Add support for Cinder "NAS secure" driver params

Add new parameters that control the NAS security settings in Cinder's
NFS and NetApp back end drivers. The settings are disabled by default.

Partial-Bug: #1688332
Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308
Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f

diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml
index bddc8e1..fbde4c0 100644 (file)
--- a/puppet/services/cinder-backend-netapp.yaml
+++ b/puppet/services/cinder-backend-netapp.yaml
@@ -93,6 +93,12 @@ parameters:
   CinderNetappWebservicePath:
     type: string
     default: '/devmgr/v2'
+  CinderNetappNasSecureFileOperations:
+    type: string
+    default: 'false'
+  CinderNetappNasSecureFilePermissions:
+    type: string
+    default: 'false'
   # DEPRECATED options for compatibility with older versions
   CinderNetappEseriesHostType:
     type: string
@@ -133,5 +139,7 @@ outputs:
         cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
         cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
         cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
+        cinder::backend::netapp::nas_secure_file_operations: {get_param: CinderNetappNasSecureFileOperations}
+        cinder::backend::netapp::nas_secure_file_permissions: {get_param: CinderNetappNasSecureFilePermissions}
       step_config: |
         include ::tripleo::profile::base::cinder::volume

diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index fe95222..1f8c345 100644 (file)
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -40,6 +40,20 @@ parameters:
       NFS servers used by Cinder NFS backend. Effective when
       CinderEnableNfsBackend is true.
     type: comma_delimited_list
+  CinderNasSecureFileOperations:
+    default: false
+    description: >
+      Controls whether security enhanced NFS file operations are enabled.
+      Valid values are 'auto', 'true' or 'false'. Effective when
+      CinderEnableNfsBackend is true.
+    type: string
+  CinderNasSecureFilePermissions:
+    default: false
+    description: >
+      Controls whether security enhanced NFS file permissions are enabled.
+      Valid values are 'auto', 'true' or 'false'. Effective when
+      CinderEnableNfsBackend is true.
+    type: string
   CinderRbdPoolName:
     default: volumes
     type: string
@@ -105,6 +119,8 @@ outputs:
             tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
             tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
             tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
+            tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
+            tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
             tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
             tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
             tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}

diff --git a/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
new file mode 100644 (file)
index 0000000..73b9f9c
--- /dev/null
+++ b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Add parameters to control the Cinder NAS security settings associated
+    with the NFS and NetApp Cinder back ends. The settings are disabled
+    by default.