openstack/cinder
Code Issues Proposed changes

Changed default behaviour of nas_secure_file_* for Quobyte driver

Browse Source 
The Quobyte driver now maps the 'auto' value for
nas_secure_file_operations and nas_secure_file_permissions to false.
This simplifies initial setup for new installations as the secure
modes require additional configuration on Nova compute hosts.

Change-Id: I0ce20e109f126500462e6459794e993bbd579b58
This commit is contained in:
Silvan Kaiser 2018-08-22 15:03:40 +02:00
parent 79c37aa543
commit f448532b2a
3 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cinder/tests/unit/volume/drivers/test_quobyte.py
View File

@ -96,8 +96,8 @@ class QuobyteDriverTestCase(test.TestCase):
self._configuration.quobyte_qcow2_volumes = False
self._configuration.quobyte_mount_point_base = \
self.TEST_MNT_POINT_BASE
self._configuration.nas_secure_file_operations = "auto"
self._configuration.nas_secure_file_permissions = "auto"
self._configuration.nas_secure_file_operations = "true"
self._configuration.nas_secure_file_permissions = "true"
self._configuration.quobyte_volume_from_snapshot_cache = False
self._configuration.quobyte_overlay_volumes = False

22
cinder/volume/drivers/quobyte.py
View File

@ -35,7 +35,7 @@ from cinder import utils
from cinder.volume import configuration
from cinder.volume.drivers import remotefs as remotefs_drv
VERSION = '1.1.10'
VERSION = '1.1.11'
LOG = logging.getLogger(__name__)
@ -109,6 +109,7 @@ class QuobyteDriver(remotefs_drv.RemoteFSSnapDriverDistributed):
1.1.8 - Adds optional snapshot merge caching
1.1.9 - Support for Qemu >= 2.10.0
1.1.10 - Adds overlay based volumes for snapshot merge caching
1.1.11 - NAS secure ownership & permissions are now False by default
"""
@ -276,28 +277,21 @@ class QuobyteDriver(remotefs_drv.RemoteFSSnapDriverDistributed):
def set_nas_security_options(self, is_new_cinder_install):
self._execute_as_root = False
LOG.debug("nas_secure_file_* settings are %(ops)s and %(perm)s",
LOG.debug("nas_secure_file_* settings are %(ops)s (ownership) and "
"%(perm)s (permissions).",
{'ops': self.configuration.nas_secure_file_operations,
'perm': self.configuration.nas_secure_file_permissions}
)
if self.configuration.nas_secure_file_operations == 'auto':
"""Note (kaisers): All previous Quobyte driver versions ran with
secure settings hardcoded to 'True'. Therefore the default 'auto'
setting can safely be mapped to the same, secure, setting.
"""
LOG.debug("Mapping 'auto' value to 'true' for"
LOG.debug("Mapping 'auto' value to 'false' for"
" nas_secure_file_operations.")
self.configuration.nas_secure_file_operations = 'true'
self.configuration.nas_secure_file_operations = 'false'
if self.configuration.nas_secure_file_permissions == 'auto':
"""Note (kaisers): All previous Quobyte driver versions ran with
secure settings hardcoded to 'True'. Therefore the default 'auto'
setting can safely be mapped to the same, secure, setting.
"""
LOG.debug("Mapping 'auto' value to 'true' for"
LOG.debug("Mapping 'auto' value to 'false' for"
" nas_secure_file_permissions.")
self.configuration.nas_secure_file_permissions = 'true'
self.configuration.nas_secure_file_permissions = 'false'
if self.configuration.nas_secure_file_operations == 'false':
LOG.warning("The NAS file operations will be run as "

12
releasenotes/notes/qb-switch-nas-sec-opts-635c6ef1205e4f3f.yaml Normal file
View File

@ -0,0 +1,12 @@
---
upgrade:
- |
In order to simplify initial setup for new installations
the default behaviour of the Quobyte driver for the options
nas_secure_file_operations and nas_secure_file_permissions has changed.
The 'auto' values are no longer mapped to true but to false. Therefore
the old default behaviour to run with secure settings is changed
to run without secure settings as the new default behaviour.
Installations using the default values for these options should ensure
to explicitly set them to true with this new Cinder Quobyte driver
version.