Add support for Cinder "NAS secure" driver params

Add new parameters that control the NAS security settings in Cinder's
NFS and NetApp back end drivers. The settings are disabled by default.

Partial-Bug: #1688332
Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308
Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
(cherry picked from commit 4a48ad89a16b79ac57475a3cb4427b9b60dcd3e3)

diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml
index 29a0ce1..3346bb4 100644 (file)
--- a/puppet/services/cinder-backend-netapp.yaml
+++ b/puppet/services/cinder-backend-netapp.yaml
@@ -71,6 +71,12 @@ parameters:
   CinderNetappWebservicePath:
     type: string
     default: '/devmgr/v2'
+  CinderNetappNasSecureFileOperations:
+    type: string
+    default: 'false'
+  CinderNetappNasSecureFilePermissions:
+    type: string
+    default: 'false'
   # DEPRECATED options for compatibility with older versions
   CinderNetappEseriesHostType:
     type: string
@@ -125,5 +131,7 @@ outputs:
         cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
         cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
         cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
+        cinder::backend::netapp::nas_secure_file_operations: {get_param: CinderNetappNasSecureFileOperations}
+        cinder::backend::netapp::nas_secure_file_permissions: {get_param: CinderNetappNasSecureFilePermissions}
       step_config: |
         include ::tripleo::profile::base::cinder::volume

diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index 26f1a96..e636430 100644 (file)
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -40,6 +40,20 @@ parameters:
       NFS servers used by Cinder NFS backend. Effective when
       CinderEnableNfsBackend is true.
     type: comma_delimited_list
+  CinderNasSecureFileOperations:
+    default: false
+    description: >
+      Controls whether security enhanced NFS file operations are enabled.
+      Valid values are 'auto', 'true' or 'false'. Effective when
+      CinderEnableNfsBackend is true.
+    type: string
+  CinderNasSecureFilePermissions:
+    default: false
+    description: >
+      Controls whether security enhanced NFS file permissions are enabled.
+      Valid values are 'auto', 'true' or 'false'. Effective when
+      CinderEnableNfsBackend is true.
+    type: string
   CinderRbdPoolName:
     default: volumes
     type: string
@@ -95,6 +109,8 @@ outputs:
             tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
             tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
             tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
+            tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
+            tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
             tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
             tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
             tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}

diff --git a/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
new file mode 100644 (file)
index 0000000..73b9f9c
--- /dev/null
+++ b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Add parameters to control the Cinder NAS security settings associated
+    with the NFS and NetApp Cinder back ends. The settings are disabled
+    by default.