Storage Management module security configuration workflows

You can use the workflows contained in the Security Configuration folder to manage storage security. This section describes the following Storage Management module security configuration workflows, their inputs, and their outputs:

Add NFS Security workflow

This workflow adds a new NFS security.

    MultiExcerpt named 'dynamictargetdesc' was not found
The multiexcerpt named 'dynamictargetdesc' was not found. Please check the page name and MultiExcerpt name used in the MultiExcerpt Include macro.

Sample Add NFS Security workflow Storage XML

<storage>
   <target-host>172.16.49.150</target-host>
   <persistent>true</persistent>
   <verbose>true</verbose>
   <actual-pathname></actual-pathname>
   <pathname>/vol/Gold_Storage_SLA_Dataset_3/bmcvol1</pathname>
   <anonymous-access-user>root</anonymous-access-user>
   <disable-setuid>true</disable-setuid>
   <read-only>
       <exports-hostname-info>
           <all-hosts>false</all-hosts>
           <name>172.16.49.104</name>
       <negate>true</negate>
           </exports-hostname-info>
           <exports-hostname-info>
               <all-hosts>false</all-hosts>
               <name>172.16.49.107</name>
       <negate>true</negate>
           </exports-hostname-info>
       </read-only>
       <read-write>
           <exports-hostname-info>
               <all-hosts>false</all-hosts>
               <name>172.16.49.104</name>
       <negate>true</negate>
           </exports-hostname-info>
           <exports-hostname-info>
               <all-hosts>false</all-hosts>
               <name>172.16.49.107</name>
       <negate>true</negate>
           </exports-hostname-info>
       </read-write>
       <root>
           <exports-hostname-info>
               <all-hosts>false</all-hosts>
               <name>172.16.49.104</name>
       <negate>true</negate>
           </exports-hostname-info>
           <exports-hostname-info>
               <all-hosts>false</all-hosts>
               <name>172.16.49.107</name>
       <negate>true</negate>
           </exports-hostname-info>
       </root>
       <sec-flavor>
           <sec-flavor-info>
               <flavor>sys</flavor>
           </sec-flavor-info>
           <sec-flavor-info>
               <flavor>none</flavor>
           </sec-flavor-info>
     </sec-flavor>
</storage>

Back to top

Attach Host to LUN workflow

In NetApp environments, this workflow attaches the specified host to the specified LUN. During the first association for that host, it creates an initiator group (igroup) with the name of the host. During subsequent associations, the workflow retrieves the igroup and adds the LUN to the igroup.

In EMC environments, this workflow also attaches the specified host to the specified LUN. The workflow creates a new storage group with a specified initiator ID. It adds the specified initiator ID (wwn or iqn) and LUN to it. Afterwards, the workflow retrieves the storage group and adds a LUN to it.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Attach Host to LUN workflow inputs

Back to top

Delete CIFS Security workflow 

This workflow deletes the specified common internet file system (CIFS) access permission on a CIFS share.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Delete CIFS Security workflow inputs

Input parameter

Description

Required

configuration name

Specifies a configuration group defined in the module configuration
Valid value: NetApp

Yes

storage

Deletes the specified CIFS access permission on a CIFS share
The following example details storage input XML:

<storage>
  <target-host>172.16.49.111</target-host>
  <cifs-share-name>cifs1</cifs-share-name>
  <user-name>root</user-name>
  <unix-group-name>root</unix-group-name>
</storage>

Yes

target-host

Specifies the host name or IP address of the target storage or filer

Yes

cifs-share-name

Specifies the name of the CIFS share whose permissions are modified

Yes

user-name

Specifies the name of the user If this is provided, then the user's access rights are deleted. If the specified user does not exist, the workflow fails with the reason: Unknown user: .

Note

This is a case-sensitive field.

No

unix-group-name

Specifies the name of the UNIX group
This field specifies the UNIX group whose access rights are deleted. If the specified group name does not exist, it fails with the reason: Unknown Unix group : .

Note

This is a case-sensitive field.

No

username

Specifies the NetApp DataFabric Manager logon user name

Conditional; required if dynamic targeting is used

password

Specifies the NetApp DataFabric Manager logon password

Conditional; required if dynamic targeting is used

encryption type

Determines whether the logon password is encrypted

Valid values: Base64, plain

Note

This is provided only when you use the password parameter.

