openstack/charm-manila-netapp
Code Issues Proposed changes

Update README.md

Browse Source 
Clarify the Active Directory requirement for the `CIFS` shares, when
DHSS is enabled.

Also, add a warning about the AD user credentials being stored plain
text in the Manila database.
This commit is contained in:
Ionut Balutoiu 2021-03-11 11:54:47 +02:00
parent 646eb408d4
commit ca2032ba00
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -38,6 +38,22 @@ spawned into NetApp Data ONTAP cluster. The only limitation to this mode is
that the Neutron network bound to the share network, needs to be `flat` or
`vlan`, when using the NetApp driver.
With DHSS (driver handles share servers) enabled, the `CIFS` share servers must
be configured with an external Active Directory (AD) for authentication. The AD
config info is provided to the Manila NetApp share servers via an
`active_directory` [security service][security-services-doc] associated with
the share network.
Also, the NetApp driver requires credentials from an AD user with enough
privileges to register the new `CIFS` share servers as computers in the AD
domain. These credentials are provided as part of the Manila security service
configuration.
**WARNING**: The credentials for the required AD user are stored in plain text,
in the Manila database, as part of the associated security service. Tenant
users are able to see these when fetching information about the
`active_directory` security service. This is a potential security risk!
When `driver-handles-share-servers` is disabled, an existing NetApp ONTAP
SVM must be pre-configured, and its name must be given as `vserver-name` in
the charm config.
@ -85,5 +101,6 @@ For general charm questions refer to the OpenStack [Charm Guide][cg].
[cg]: https://docs.openstack.org/charm-guide
[driver-doc]: https://docs.openstack.org/manila/victoria/configuration/shared-file-systems/drivers/netapp-cluster-mode-driver.html
[share-networks-doc]: https://docs.openstack.org/manila/victoria/admin/shared-file-systems-share-networks.html
[security-services-doc]: https://docs.openstack.org/manila/victoria/admin/shared-file-systems-security-services.html
[lp-bugs-charm-manila-netapp]: https://bugs.launchpad.net/charm-manila-netapp/+filebug
[operator-git-repo]: https://github.com/canonical/operator