openstack/manila
Code Issues Proposed changes
fdb1253c51
manila/devstack/settings
Goutham Pacha Ravi e7b4507de4 [devstack][ci] Modify firewall in ds-plugin 
To set up some first party backends such as
ZFSOnLinux, CephFS via NFS gateway, Container
(where the NAS server is containerized) and LVM,
manila's devstack plugin creates a NAS server
on the devstack host.

On test machines, access to this NAS server is
firewalled from networks outside of the host's
internal network namespace (including from private
project networks that are in different network
namespaces, on the same devstack host).

We currently use a legacy devstack-gate script
to disable firewall on NFS ports; however,
anyone that installs devstack with LVM, Container,
ZFSOnLinux, CephFS-NFS drivers will need these
firewall ports to be opened to be able to mount
shares exported off their devstack host machines.

Move these firewall commands to the devstack plugin.
These commands can be invoked by setting the localrc
variable MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST to True.
The value of this variable is False by default,
to preserve existing behavior.

Change-Id: Ic9cad47662f1edf2e5c710dbe64d580bc5f01d44
(cherry picked from commit 36b1715e86)
(cherry picked from commit 94486eb4c0)
2020-05-07 22:15:45 +00:00

235 lines
12 KiB
Plaintext
Raw Blame History

# Setting configuration file for manila services
# ----------------------------------------------
# 1) It is possible to set any custom opt to any config group using following:
# $ export MANILA_OPTGROUP_foo_bar=value
# where 'foo' is name of config group and 'bar' is name of option.
#
# 2) 'MANILA_CONFIGURE_GROUPS' contains list of config group names used to create
# config groups, but 'MANILA_ENABLED_BACKENDS' is used to set config groups as
# Manila share back ends. Both can be set like following:
# $ export MANILA_ENABLED_BACKENDS=foo,bar
# where 'foo' and 'bar' are names of config groups with opts for some share
# drivers. By default they are equal. Also be attentive, if you modify both,
# make sure 'MANILA_CONFIGURE_GROUPS' contains all values from
# 'MANILA_ENABLED_BACKENDS'.
# DEFAULT group is always defined, no need to specify it within 'MANILA_CONFIGURE_GROUPS'.
#
# 3) Two default backends are used for compatibility with previous approach.
# They have same configuration except name of backend. Both use generic driver.
# They can be enabled by adding values of following env vars:
# 'MANILA_BACKEND1_CONFIG_GROUP_NAME' and 'MANILA_BACKEND2_CONFIG_GROUP_NAME'
# to the env var 'MANILA_ENABLED_BACKENDS' or will be enabled
# if 'MANILA_ENABLED_BACKENDS' is empty.
#
# 4) 'CINDER_OVERSUBSCRIPTION_RATIO' - manila devstack-plugin env var that is
# useful for all share drivers that use Cinder. If it is set, then it will be
# applied for two Cinder options: 'max_over_subscription_ratio' and
# 'lvm_max_over_subscription_ratio'. Should be float. Example:
# CINDER_OVERSUBSCRIPTION_RATIO=20.0
# Defaults
# --------
MANILA_GIT_BASE=${MANILA_GIT_BASE:-https://git.openstack.org}
MANILA_REPO_ROOT=${MANILA_REPO_ROOT:-openstack}
MANILACLIENT_REPO=${MANILA_GIT_BASE}/${MANILA_REPO_ROOT}/python-manilaclient.git
MANILACLIENT_BRANCH=${MANILACLIENT_BRANCH:-master}
# Set up default directories
MANILA_DIR=${MANILA_DIR:=$DEST/manila}
MANILA_LOCK_PATH=${MANILA_LOCK_PATH:=$OSLO_LOCK_PATH}
MANILA_LOCK_PATH=${MANILA_LOCK_PATH:=$MANILA_DIR/manila_locks}
MANILACLIENT_DIR=${MANILACLIENT_DIR:=$DEST/python-manilaclient}
MANILA_STATE_PATH=${MANILA_STATE_PATH:=$DATA_DIR/manila}
MANILA_CONF_DIR=${MANILA_CONF_DIR:-/etc/manila}
MANILA_CONF=$MANILA_CONF_DIR/manila.conf
MANILA_API_PASTE_INI=$MANILA_CONF_DIR/api-paste.ini