Conditional

protocol

Specifies the communication protocol used by the adapter

Valid values: http (default), https

Note

This input is only used if dynamic targeting is specified.

No

port

Specifies the port on which NetApp DataFabric Manager is enabled

Default values: 8088 for http protocol; 8488 for https protocol

No

target

When you use dynamic targeting: Specifies the host name or IP address of the NetApp DataFabric Manager

When you do not use dynamic targeting: Designates a specific target (name of the NetApp DataFabric Manager server where the operation will be performed) that has been defined in the adapter configuration

Valid value: the same value as was specified for the name attribute of the config element in the adapter configuration. If this tag is left empty, the request will be executed on the first defined adapter configuration.

For example, the target is 02 in the sample adapter configuration:

<configs>
  <config name="02">
    <target>172.19.224.103</target>
    <user-name>root</user-name>
    <password>bmcbmc</password>
    <protocol>http</protocol>
    <port>8088</port>
  </config>
</configs>

Conditional

Back to top

Delete NFS Security workflow

This workflow removes the rules for a set of path names.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Sample Delete NFS Security workflow storage input XML

<storage>
  <target-host>172.16.49.150</target-host>
  <all-pathnames>false</all-pathnames>
  <persistent>true</persistent>
  <verbose>true</verbose>
  <pathnames>
    <pathname-info>
        <name>/vol/Gold_Storage_SLA_Dataset_3/bmcvol1</name>
    </pathname-info>
  </pathnames>
</storage>

Back to top

Detach Host from LUN workflow

In NetApp environments, this workflow detaches a LUN from a specified host.

In EMC environments, this workflow detaches a LUN from a specified host. If it is the last LUN to be detached, the workflow also deletes the storage group.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Detach Host from LUN workflow inputs

Back to top

Unregister Host workflow

This workflow removes the initiator ID from the igroup and deletes the igroup.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Back to top

Update CIFS Security workflow

This workflow adds or updates CIFS access permissions on a CIFS share.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Update CIFS Security workflow inputs



Sample Update CIFS Security workflow storage input XML

<storage>
  <target-host>172.16.49.111</target-host>
  <cifs-share-name>cifs1</cifs-share-name>
  <user-name>root</user-name>
  <unix-group-name>root</unix-group-name>
  <access-rights>Full Control</access-rights>
</storage>

Back to top

Update NFS Security workflow 

This workflow modifies the existing network file system (NFS) export settings.

This workflow supports dynamic targeting. See [baom201103:About dynamic target support in OA Storage Management] for details about dynamic targeting.

Sample Update NFS Security workflow storage input XML

<storage>
 <target-host>172.16.49.150</target-host>
 <persistent>true</persistent>
 <actual-pathname></actual-pathname>
 <pathname>/vol/Gold_Storage_SLA_Dataset_3/bmcvol1</pathname>
 <anonymous-access-user>root</anonymous-access-user>
 <disable-setuid>true</disable-setuid>
 <read-only>
  <exports-hostname-info>
    <all-hosts>false</all-hosts>
    <name>172.16.49.104</name>
  </exports-hostname-info>
  <exports-hostname-info>
    <all-hosts>false</all-hosts>
    <name>172.16.49.107</name>
  </exports-hostname-info>
 </read-only>
 <read-write>
  <exports-hostname-info>
    <all-hosts>false</all-hosts>
    <name>172.16.49.104</name>
  </exports-hostname-info>
  <exports-hostname-info>
    <all-hosts>false</all-hosts>
    <name>172.16.49.107</name>
  </exports-hostname-info>
 </read-write>
 <root>
  <exports-hostname-info>
    <all-hosts>false</all-hosts>
    <name>172.16.49.104</name>
  </exports-hostname-info>
  <exports-hostname-info>
    <all-hosts>false</all-hosts>
    <name>172.16.49.107</name>
  </exports-hostname-info>
 </root>
 <sec-flavor>
  <sec-flavor-info>
    <flavor>sys</flavor>
  </sec-flavor-info>
  <sec-flavor-info>
    <flavor>none</flavor>
  </sec-flavor-info>
 </sec-flavor>
</storage>

Back to top

Was this page helpful? Yes No Submitting... Thank you

Comments