The first half of the Key concept 'Security Services' display format is incorrect because a space is missing. This commit Adds one space. Change-Id: Idfdf9380031cba39bc27da799167ade81ae0dc8e
4.8 KiB
Key concepts
Share
In the Shared File Systems service share
is the
fundamental resource unit allocated by the Shared File System service.
It represents an allocation of a persistent, readable, and writable
filesystems. Compute instances access these filesystems. Depending on
the deployment configuration, clients outside of OpenStack can also
access the filesystem.
Note
A share
is an abstract storage object that may or may
not directly map to a "share" concept from the underlying storage
provider. See the description of share instance
for more
details.
Share instance
This concept is tied with share
and represents created
resource on specific back end, when share
represents
abstraction between end user and back-end storages. In common cases, it
is one-to-one relation. One single share
has more than one
share instance
in two cases:
- When
share migration
is being applied - When
share replication
is enabled
Therefore, each share instance
stores information
specific to real allocated resource on storage. And share
represents the information that is common for
share instances
. A user with member
role will
not be able to work with it directly. Only a user with
admin
role has rights to perform actions against specific
share instances.
Snapshot
A snapshot
is a point-in-time, read-only copy of a
share
. You can create Snapshots
from an
existing, operational share
regardless of whether a client
has mounted the file system. A snapshot
can serve as the
content source for a new share
. Specify the Create
from snapshot option when creating a new share
on
the dashboard.
Storage Pools
With the Kilo release of OpenStack, Shared File Systems can use
storage pools
. The storage may present one or more logical
storage resource pools that the Shared File Systems service will select
as a storage location when provisioning shares
.
Share Type
Share type
is an abstract collection of criteria used to
characterize shares
. They are most commonly used to create
a hierarchy of functional capabilities. This hierarchy represents tiered
storage services levels. For example, an administrator might define a
premium share type
that indicates a greater level of
performance than a basic share type
. Premium represents the
best performance level.
Share Access Rules
Share access rules
define which users can access a
particular share
. For example, administrators can declare
rules for NFS shares by listing the valid IP networks which will access
the share
. List the IP networks in CIDR notation.
Security Services
Security services
allow granular client access rules for
administrators. They can declare rules for authentication or
authorization to access share
content. External services
including LDAP, Active Directory, and Kerberos can be declared as
resources. Examine and consult these resources when making an access
decision for a particular share
. You can associate
Shares
with multiple security services, but only one
service per one type.
Share Networks
A share network
is an object that defines a relationship
between a project network and subnet, as defined in an OpenStack
Networking service or Compute service. The share network
is
also defined in shares
created by the same project. A
project may find it desirable to provision shares
such that
only instances connected to a particular OpenStack-defined network have
access to the share
. Also, security services
can be attached to share networks
, because most of auth
protocols require some interaction with network services.
The Shared File Systems service has the ability to work outside of
OpenStack. That is due to the StandaloneNetworkPlugin
. The
plugin is compatible with any network platform, and does not require
specific network services in OpenStack like Compute or Networking
service. You can set the network parameters in the
manila.conf
file.
Share Servers
A share server
is a logical entity that hosts the shares
created on a specific share network
. A
share server
may be a configuration object within the
storage controller, or it may represent logical resources provisioned
within an OpenStack deployment used to support the data path used to
access shares
.
Share servers
interact with network services to
determine the appropriate IP addresses on which to export
shares
according to the related share network
.
The Shared File Systems service has a pluggable network model that
allows share servers
to work with different implementations
of the Networking service.