use these secrets when creating
iSCSI connections. iSCSI connections.
<note> <note>
<para>CHAP secrets are not added to existing <para>CHAP secrets are added to existing hosts as well
hosts.</para> as newly-created ones. If the CHAP option is enabled,
hosts will not be able to access the storage without
the generated secrets.</para>
</note> </note>
<note> <note>
<para>CHAP secrets are passed from Cinder to Nova <para>Not all OpenStack Compute drivers support CHAP
authentication. Please check compatibility before using.
</para>
</note>
<note>
<para>CHAP secrets are passed from OpenStack Block Storage
to Compute
in clear text. This communication should be in clear text. This communication should be
secured to ensure that CHAP secrets are not secured to ensure that CHAP secrets are not
discovered.</para> discovered.</para>
@ -447,6 +457,18 @@
supports 'iSCSI' or 'FC') supports 'iSCSI' or 'FC')
</para></td> </para></td>
</tr> </tr>
<tr>
<td><para>
<literal>storwize_svc_iscsi_chap_enabled
</literal>
</para>
</td>
<td><para>Optional</para></td>
<td><para>True</para></td>
<td><para>Configure CHAP authentication for
iSCSI connections
</para></td>
</tr>
<tr> <tr>
<td><para> <td><para>
<literal>storwize_svc_multipath_enabled <literal>storwize_svc_multipath_enabled