From f448532b2a69459fbf7321c539417e29b1476dfc Mon Sep 17 00:00:00 2001 From: Silvan Kaiser Date: Wed, 22 Aug 2018 15:03:40 +0200 Subject: [PATCH] Changed default behaviour of nas_secure_file_* for Quobyte driver The Quobyte driver now maps the 'auto' value for nas_secure_file_operations and nas_secure_file_permissions to false. This simplifies initial setup for new installations as the secure modes require additional configuration on Nova compute hosts. Change-Id: I0ce20e109f126500462e6459794e993bbd579b58 --- .../tests/unit/volume/drivers/test_quobyte.py | 4 ++-- cinder/volume/drivers/quobyte.py | 22 +++++++------------ ...-switch-nas-sec-opts-635c6ef1205e4f3f.yaml | 12 ++++++++++ 3 files changed, 22 insertions(+), 16 deletions(-) create mode 100644 releasenotes/notes/qb-switch-nas-sec-opts-635c6ef1205e4f3f.yaml diff --git a/cinder/tests/unit/volume/drivers/test_quobyte.py b/cinder/tests/unit/volume/drivers/test_quobyte.py index c26aa3635c7..e5fe434f067 100644 --- a/cinder/tests/unit/volume/drivers/test_quobyte.py +++ b/cinder/tests/unit/volume/drivers/test_quobyte.py @@ -96,8 +96,8 @@ class QuobyteDriverTestCase(test.TestCase): self._configuration.quobyte_qcow2_volumes = False self._configuration.quobyte_mount_point_base = \ self.TEST_MNT_POINT_BASE - self._configuration.nas_secure_file_operations = "auto" - self._configuration.nas_secure_file_permissions = "auto" + self._configuration.nas_secure_file_operations = "true" + self._configuration.nas_secure_file_permissions = "true" self._configuration.quobyte_volume_from_snapshot_cache = False self._configuration.quobyte_overlay_volumes = False diff --git a/cinder/volume/drivers/quobyte.py b/cinder/volume/drivers/quobyte.py index cb7ceceaf47..0cc8d00b498 100644 --- a/cinder/volume/drivers/quobyte.py +++ b/cinder/volume/drivers/quobyte.py @@ -35,7 +35,7 @@ from cinder import utils from cinder.volume import configuration from cinder.volume.drivers import remotefs as remotefs_drv -VERSION = '1.1.10' +VERSION = '1.1.11' LOG = logging.getLogger(__name__) @@ -109,6 +109,7 @@ class QuobyteDriver(remotefs_drv.RemoteFSSnapDriverDistributed): 1.1.8 - Adds optional snapshot merge caching 1.1.9 - Support for Qemu >= 2.10.0 1.1.10 - Adds overlay based volumes for snapshot merge caching + 1.1.11 - NAS secure ownership & permissions are now False by default """ @@ -276,28 +277,21 @@ class QuobyteDriver(remotefs_drv.RemoteFSSnapDriverDistributed): def set_nas_security_options(self, is_new_cinder_install): self._execute_as_root = False - LOG.debug("nas_secure_file_* settings are %(ops)s and %(perm)s", + LOG.debug("nas_secure_file_* settings are %(ops)s (ownership) and " + "%(perm)s (permissions).", {'ops': self.configuration.nas_secure_file_operations, 'perm': self.configuration.nas_secure_file_permissions} ) if self.configuration.nas_secure_file_operations == 'auto': - """Note (kaisers): All previous Quobyte driver versions ran with - secure settings hardcoded to 'True'. Therefore the default 'auto' - setting can safely be mapped to the same, secure, setting. - """ - LOG.debug("Mapping 'auto' value to 'true' for" + LOG.debug("Mapping 'auto' value to 'false' for" " nas_secure_file_operations.") - self.configuration.nas_secure_file_operations = 'true' + self.configuration.nas_secure_file_operations = 'false' if self.configuration.nas_secure_file_permissions == 'auto': - """Note (kaisers): All previous Quobyte driver versions ran with - secure settings hardcoded to 'True'. Therefore the default 'auto' - setting can safely be mapped to the same, secure, setting. - """ - LOG.debug("Mapping 'auto' value to 'true' for" + LOG.debug("Mapping 'auto' value to 'false' for" " nas_secure_file_permissions.") - self.configuration.nas_secure_file_permissions = 'true' + self.configuration.nas_secure_file_permissions = 'false' if self.configuration.nas_secure_file_operations == 'false': LOG.warning("The NAS file operations will be run as " diff --git a/releasenotes/notes/qb-switch-nas-sec-opts-635c6ef1205e4f3f.yaml b/releasenotes/notes/qb-switch-nas-sec-opts-635c6ef1205e4f3f.yaml new file mode 100644 index 00000000000..ff7631aa6a7 --- /dev/null +++ b/releasenotes/notes/qb-switch-nas-sec-opts-635c6ef1205e4f3f.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + In order to simplify initial setup for new installations + the default behaviour of the Quobyte driver for the options + nas_secure_file_operations and nas_secure_file_permissions has changed. + The 'auto' values are no longer mapped to true but to false. Therefore + the old default behaviour to run with secure settings is changed + to run without secure settings as the new default behaviour. + Installations using the default values for these options should ensure + to explicitly set them to true with this new Cinder Quobyte driver + version.