From: Lucian Petrut <lpetrut@cloudbasesolutions.com>
Date: Tue, 7 Sep 2021 14:42:39 +0000 (+0000)
Subject: doc/rbd: describe Hyper-V disk addressing limitations
X-Git-Tag: v17.1.0~915^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F43079%2Fhead;p=ceph.git

doc/rbd: describe Hyper-V disk addressing limitations

Hyper-V identifies passthrough VM disks by number instead of SCSI ID, although
the disk number can change across host reboots. This means that the VMs can end
up using incorrect disks after rebooting the host, which is an important
security concern. This issue also affects iSCSI and Fibre Channel disks.

We're going to document this Hyper-V limitation along with possible
workarounds.

Signed-off-by: Lucian Petrut <lpetrut@cloudbasesolutions.com>
---

diff --git a/doc/rbd/rbd-windows.rst b/doc/rbd/rbd-windows.rst
index 271e85592a53..f2af4fc9f906 100644
--- a/doc/rbd/rbd-windows.rst
+++ b/doc/rbd/rbd-windows.rst
@@ -142,11 +142,35 @@ initializes a partition::
 Limitations
 -----------
 
+CSV support
+~~~~~~~~~~~
+
 At the moment, the Microsoft Failover Cluster can't use WNBD disks as
 Cluster Shared Volumes (CSVs) underlying storage. The main reason is that
 ``WNBD`` and ``rbd-wnbd`` don't support the *SCSI Persistent Reservations*
 feature yet.
 
+Hyper-V disk addressing
+~~~~~~~~~~~~~~~~~~~~~~~
+
+.. warning::
+  Hyper-V identifies passthrough VM disks by number instead of SCSI ID, although
+  the disk number can change across host reboots. This means that the VMs can end
+  up using incorrect disks after rebooting the host, which is an important
+  security concern. This issue also affects iSCSI and Fibre Channel disks.
+
+There are a few possible ways of avoding this Hyper-V limitation:
+
+* use an NTFS/ReFS partition to store VHDX image files instead of directly
+  attaching the RBD image. This may slightly impact the IO performance.
+* use the Hyper-V ``AutomaticStartAction`` setting to prevent the VMs from
+  booting with the incorrect disks and have a script that updates VM disks
+  attachments before powering them back on. The ``ElementName`` field of the
+  `Msvm_StorageAllocationSettingData`_ `WMI`_ class may be used to label VM
+  disk attachments.
+* use the Openstack Hyper-V driver, which automatically refreshes the VM disk
+  attachments before powering them back on.
+
 Troubleshooting
 ===============
 
@@ -156,3 +180,5 @@ Please consult the `Windows troubleshooting`_ page.
 .. _installation guide: ../../install/windows-install
 .. _RBD basic commands: ../rados-rbd-cmds
 .. _WNBD driver: https://github.com/cloudbase/wnbd
+.. _Msvm_StorageAllocationSettingData: https://docs.microsoft.com/en-us/windows/win32/hyperv_v2/msvm-storageallocationsettingdata
+.. _WMI: https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page