openstack/openstack-manuals
Code Issues Proposed changes

Merge "Add cinder storwize driver CHAP option"

Browse Source
This commit is contained in:
Jenkins 2013-10-13 10:55:25 +00:00 committed by Gerrit Code Review
commit 4081c3be07
1 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/config-reference/block-storage/drivers/ibm-storwize-svc-driver.xml
View File

@ -61,17 +61,27 @@
</simplesect>
<simplesect>
<title>iSCSI CHAP Authentication</title>
<para>If using iSCSI for data access, all new hosts created by
the driver on the Storwize family or SVC system has a
randomly-generated CHAP secret associated with them.
<para>If using iSCSI for data access and the
<literal>storwize_svc_iscsi_chap_enabled</literal> is set to
<literal>True</literal>, the driver will associate
randomly-generated CHAP secrets with all hosts
on the Storwize family system.
OpenStack compute nodes use these secrets when creating
iSCSI connections.
<note>
<para>CHAP secrets are not added to existing
hosts.</para>
<para>CHAP secrets are added to existing hosts as well
as newly-created ones. If the CHAP option is enabled,
hosts will not be able to access the storage without
the generated secrets.</para>
</note>
<note>
<para>CHAP secrets are passed from Cinder to Nova
<para>Not all OpenStack Compute drivers support CHAP
authentication. Please check compatibility before using.
</para>
</note>
<note>
<para>CHAP secrets are passed from OpenStack Block Storage
to Compute
in clear text. This communication should be
secured to ensure that CHAP secrets are not
discovered.</para>
@ -447,6 +457,18 @@
supports 'iSCSI' or 'FC')
</para></td>
</tr>
<tr>
<td><para>
<literal>storwize_svc_iscsi_chap_enabled
</literal>
</para>
</td>
<td><para>Optional</para></td>
<td><para>True</para></td>
<td><para>Configure CHAP authentication for
iSCSI connections
</para></td>
</tr>
<tr>
<td><para>
<literal>storwize_svc_multipath_enabled