Merge "Add spec for enable IPv6 in manila"

2016-12-15 20:35:13 +00:00 · 2016-12-15 20:35:13 +00:00 · 6fd17c1ceb
commit 6fd17c1ceb
parent d5d1f4bfe7 f7202a6cfe
1 changed files with 240 additions and 0 deletions
--- a/specs/ocata/manila-ipv6.rst
+++ b/specs/ocata/manila-ipv6.rst
@ -0,0 +1,240 @@
 ..
 This work is licensed under a Creative Commons Attribution 3.0 Unported
 License.
 http://creativecommons.org/licenses/by/3.0/legalcode
 =============================
 Support IPv6 access in manila
 =============================
 https://blueprints.launchpad.net/manila/+spec/support-ipv6-access
 Problem description
 ===================
 Currently ip access rule type only supports IPv4. A valid format is
 xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/xx. This is not enough when users want to
 enable IPv6 in manila. The most affected areas are API (access rules) and
 the drivers (access rules & export locations).
 Use cases
 =========
 End users with IPv6 interfaces also want to access their shares, and manila
 currently only supports IPv4 protocol when access is IP-based.
 Proposed change
 ===============
 * Support IPv6 in access rule
 As agreed by the manila community in IRC meeting (topic IPv6) [1], manila
 can address this requirement by adding the IPv6 format validation for ip
 access rule type. Change the validation approach from our own function
 (_validate_ip_range) to a standard module 'ipaddress' (both IPv4 and IPv6
 are supported).
 With the ipaddress module, the IPv6 formats below are all considered
 acceptable::
      2001:0DB8:02de:0000:0000:0000:0000:0e13   #uncompressed
      2001:DB8:2de:0:0:0:0:0e13                 #leading zeros removed
      2001:DB8:2de::0e13                #consecutive sections of zeroes omitted
      2001:dB8:2De::0E13                #mixed case
      2001:dB8::/32                     #network range
 and manila will convert all of these into lower and compressed format, which
 means the result of first example will be like (it's also a canonical format
 which is recommended in RFC5952 [2])::
      2001:db8:2de::e13
 * Support IPv6 in network plugins
 The standalone and neutron network plugins (nova network plugins are ignored
 as they are being deprecated) will have to be modified to support IPv6.
 1. Network plugins will add new boolean configuration options 'network_plugin
   _ipv4_enabled' and 'network_plugin_ipv6_enabled' to indicate its enabled
   ip versions. The default values are 'True' and 'False' respectively. We
   will ultimately support both IPv4 and IPv6 enabled for single network
   plugin, but for this phase, restricted to the current manila network plugin
   architecture, only one option should be configured True (either IPv4 or
   IPv6) in Ocata. We will also deprecate the 'standalone_network_plugin_ip
   _version' which will be equivalent to 'network_plugin_ipv6_enabled=True'
   and 'network_plugin_ipv4_enabled=False', or on the contrary.
 2. Network plugins should be updated to allocate network resource based on
   their ip version's configuration (both for user network and admin network).
   For example, the neutron network plugins will only allocate IPv6 ports
   if 'network_plugin_ipv6_enabled = True'. If no suitable resource is found
   with the configured or specified network resource the allocation process
   would fail with exception.
 * Support IPv6 in drivers
 As the export location support's status varies in different drivers, manila
 will introduce two extra_specs (and driver capabilities) 'ipv4_support',
 'ipv6_support' to make backends and users easy to support and configure.
 1. Add new optional boolean extra_specs 'ipv4_support', 'ipv6_support' for
   share type that indicates the required ip version (Omitting either
   extra_spec means "don't care" about a match for that capability).
 2. Drivers have to report the capabilities with the ip version which they can
   support, the capability is reported in the same format with extra_specs.
   There are two cases that driver should consider:
   - **DHSS=false**, the driver should report IPv4 is True only if it is
   actually configured with IPv4 export locations, and IPv6 is True only
   if it is actually configured to support IPv6 export locations.
   - **DHSS=true**, the driver should report IPv4 is True only if both driver
   and the configured network plugins (both user and admin) have the IPv4
   capability, so does the IPv6.
 3. The manila scheduler will choose the correct backend with capability
   filter when ip version extra_specs are involved.
 4. Driver must return export locations according to its IP version
   capabilities, and only host addresses are allowed in export locations,
   not hostnames.
 Alternatives
 ------------
 None
 Data model impact
 -----------------
 None
 REST API impact
 ---------------
 The API microversion will have to be bumped for this.
 * The IPv6 address and IPv6 network are supported in allow_access action.
 Driver impact
 -------------
 Drivers will be updated so that existing drivers that use IPv4 addresses
 will report ipv4_support=True. When drivers support both IPv4 and IPv6,
 they need report their support versions based on their capabilities
 and configuration of the storage backend.
 Also the following functions might need to be changed:
 * _update_share_stats
 * create_share
 * delete_share
 * create_share_from_snapshot
 * update_access
 * setup_server
 * manage_existing
 * create_replica
 * promote_replica
 * migration_start
 * migration_complete
 * create_consistency_group
 * create_consistency_group_from_cgsnapshot
 Also, drivers must export locations as addresses rather than as host names
 since addresses are specifically IPv4 or IPv6 whereas host names could resolve
 to either an IPv4 or an IPv6 address at any particular time.
 Security impact
 ---------------
 None
 Notifications impact
 --------------------
 None
 Other end user impact
 ---------------------
 * python-manilaclient will be changed to reflect the validation approach
  changes for ip access type.
  The access-allow command with IPv6 supported will be like::
      manila access-allow test_share ip "AD80:0:0:0:ABAA:0:C2:2"
 * manila-ui will have corresponding UI changes to deal with the valid value
  for ip access rule type after python-manilaclient implementation.
 Performance impact
 ------------------
 None
 Other deployer impact
 ---------------------
 Deployers must ensure their IP version preferences are reflected on the
 storage backends, such that data interfaces have IPv4 and IPv6 addresses
 as desired.
 Developer impact
 ----------------
 Changes to the driver interface are noted above. Third party backends
 will implement these changes and report their IPv6's ability if they
 want to enable IPv6 in their drivers (the support matrix can be found
 here [3]).
 Implementation
 ==============
 Assignee(s)
 -----------
 Primary assignee:
 * zhongjun(jun.zhongjun2@gmail.com)
 * TommyLike(tommylikehu@gmail.com)
 * zengyingzhe(zengyingzhe@huawei.com)
 Work items
 ----------
 * Implement core feature
 * Report capability ipv4_support=True for existing IPv4 drivers
 * Implement IPv6 in network plugins.
 * Implement IPv6 ACL in generic, huawei and dummy drivers
 * Implement tempest tests
 * Implement Scenario tests
 * Implement manila-ui support
 * Implement python-manilaclient support
 * Update manila API documentation
 * Update manila guide documentation on IPv6
 Dependencies
 ============
 None
 Testing
 =======
 * Unit test
 * Functional test
 * Tempest test
 Documentation impact
 ====================
 * Update user guide
 * Update manila API documentation
 * Update manila developer documentation on IPv6
 References
 ==========
 [1] http://eavesdrop.openstack.org/meetings/manila/2016/manila.2016-08-25-15.00.log.html
 [2] https://tools.ietf.org/html/rfc5952#section-4
 [3] http://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html