diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-05-11 16:49:18 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-05-11 16:49:18 +0000 |
| commit | ae2c883ac56aea5ce881a0f8a8721c9cda965f34 (patch) | |
| tree | 75b22dee2f5740cd6e01477796f87139c88bdae9 /manifests/profile/base/cinder | |
| parent | 749acc8df66e00e21b320d2fc9197ab5eec837b6 (diff) | |
| parent | 5a350024957d197295a16f6f25e8a253c7c1545a (diff) | |
Merge "Add support for Cinder "NAS secure" driver params"
Diffstat (limited to 'manifests/profile/base/cinder')
| -rw-r--r-- | manifests/profile/base/cinder/volume/netapp.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/cinder/volume/nfs.pp | 33 |
2 files changed, 29 insertions, 6 deletions
diff --git a/manifests/profile/base/cinder/volume/netapp.pp b/manifests/profile/base/cinder/volume/netapp.pp index fc652c9..43978da 100644 --- a/manifests/profile/base/cinder/volume/netapp.pp +++ b/manifests/profile/base/cinder/volume/netapp.pp @@ -59,6 +59,8 @@ class tripleo::profile::base::cinder::volume::netapp ( netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), + nas_secure_file_operations => hiera('cinder::backend::netapp::nas_secure_file_operations', undef), + nas_secure_file_permissions => hiera('cinder::backend::netapp::nas_secure_file_permissions', undef), } } diff --git a/manifests/profile/base/cinder/volume/nfs.pp b/manifests/profile/base/cinder/volume/nfs.pp index 7b1f1b9..e384a79 100644 --- a/manifests/profile/base/cinder/volume/nfs.pp +++ b/manifests/profile/base/cinder/volume/nfs.pp @@ -29,6 +29,23 @@ # (Optional) List of mount options for the NFS share # Defaults to '' # +# [*cinder_nas_secure_file_operations*] +# (Optional) Allow network-attached storage systems to operate in a secure +# environment where root level access is not permitted. If set to False, +# access is as the root user and insecure. If set to True, access is not as +# root. If set to auto, a check is done to determine if this is a new +# installation: True is used if so, otherwise False. Default is auto. +# Defaults to $::os_service_default +# +# [*cinder_nas_secure_file_permissions*] +# (Optional) Set more secure file permissions on network-attached storage +# volume files to restrict broad other/world access. If set to False, +# volumes are created with open permissions. If set to True, volumes are +# created with permissions for the cinder user and group (660). If set to +# auto, a check is done to determine if this is a new installation: True is +# used if so, otherwise False. Default is auto. +# Defaults to $::os_service_default +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -36,9 +53,11 @@ # class tripleo::profile::base::cinder::volume::nfs ( $cinder_nfs_servers, - $backend_name = hiera('cinder::backend::nfs::volume_backend_name', 'tripleo_nfs'), - $cinder_nfs_mount_options = '', - $step = hiera('step'), + $backend_name = hiera('cinder::backend::nfs::volume_backend_name', 'tripleo_nfs'), + $cinder_nfs_mount_options = '', + $cinder_nas_secure_file_operations = $::os_service_default, + $cinder_nas_secure_file_permissions = $::os_service_default, + $step = hiera('step'), ) { include ::tripleo::profile::base::cinder::volume @@ -52,9 +71,11 @@ class tripleo::profile::base::cinder::volume::nfs ( package {'nfs-utils': } -> cinder::backend::nfs { $backend_name : - nfs_servers => $cinder_nfs_servers, - nfs_mount_options => $cinder_nfs_mount_options, - nfs_shares_config => '/etc/cinder/shares-nfs.conf', + nfs_servers => $cinder_nfs_servers, + nfs_mount_options => $cinder_nfs_mount_options, + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + nas_secure_file_operations => $cinder_nas_secure_file_operations, + nas_secure_file_permissions => $cinder_nas_secure_file_permissions, } } |