diff --git a/doc/source/admin/shared-file-systems-share-networks.rst b/doc/source/admin/shared-file-systems-share-networks.rst index 58b9be42db..fd43fae444 100644 --- a/doc/source/admin/shared-file-systems-share-networks.rst +++ b/doc/source/admin/shared-file-systems-share-networks.rst @@ -100,6 +100,13 @@ network provider. Service. A default subnet is expected to be reachable from all availability zones in the cloud. +.. note:: + Since API version 2.63, the share network will have two additional fields: + ``status`` and ``security_service_update_support``. The former indicates the + current status of a share network, and the latter informs if all the share + network's resources can hold updating or adding security services after they + are already deployed. + To check the network list, run: .. code-block:: console @@ -166,6 +173,14 @@ You also can see detailed information about the share network including You also can add and remove the security services from the share network. For more detail, see :ref:`shared_file_systems_security_services`. +How to reset the state of a share network (Since API version 2.63) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To reset the state of a given share network, run: + +.. code-block:: console + + $ manila share-network-reset-state manila_service_network --state active + ============================================== Share network subnets (Since API version 2.51) diff --git a/doc/source/contributor/driver_requirements.rst b/doc/source/contributor/driver_requirements.rst index fb438fd4c0..7fa7682aea 100644 --- a/doc/source/contributor/driver_requirements.rst +++ b/doc/source/contributor/driver_requirements.rst @@ -104,6 +104,9 @@ function correctly in manila, such as: that can replicate between each other; - replication_type: string specifying the type of replication supported by the driver. Can be one of ('readable', 'writable' or 'dr'). +- security_service_update_support: boolean specifying whether the driver + supports updating or adding security services in an already deployed share + server. It defaults to ``False``. Below is an example of drivers with multiple pools. "my" is used as an example vendor prefix: @@ -152,6 +155,7 @@ example vendor prefix: #/ 'ipv4_support': True, 'ipv6_support': True, + 'security_service_update_support': False, }, {'pool_name': 'thick pool', @@ -174,6 +178,7 @@ example vendor prefix: 'my_super_hero_2': 'Robin', 'ipv4_support': True, 'ipv6_support': True, + 'security_service_update_support': False, }, ] } diff --git a/doc/source/user/share-network-operations.rst b/doc/source/user/share-network-operations.rst index 7c5689b642..02f5c4f323 100644 --- a/doc/source/user/share-network-operations.rst +++ b/doc/source/user/share-network-operations.rst @@ -247,6 +247,26 @@ Share network show | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'fake_updated_net_id', 'neutron_subnet_id': 'fake_updated_subnet_id', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + .. note:: + Since API version 2.63, the ``share-network-show`` command also shows + the ``status`` and ``security_service_update_support`` fields. + + .. code-block:: console + + +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Property | Value | + +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | + | name | sharenetwork1 | + | project_id | 8c2962a4832743469a336f7c179f7d34 | + | created_at | 2019-10-09T04:19:31.000000 | + | updated_at | None | + | description | Share Network created for demo purposes | + | status | active | + | security_service_update_support | True | + | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'fake_updated_net_id', 'neutron_subnet_id': 'fake_updated_subnet_id', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | + +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + Add security service/s ~~~~~~~~~~~~~~~~~~~~~~ @@ -264,6 +284,16 @@ Add security service/s | 50303c35-2c53-4d37-a0d9-61dfe3789569 | my_sec_service | new | ldap | +--------------------------------------+----------------+--------+------+ +.. note:: + Since API version 2.63, manila supports adding security services to share + networks that already are in use, depending on the share network's + support. The share network entity now contains a field called + ``security_service_update_support`` which holds information whether all + resources built within it can hold such operation. + Before starting the operation to actually add the security service to a + share network that is being used, a check operation must be triggered. See + :ref:`subsection `. + List share network security services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -312,3 +342,100 @@ Delete share networks | id | name | +--------------------------------------+---------------+ +--------------------------------------+---------------+ + +.. _share_network_security_service_update_check: + +Update share network security service check (Since API version 2.63) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Check if the update for security services of the same type can be performed: + + .. code-block:: console + + $ manila share-network-security-service-update-check \ + sharenetwork1 \ + my_sec_service \ + my_sec_service_updated + +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Property | Value | + +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | compatible | None | + | requested_operation | {'operation': 'update_security_service', 'current_security_service': 50303c35-2c53-4d37-a0d9-61dfe3789569, 'new_security_service': '8971c5f6-52ec-4c53-bf6a-3fae38a9221e'} | + +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +#. Check the result of the operation: + + .. code-block:: console + + $ manila share-network-security-service-update-check \ + sharenetwork1 \ + my_sec_service \ + my_sec_service_updated + +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Property | Value | + +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | compatible | True | + | requested_operation | {'operation': 'update_security_service', 'current_security_service': 50303c35-2c53-4d37-a0d9-61dfe3789569, 'new_security_service': '8971c5f6-52ec-4c53-bf6a-3fae38a9221e'} | + +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Now, the request to update a share network security service should be accepted. + +Update share network security services (Since API version 2.63) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Replaces one security service for another of the same type. + + .. code-block:: console + + $ manila share-network-security-service-update \ + sharenetwork1 \ + my_sec_service \ + my_sec_service_updated + $ manila share-network-security-service-list sharenetwork1 + +--------------------------------------+------------------------+--------+------+ + | id | name | status | type | + +--------------------------------------+------------------------+--------+------+ + | 8971c5f6-52ec-4c53-bf6a-3fae38a9221e | my_sec_service_updated | new | ldap | + +--------------------------------------+------------------------+--------+------+ + +.. note:: + The share network entity now contains a field called + ``security_service_update_support`` which holds information whether all + resources built within it can hold such operation. + In order to update security services in share networks that currently + contain shares, an operation to check if the operation can be completed + must be performed. See + :ref:`subsection `. + +.. _share_network_security_service_add_check: + +Add share network security service check (Since API version 2.63) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Check if it is possible to add a security service to a share network: + + .. code-block:: console + + $ manila share-network-security-service-add-check \ + sharenetwork1 \ + my_sec_service + +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | Property | Value | + +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | compatible | None | + | requested_operation | {'operation': 'add_security_service', 'current_security_service': None, 'new_security_service': '50303c35-2c53-4d37-a0d9-61dfe3789569'} | + +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + +#. Check if the result of the operation: + + .. code-block:: console + + $ manila share-network-security-service-add-check \ + sharenetwork1 \ + my_sec_service + +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | Property | Value | + +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | compatible | True | + | requested_operation | {'operation': 'add_security_service', 'current_security_service': None, 'new_security_service': '50303c35-2c53-4d37-a0d9-61dfe3789569'} | + +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+