manila/doc/source/admin/shared-file-systems-share-networks.rst
silvacarloss 0b7dfd92f9 Update admin, user and contributor guide
Adds documentation for the security service update feature
introduced during Wallaby release.
Admin, user and contributor guides were updated to fit into the
most recents changes.

Change-Id: If0426d477302e5ef2a6516e804ad981e831c7c5d
2021-04-08 12:05:11 -03:00

21 KiB

Share networks

Share networks are essential to allow end users a path to hard multi-tenancy. When backed by isolated networks, the Shared File Systems service can guarantee hard network path isolation for the users' shares. Users can be allowed to designate their project networks as share networks. When a share network is provided during share creation, the share driver sets up a virtual share server (NAS server) on the share network and exports shares using this NAS server. The share server itself is abstracted away from the user. You must ensure that the storage system can connect the share servers it provisions to the networks users can use as their share networks.

Note

Not all shared file systems storage backends support share networks. Share networks can only be used when using a share type that has the specification driver_handles_share_servers=True. To see what storage back ends support this specification, refer to the share_back_ends_feature_support_mapping.

How to create share network

To list networks in a project, run:

$ openstack network list
+--------------+---------+--------------------+
| ID           | Name    | Subnets            |
+--------------+---------+--------------------+
| bee7411d-... | public  | 884a6564-0f11-...  |
|              |         | e6da81fa-5d5f-...  |
| 5ed5a854-... | private | 74dcfb5a-b4d7-...  |
|              |         | cc297be2-5213-...  |
+--------------+---------+--------------------+

A share network stores network information that share servers can use where shares are hosted. You can associate a share with a single share network. You must always specify a share network when creating a share with a share type that requests hard multi-tenancy, i.e., has extra-spec 'driver_handles_share_servers=True'.

For more information about supported plug-ins for share networks, see shared_file_systems_network_plugins.

A share network has these attributes:

  • The IP block in Classless Inter-Domain Routing (CIDR) notation from which to allocate the network.
  • The IP version of the network.
  • The network type, which is vlan, vxlan, gre, or flat.

If the network uses segmentation, a segmentation identifier. For example, VLAN, VXLAN, and GRE networks use segmentation.

To create a share network with private network and subnetwork, run:

$ manila share-network-create --neutron-net-id 5ed5a854-21dc-4ed3-870a-117b7064eb21 \
--neutron-subnet-id 74dcfb5a-b4d7-4855-86f5-a669729428dc --name my_share_net \
--description "My first share network" --availability-zone manila-zone-0
+-------------------+--------------------------------------+
| Property          | Value                                |
+-------------------+--------------------------------------+
| name              | my_share_net                         |
| segmentation_id   | None                                 |
| created_at        | 2015-09-24T12:06:32.602174           |
| neutron_subnet_id | 74dcfb5a-b4d7-4855-86f5-a669729428dc |
| updated_at        | None                                 |
| network_type      | None                                 |
| neutron_net_id    | 5ed5a854-21dc-4ed3-870a-117b7064eb21 |
| ip_version        | None                                 |
| cidr              | None                                 |
| project_id        | 20787a7ba11946adad976463b57d8a2f     |
| id                | 5c3cbabb-f4da-465f-bc7f-fadbe047b85a |
| description       | My first share network               |
+-------------------+--------------------------------------+

The segmentation_id, cidr, ip_version, and network_type share network attributes are automatically set to the values determined by the network provider.

Note

You are able to specify the parameter availability_zone only with API versions >= 2.51. From the version 2.51, a share network is able to span multiple subnets in different availability zones. The network parameters neutron_net_id, neutron_subnet_id, segmentation_id, cidr, ip_version, network_type, gateway and mtu were moved to the share network subnet and no longer pertain to the share network. If you do not specify an availability zone during the share network creation, the created subnet will be considered default by the Shared File Systems Service. A default subnet is expected to be reachable from all availability zones in the cloud.

Note

Since API version 2.63, the share network will have two additional fields: status and security_service_update_support. The former indicates the current status of a share network, and the latter informs if all the share network's resources can hold updating or adding security services after they are already deployed.

To check the network list, run:

$ manila share-network-list
+--------------------------------------+--------------+
| id                                   | name         |
+--------------------------------------+--------------+
| 5c3cbabb-f4da-465f-bc7f-fadbe047b85a | my_share_net |
+--------------------------------------+--------------+

If you configured the generic driver with driver_handles_share_servers = True (with the share servers) and already had previous operations in the Shared File Systems service, you can see manila_service_network in the neutron list of networks. This network was created by the generic driver for internal use.

$ openstack network list
+--------------+------------------------+--------------------+
| ID           | Name                   | Subnets            |
+--------------+------------------------+--------------------+
| 3b5a629a-e...| manila_service_network | 4f366100-50...     |
| bee7411d-... | public                 | 884a6564-0f11-...  |
|              |                        | e6da81fa-5d5f-...  |
| 5ed5a854-... | private                | 74dcfb5a-b4d7-...  |
|              |                        | cc297be2-5213-...  |
+--------------+------------------------+--------------------+

You also can see detailed information about the share network including network_type, and segmentation_id fields:

$ openstack network show manila_service_network
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2016-12-13T09:31:30Z                 |
| description               |                                      |
| id                        | 3b5a629a-e7a1-46a3-afb2-ab666fb884bc |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| mtu                       | 1450                                 |
| name                      | manila_service_network               |
| port_security_enabled     | True                                 |
| project_id                | f6ac448a469b45e888050cf837b6e628     |
| provider:network_type     | vxlan                                |
| provider:physical_network | None                                 |
| provider:segmentation_id  | 73                                   |
| revision_number           | 7                                    |
| router:external           | Internal                             |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | 682e3329-60b0-440f-8749-83ef53dd8544 |
| tags                      | []                                   |
| updated_at                | 2016-12-13T09:31:36Z                 |
+---------------------------+--------------------------------------+

You also can add and remove the security services from the share network. For more detail, see shared_file_systems_security_services.

