Storage Management module security configuration workflows
You can use the workflows contained in the Security Configuration folder to manage storage security. This section describes the following Storage Management module security configuration workflows, their inputs, and their outputs:
Add NFS Security workflow
This workflow adds a new NFS security.
Sample Add NFS Security workflow Storage XML
<storage>
<target-host>172.16.49.150</target-host>
<persistent>true</persistent>
<verbose>true</verbose>
<actual-pathname></actual-pathname>
<pathname>/vol/Gold_Storage_SLA_Dataset_3/bmcvol1</pathname>
<anonymous-access-user>root</anonymous-access-user>
<disable-setuid>true</disable-setuid>
<read-only>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.104</name>
<negate>true</negate>
</exports-hostname-info>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.107</name>
<negate>true</negate>
</exports-hostname-info>
</read-only>
<read-write>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.104</name>
<negate>true</negate>
</exports-hostname-info>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.107</name>
<negate>true</negate>
</exports-hostname-info>
</read-write>
<root>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.104</name>
<negate>true</negate>
</exports-hostname-info>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.107</name>
<negate>true</negate>
</exports-hostname-info>
</root>
<sec-flavor>
<sec-flavor-info>
<flavor>sys</flavor>
</sec-flavor-info>
<sec-flavor-info>
<flavor>none</flavor>
</sec-flavor-info>
</sec-flavor>
</storage>
Attach Host to LUN workflow
In NetApp environments, this workflow attaches the specified host to the specified LUN. During the first association for that host, it creates an initiator group (igroup) with the name of the host. During subsequent associations, the workflow retrieves the igroup and adds the LUN to the igroup.
In EMC environments, this workflow also attaches the specified host to the specified LUN. The workflow creates a new storage group with a specified initiator ID. It adds the specified initiator ID (wwn or iqn) and LUN to it. Afterwards, the workflow retrieves the storage group and adds a LUN to it.
Attach Host to LUN workflow inputs
Delete CIFS Security workflow
This workflow deletes the specified common internet file system (CIFS) access permission on a CIFS share.
Delete CIFS Security workflow inputs
Input parameter | Description | Required | |
---|---|---|---|
configuration name | Specifies a configuration group defined in the module configuration | Yes | |
storage | Deletes the specified CIFS access permission on a CIFS share
| Yes | |
| Specifies the host name or IP address of the target storage or filer | Yes | |
| Specifies the name of the CIFS share whose permissions are modified | Yes | |
| Specifies the name of the user If this is provided, then the user's access rights are deleted. If the specified user does not exist, the workflow fails with the reason: Unknown user: . Note This is a case-sensitive field. | No | |
| Specifies the name of the UNIX group Note This is a case-sensitive field. | No | |
username | Specifies the NetApp DataFabric Manager logon user name | Conditional; required if dynamic targeting is used | |
password | Specifies the NetApp DataFabric Manager logon password | Conditional; required if dynamic targeting is used | |
encryption type | Determines whether the logon password is encrypted Note This is provided only when you use the password parameter. | Conditional | |
protocol | Specifies the communication protocol used by the adapter Note This input is only used if dynamic targeting is specified. | No | |
port | Specifies the port on which NetApp DataFabric Manager is enabled | No | |
target | When you use dynamic targeting: Specifies the host name or IP address of the NetApp DataFabric Manager
| Conditional |
Delete NFS Security workflow
This workflow removes the rules for a set of path names.
Sample Delete NFS Security workflow storage input XML
<storage>
<target-host>172.16.49.150</target-host>
<all-pathnames>false</all-pathnames>
<persistent>true</persistent>
<verbose>true</verbose>
<pathnames>
<pathname-info>
<name>/vol/Gold_Storage_SLA_Dataset_3/bmcvol1</name>
</pathname-info>
</pathnames>
</storage>
Detach Host from LUN workflow
In NetApp environments, this workflow detaches a LUN from a specified host.
In EMC environments, this workflow detaches a LUN from a specified host. If it is the last LUN to be detached, the workflow also deletes the storage group.
Detach Host from LUN workflow inputs
Unregister Host workflow
This workflow removes the initiator ID from the igroup and deletes the igroup.
Update CIFS Security workflow
This workflow adds or updates CIFS access permissions on a CIFS share.
Update CIFS Security workflow inputs
Sample Update CIFS Security workflow storage input XML
<storage>
<target-host>172.16.49.111</target-host>
<cifs-share-name>cifs1</cifs-share-name>
<user-name>root</user-name>
<unix-group-name>root</unix-group-name>
<access-rights>Full Control</access-rights>
</storage>
Update NFS Security workflow
This workflow modifies the existing network file system (NFS) export settings.
Sample Update NFS Security workflow storage input XML
<storage>
<target-host>172.16.49.150</target-host>
<persistent>true</persistent>
<actual-pathname></actual-pathname>
<pathname>/vol/Gold_Storage_SLA_Dataset_3/bmcvol1</pathname>
<anonymous-access-user>root</anonymous-access-user>
<disable-setuid>true</disable-setuid>
<read-only>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.104</name>
</exports-hostname-info>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.107</name>
</exports-hostname-info>
</read-only>
<read-write>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.104</name>
</exports-hostname-info>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.107</name>
</exports-hostname-info>
</read-write>
<root>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.104</name>
</exports-hostname-info>
<exports-hostname-info>
<all-hosts>false</all-hosts>
<name>172.16.49.107</name>
</exports-hostname-info>
</root>
<sec-flavor>
<sec-flavor-info>
<flavor>sys</flavor>
</sec-flavor-info>
<sec-flavor-info>
<flavor>none</flavor>
</sec-flavor-info>
</sec-flavor>
</storage>
Comments
Log in or register to comment.