OpenStack Shared File Systems Service (Manila)

HP3PAR Allow/deny requires knowledge of 3PAR fsuser. This should be removed or optional.

Registered by Mark Sturdevant

HP 3PAR driver currently secures CIFS shares by IP and user. The user needs to be a 3PAR local 'fsuser' and to mount the shares the fsuser credentials need to be used. This works for a 3PAR shop, but in a mixed backend environment the user shouldn't need to know these details. I think the CIFS shares should only be secured by IP by default.

The local user security could be supported by extra specs, perhaps, to make it a share-type-specific option. LDAP/AD is not addressed yet.

Blueprint information

Status:
Complete
Approver:
Ben Swartzlander
Priority:
Low
Drafter:
Mark Sturdevant
Direction:
Approved
Assignee:
Mark Sturdevant
Definition:
Obsolete
Series goal:
None
Implementation:
Blocked
Milestone target:
None
Started by
Mark Sturdevant
Completed by
Mark Sturdevant

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:hp3par-remove-cifs-user-access,n,z

Addressed by: https://review.openstack.org/161044
    HP3PAR Remove support for user security for CIFS

The proposed solution still required a 3PAR admin to mount and set ACLs. Since this can't be made vendor transparent (for now), it is better to keep the 3PAR user security as-is -- with documentation of limitations needed. Future AD/LDAP will help. Otherwise some out-of-manila knowledge is needed.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.