Add support for Cinder "NAS secure" driver params

Add new parameters that control the NAS security settings in Cinder's
NFS and NetApp back end drivers. The settings are disabled by default.

Partial-Bug: #1688332
Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308
Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
This commit is contained in:
Alan Bishop 2017-05-04 12:31:56 -04:00
parent 911eeb7bdd
commit 4a48ad89a1
3 changed files with 29 additions and 0 deletions

View File

@ -93,6 +93,12 @@ parameters:
CinderNetappWebservicePath: CinderNetappWebservicePath:
type: string type: string
default: '/devmgr/v2' default: '/devmgr/v2'
CinderNetappNasSecureFileOperations:
type: string
default: 'false'
CinderNetappNasSecureFilePermissions:
type: string
default: 'false'
# DEPRECATED options for compatibility with older versions # DEPRECATED options for compatibility with older versions
CinderNetappEseriesHostType: CinderNetappEseriesHostType:
type: string type: string
@ -133,5 +139,7 @@ outputs:
cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools} cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType} cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath} cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
cinder::backend::netapp::nas_secure_file_operations: {get_param: CinderNetappNasSecureFileOperations}
cinder::backend::netapp::nas_secure_file_permissions: {get_param: CinderNetappNasSecureFilePermissions}
step_config: | step_config: |
include ::tripleo::profile::base::cinder::volume include ::tripleo::profile::base::cinder::volume

View File

@ -40,6 +40,20 @@ parameters:
NFS servers used by Cinder NFS backend. Effective when NFS servers used by Cinder NFS backend. Effective when
CinderEnableNfsBackend is true. CinderEnableNfsBackend is true.
type: comma_delimited_list type: comma_delimited_list
CinderNasSecureFileOperations:
default: false
description: >
Controls whether security enhanced NFS file operations are enabled.
Valid values are 'auto', 'true' or 'false'. Effective when
CinderEnableNfsBackend is true.
type: string
CinderNasSecureFilePermissions:
default: false
description: >
Controls whether security enhanced NFS file permissions are enabled.
Valid values are 'auto', 'true' or 'false'. Effective when
CinderEnableNfsBackend is true.
type: string
CinderRbdPoolName: CinderRbdPoolName:
default: volumes default: volumes
type: string type: string
@ -105,6 +119,8 @@ outputs:
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers} tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}

View File

@ -0,0 +1,5 @@
---
features:
- Add parameters to control the Cinder NAS security settings associated
with the NFS and NetApp Cinder back ends. The settings are disabled
by default.