The Storwize family or SVC system must be configured for iSCSI, Fibre Channel, or both.
If using iSCSI, each Storwize family or SVC node should have at least one iSCSI IP address. The IBM Storwize/SVC driver uses an iSCSI IP address associated with the volume's preferred node (if available) to attach the volume to the instance, otherwise it uses the first available iSCSI IP address of the system. The driver obtains the iSCSI IP address directly from the storage system; you do not need to provide these iSCSI IP addresses directly to the driver.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
If using iSCSI, ensure that the compute nodes have iSCSI network access to the Storwize family or SVC system. |
| Note |
|---|---|
OpenStack Nova's Grizzly version supports iSCSI multipath. Once this is configured on the Nova host (outside the scope of this documentation), multipath is enabled. |
If using Fibre Channel (FC), each Storwize family or
SVC node should have at least one WWPN port
configured. If the
storwize_svc_multipath_enabled
flag is set to True in the Cinder configuration file,
the driver uses all available WWPNs to attach the
volume to the instance (details about the
configuration flags appear in the next
section). If the flag is not set, the
driver uses the WWPN associated with the volume's
preferred node (if available), otherwise it uses the
first available WWPN of the system. The driver obtains
the WWPNs directly from the storage system; you do not
need to provide these WWPNs directly to the
driver.
| Note |
|---|---|
If using FC, ensure that the compute nodes have FC connectivity to the Storwize family or SVC system. |
If using iSCSI for data access and the
storwize_svc_iscsi_chap_enabled
is set to True, the driver will
associate randomly-generated CHAP secrets with all
hosts on the Storwize family system. OpenStack compute
nodes use these secrets when creating iSCSI
connections.
| Note |
|---|---|
CHAP secrets are added to existing hosts as well as newly-created ones. If the CHAP option is enabled, hosts will not be able to access the storage without the generated secrets. |
| Note |
|---|---|
Not all OpenStack Compute drivers support CHAP authentication. Please check compatibility before using. |
| Note |
|---|---|
CHAP secrets are passed from OpenStack Block Storage to Compute in clear text. This communication should be secured to ensure that CHAP secrets are not discovered. |
Each instance of the IBM Storwize/SVC driver
allocates all volumes in a single pool. The pool
should be created in advance and be provided to the
driver using the
storwize_svc_volpool_name
configuration flag. Details about the configuration
flags and how to provide the flags to the driver
appear in the next section.
The driver requires access to the Storwize family or
SVC system management interface. The driver
communicates with the management using SSH. The driver
should be provided with the Storwize family or SVC
management IP using the san_ip
flag, and the management port should be provided by
the san_ssh_port flag. By default,
the port value is configured to be port 22
(SSH).
| Note |
|---|---|
Make sure the compute node running the |
To allow the driver to communicate with the Storwize family or SVC system, you must provide the driver with a user on the storage system. The driver has two authentication methods: password-based authentication and SSH key pair authentication. The user should have an Administrator role. It is suggested to create a new user for the management driver. Please consult with your storage and security administrator regarding the preferred authentication method and how passwords or SSH keys should be stored in a secure manner.
| Note |
|---|---|
When creating a new user on the Storwize or SVC system, make sure the user belongs to the Administrator group or to another group that has an Administrator role. |
If using password authentication, assign a password
to the user on the Storwize or SVC system. The driver
configuration flags for the user and password are
san_login and
san_password,
respectively.
If you are using the SSH key pair authentication,
create SSH private and public keys using the
instructions below or by any other method. Associate
the public key with the user by uploading the public
key: select the "choose file" option in the Storwize
family or SVC management GUI under "SSH public key".
Alternatively, you may associate the SSH public key
using the command line interface; details can be found
in the Storwize and SVC documentation. The private key
should be provided to the driver using the
san_private_key configuration
flag.
You can create an SSH key pair using OpenSSH, by running:
$ ssh-keygen -t rsa
The command prompts for a file to save the key pair.
For example, if you select 'key' as the filename, two
files are created: key and
key.pub. The
key file holds the private SSH
key and key.pub holds the public
SSH key.
The command also prompts for a pass phrase, which should be empty.
The private key file should be provided to the
driver using the san_private_key
configuration flag. The public key should be uploaded
to the Storwize family or SVC system using the storage
management GUI or command line interface.
| Note |
|---|---|
Ensure that Cinder has read permissions on the private key file. |
