diff --git a/cinder/tests/unit/volume/drivers/dell_emc/unity/test_adapter.py b/cinder/tests/unit/volume/drivers/dell_emc/unity/test_adapter.py index ac273c9c471..7ad46fd2df0 100644 --- a/cinder/tests/unit/volume/drivers/dell_emc/unity/test_adapter.py +++ b/cinder/tests/unit/volume/drivers/dell_emc/unity/test_adapter.py @@ -1,4 +1,4 @@ -# Copyright (c) 2016 Dell Inc. or its subsidiaries. +# Copyright (c) 2016 - 2018 Dell Inc. or its subsidiaries. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -43,7 +43,7 @@ class MockConfig(object): self.san_ip = '1.2.3.4' self.san_login = 'user' self.san_password = 'pass' - self.driver_ssl_cert_verify = False + self.driver_ssl_cert_verify = True self.driver_ssl_cert_path = None def safe_get(self, name): @@ -412,7 +412,7 @@ class CommonAdapterTest(test.TestCase): self.assertEqual('1.2.3.4', self.adapter.ip) self.assertEqual('user', self.adapter.username) self.assertEqual('pass', self.adapter.password) - self.assertFalse(self.adapter.array_cert_verify) + self.assertTrue(self.adapter.array_cert_verify) self.assertIsNone(self.adapter.array_ca_cert_path) def test_do_setup_version_before_4_1(self): diff --git a/cinder/volume/drivers/dell_emc/unity/adapter.py b/cinder/volume/drivers/dell_emc/unity/adapter.py index 0bdb759b0e2..e00425093b9 100644 --- a/cinder/volume/drivers/dell_emc/unity/adapter.py +++ b/cinder/volume/drivers/dell_emc/unity/adapter.py @@ -1,4 +1,4 @@ -# Copyright (c) 2016 Dell Inc. or its subsidiaries. +# Copyright (c) 2016 - 2018 Dell Inc. or its subsidiaries. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -152,9 +152,8 @@ class CommonAdapter(object): self.ip = self.config.san_ip self.username = self.config.san_login self.password = self.config.san_password - # Unity currently not support to upload certificate. - # Once it supports, enable the verify. - self.array_cert_verify = False + # Allow for customized CA + self.array_cert_verify = self.config.driver_ssl_cert_verify self.array_ca_cert_path = self.config.driver_ssl_cert_path sys_version = self.client.system.system_version diff --git a/doc/source/configuration/block-storage/drivers/dell-emc-unity-driver.rst b/doc/source/configuration/block-storage/drivers/dell-emc-unity-driver.rst index e6d537c32ae..aeeaf567739 100644 --- a/doc/source/configuration/block-storage/drivers/dell-emc-unity-driver.rst +++ b/doc/source/configuration/block-storage/drivers/dell-emc-unity-driver.rst @@ -274,6 +274,35 @@ not efficient since a cloned volume will be created during backup. An effective approach to backups is to create a snapshot for the volume and connect this snapshot to the Block Storage host for volume backup. +SSL support +~~~~~~~~~~~ + +Admin is able to enable the SSL verification for any communication against +Unity REST API. + +By default, the SSL verification is disabled, user can enable it by following +steps: + +#. Setup the Unity array certificate and import it to the Unity, see section + `Storage system certificate` of `Security Configuration Guide `_. + +#. Import the CA certficate to the Cinder nodes on which the driver is running. + +#. Enable the changes on cinder nodes and restart the cinder services. + +.. code-block:: ini + + [unity] + ... + driver_ssl_cert_verify = True + driver_ssl_cert_path = + ... + + +If `driver_ssl_cert_path` is omitted, the system default CA will be used for CA +verification. + + IPv6 support ~~~~~~~~~~~~ diff --git a/releasenotes/notes/unity-enable-ssl-14db2497225c4395.yaml b/releasenotes/notes/unity-enable-ssl-14db2497225c4395.yaml new file mode 100644 index 00000000000..9acd4b74def --- /dev/null +++ b/releasenotes/notes/unity-enable-ssl-14db2497225c4395.yaml @@ -0,0 +1,7 @@ +--- +features: + - Dell EMC Unity Cinder driver allows enabling/disabling the SSL verification. + Admin can set `True` or `False` for `driver_ssl_cert_verify` to enable + or disable this function, alternatively set the + `driver_ssl_cert_path=` for customized CA path. + Both above 2 options should go under the driver section.