How to reset the state of a share network (Since API version 2.63)

To reset the state of a given share network, run:

$ manila share-network-reset-state manila_service_network --state active

Share network subnets (Since API version 2.51)

Share network subnet is an entity that stores network data from the OpenStack Networking service. A share network can span multiple share network subnets in different availability zones.

How to create share network subnet

When you create a share network, a primary share network subnet is automatically created. The share network subnet stores network information that share servers can use where shares are hosted. If a share network subnet is not assigned to a specific availability zone, it is considered to be available across all availability zones. Such a subnet is referred to as default subnet. A share network can have only one default subnet. However, having a default subnet is not necessary. A share can be associated with only one share network. To list share networks in a project, run:

$ manila share-network-list
+--------------------------------------+-----------------------+
| id                                   | name                  |
+--------------------------------------+-----------------------+
| 483a9787-5116-48b2-bd89-473022fad060 | sharenetwork1         |
| bcb9c650-a501-410d-a418-97f28b8ab61a | sharenetwork2         |
+--------------------------------------+-----------------------+

You can attach any number of share network subnets into a share network. However, only one share network subnet is allowed per availability zone in a given share network. If you try to create another subnet in a share network that already contains a subnet in a specific availability zone, the operation will be denied.

To create a share network subnet in a specific share network, run:

$ manila share-network-subnet-create sharenetwork1 \
     --availability-zone manila-zone-0 \
     --neutron-net-id 5ed5a854-21dc-4ed3-870a-117b7064eb21 \
     --neutron-subnet-id 74dcfb5a-b4d7-4855-86f5-a669729428dc
+--------------------+--------------------------------------+
| Property           | Value                                |
+--------------------+--------------------------------------+
| id                 | 20f3cd2c-0faa-4b4b-a00a-4f188eb1cf38 |
| availability_zone  | manila-zone-0                        |
| share_network_id   | 483a9787-5116-48b2-bd89-473022fad060 |
| share_network_name | sharenetwork1                        |
| created_at         | 2019-12-03T00:37:30.000000           |
| segmentation_id    | None                                 |
| neutron_subnet_id  | 74dcfb5a-b4d7-4855-86f5-a669729428dc |
| updated_at         | None                                 |
| neutron_net_id     | 5ed5a854-21dc-4ed3-870a-117b7064eb21 |
| ip_version         | None                                 |
| cidr               | None                                 |
| network_type       | None                                 |
| mtu                | None                                 |
| gateway            | None                                 |
+--------------------+--------------------------------------+

To list all the share network subnets of a given share network, you need to show the share network, and then all subnets will be displayed, as shown below:

$ manila share-network-show sharenetwork1
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Property              | Value                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id                    | 483a9787-5116-48b2-bd89-473022fad060                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| name                  | sharenetwork1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| project_id            | 58ff89e14f9245d7843b8cf290525b5b                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| created_at            | 2019-12-03T00:16:39.000000                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| updated_at            | 2019-12-03T00:31:58.000000                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| description           | None                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| share_network_subnets | [{'id': '20f3cd2c-0faa-4b4b-a00a-4f188eb1cf38', 'availability_zone': 'manila-zone-0', 'created_at': '2019-12-03T00:37:30.000000', 'updated_at': None, 'segmentation_id': None, 'neutron_net_id': '5ed5a854-21dc-4ed3-870a-117b7064eb21', 'neutron_subnet_id': '74dcfb5a-b4d7-4855-86f5-a669729428dc', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}, {'id': '8b532c15-3ac7-4ea1-b1bc-732614a82313', 'availability_zone': None, 'created_at': '2019-12-03T00:16:39.000000', 'updated_at': None, 'segmentation_id': None, 'neutron_net_id': None, 'neutron_subnet_id': None, 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

To show a specific share network subnet, run:

$ manila share-network-subnet-show sharenetwork1 20f3cd2c-0faa-4b4b-a00a-4f188eb1cf38
+--------------------+--------------------------------------+
| Property           | Value                                |
+--------------------+--------------------------------------+
| id                 | 20f3cd2c-0faa-4b4b-a00a-4f188eb1cf38 |
| availability_zone  | manila-zone-0                        |
| share_network_id   | 483a9787-5116-48b2-bd89-473022fad060 |
| share_network_name | sharenetwork1                        |
| created_at         | 2019-12-03T00:37:30.000000           |
| segmentation_id    | None                                 |
| neutron_subnet_id  | 74dcfb5a-b4d7-4855-86f5-a669729428dc |
| updated_at         | None                                 |
| neutron_net_id     | 5ed5a854-21dc-4ed3-870a-117b7064eb21 |
| ip_version         | None                                 |
| cidr               | None                                 |
| network_type       | None                                 |
| mtu                | None                                 |
| gateway            | None                                 |
+--------------------+--------------------------------------+

To delete a share network subnet, run:

$ manila share-network-subnet-delete sharenetwork1 20f3cd2c-0faa-4b4b-a00a-4f188eb1cf38

If you want to remove a share network subnet, make sure that no other resource is using the subnet, otherwise the Shared File Systems Service will deny the operation.