444c18a38f
Lightbits storage clusters have the ability to block access to a volume unless it comes from a specific IP, via a non-standard extension to NVMe/TCP called "IPACL", which augments the standard string-based ACLs. This patch adds support for Lightbits IPACL to the Lightbits Cinder driver. We get the IPs to set from the os_brick running on the nova node that will be accessing the volumes (see the corresponding Lightbits connector os_brick patch) and set them when updating the volume's ACLs on creation and on volume update due to attachment and disconnection. os_brick patch: https://review.opendev.org/c/openstack/os-brick/+/903574 Depends-on: Ia22322bb8a8097900d5509b6c540355eb474f19d Change-Id: Id2540cbb9567f8242c76806318cdde9a80e791e1
8 lines
275 B
YAML
8 lines
275 B
YAML
---
|
|
features:
|
|
- |
|
|
Lightbits driver: Added a new configuration option
|
|
``lightos_use_ipacl``, defaulting to true. When set to true, the
|
|
Cinder driver will restrict access to each volume to the IP
|
|
addresses of the host machine that the volume is attached to.
|