Add support for Cinder "NAS secure" driver params

Add ability to set Cinder's nas_secure_file_operations and
nas_secure_file_permissions driver parameters. Two sets of identically
named parameters are implemented by Cinder's NFS and NetApp back end
drivers.

The ability to control these parameters is crucial for supporting deployments
that require non-default values.

Partial-Bug: #1688332
Depends-On: Id92cfd4190de8687d4731cf301f2df0bde1ba7d9
Change-Id: I76e2ce10acf7b671be6a2785829ebb3012b79308
(cherry picked from commit 5a35002495)
This commit is contained in:
Alan Bishop 2017-05-04 12:27:27 -04:00
parent f9867d23c5
commit d46db3b9ed
2 changed files with 29 additions and 6 deletions

View File

@ -59,6 +59,8 @@ class tripleo::profile::base::cinder::volume::netapp (
netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef),
netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef),
netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef),
nas_secure_file_operations => hiera('cinder::backend::netapp::nas_secure_file_operations', undef),
nas_secure_file_permissions => hiera('cinder::backend::netapp::nas_secure_file_permissions', undef),
}
}

View File

@ -29,6 +29,23 @@
# (Optional) List of mount options for the NFS share
# Defaults to ''
#
# [*cinder_nas_secure_file_operations*]
# (Optional) Allow network-attached storage systems to operate in a secure
# environment where root level access is not permitted. If set to False,
# access is as the root user and insecure. If set to True, access is not as
# root. If set to auto, a check is done to determine if this is a new
# installation: True is used if so, otherwise False. Default is auto.
# Defaults to $::os_service_default
#
# [*cinder_nas_secure_file_permissions*]
# (Optional) Set more secure file permissions on network-attached storage
# volume files to restrict broad other/world access. If set to False,
# volumes are created with open permissions. If set to True, volumes are
# created with permissions for the cinder user and group (660). If set to
# auto, a check is done to determine if this is a new installation: True is
# used if so, otherwise False. Default is auto.
# Defaults to $::os_service_default
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -36,9 +53,11 @@
#
class tripleo::profile::base::cinder::volume::nfs (
$cinder_nfs_servers,
$backend_name = hiera('cinder::backend::nfs::volume_backend_name', 'tripleo_nfs'),
$cinder_nfs_mount_options = '',
$step = hiera('step'),
$backend_name = hiera('cinder::backend::nfs::volume_backend_name', 'tripleo_nfs'),
$cinder_nfs_mount_options = '',
$cinder_nas_secure_file_operations = $::os_service_default,
$cinder_nas_secure_file_permissions = $::os_service_default,
$step = hiera('step'),
) {
include ::tripleo::profile::base::cinder::volume
@ -52,9 +71,11 @@ class tripleo::profile::base::cinder::volume::nfs (
package {'nfs-utils': } ->
cinder::backend::nfs { $backend_name :
nfs_servers => $cinder_nfs_servers,
nfs_mount_options => $cinder_nfs_mount_options,
nfs_shares_config => '/etc/cinder/shares-nfs.conf',
nfs_servers => $cinder_nfs_servers,
nfs_mount_options => $cinder_nfs_mount_options,
nfs_shares_config => '/etc/cinder/shares-nfs.conf',
nas_secure_file_operations => $cinder_nas_secure_file_operations,
nas_secure_file_permissions => $cinder_nas_secure_file_permissions,
}
}