# Set this to False to leave "default_share_type" and
# "default_share_group_type" configuration options empty.
MANILA_CONFIGURE_DEFAULT_TYPES=${MANILA_CONFIGURE_DEFAULT_TYPES:-True}
MANILA_DEFAULT_SHARE_TYPE=${MANILA_DEFAULT_SHARE_TYPE:-default}
# MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS is expected to contain extra specs key-value pairs,
# that should be assigned to default share type. Both - qualified and unqualified extra specs are supported.
# Pairs are separated by spaces, value is assigned to key using sign of equality. Examples:
# MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='foo=bar'
# MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='foo=bar quuz=xyzzy'
# MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='foo=bar quuz=xyzzy fakeprefix:baz=waldo'
MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS=${MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS:-''}
MANILA_DHSS_TRUE_SHARE_TYPE_EXTRA_SPECS=${MANILA_DHSS_TRUE_SHARE_TYPE_EXTRA_SPECS:-$MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS}
MANILA_DHSS_FALSE_SHARE_TYPE_EXTRA_SPECS=${MANILA_DHSS_FALSE_SHARE_TYPE_EXTRA_SPECS:-$MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS}
# Share groups and their specs
MANILA_DEFAULT_SHARE_GROUP_TYPE=${MANILA_DEFAULT_SHARE_GROUP_TYPE:-default}
# MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS is expected to contain key-value pairs,
# that should be assigned to default share group type. Both - qualified and unqualified specs are supported.
# Pairs are separated by spaces, value is assigned to key using sign of equality. Examples:
# MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS='foo=bar'
# MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS='foo=bar quuz=xyzzy'
# MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS='foo=bar quuz=xyzzy fakeprefix:baz=waldo'
MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS=${MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS:-''}
# Public facing bits
MANILA_SERVICE_HOST=${MANILA_SERVICE_HOST:-$SERVICE_HOST}
MANILA_SERVICE_PORT=${MANILA_SERVICE_PORT:-8786}
MANILA_SERVICE_PORT_INT=${MANILA_SERVICE_PORT_INT:-18786}
MANILA_SERVICE_PROTOCOL=${MANILA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
MANILA_ENDPOINT_BASE=$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT
# Support entry points installation of console scripts
if [[ -d $MANILA_DIR/bin ]]; then
MANILA_BIN_DIR=$MANILA_DIR/bin
else
MANILA_BIN_DIR=$(get_python_exec_prefix)
fi
# Common opts
SHARE_NAME_PREFIX=${SHARE_NAME_PREFIX:-share-}
MANILA_ENABLED_SHARE_PROTOCOLS=${ENABLED_SHARE_PROTOCOLS:-"NFS,CIFS"}
MANILA_SCHEDULER_DRIVER=${MANILA_SCHEDULER_DRIVER:-manila.scheduler.filter_scheduler.FilterScheduler}
MANILA_SERVICE_SECGROUP="manila-service"
# Following env var defines whether to apply downgrade migrations setting up DB or not.
# If it is set to False, then only 'upgrade' migrations will be applied.
# If it is set to True, then will be applied 'upgrade', 'downgrade' and 'upgrade'
# migrations again.
MANILA_USE_DOWNGRADE_MIGRATIONS=${MANILA_USE_DOWNGRADE_MIGRATIONS:-"False"}
# Toggle for deploying manila-api service under Apache web server with enabled
# 'mod_wsgi' plugin.
MANILA_USE_MOD_WSGI=${MANILA_USE_MOD_WSGI:-False}
# Toggle for deploying manila-api service with uWSGI
# Set it as True, because starting with Pike it is requirement from
# 'governance' project. See:
# https://governance.openstack.org/tc/goals/pike/deploy-api-in-wsgi.html#completion-criteria
MANILA_USE_UWSGI=${MANILA_USE_UWSGI:-True}
MANILA_WSGI=$MANILA_BIN_DIR/manila-wsgi
MANILA_UWSGI_CONF=$MANILA_CONF_DIR/manila-uwsgi.ini
if [ $(trueorfalse False MANILA_USE_UWSGI) == True ]; then
MANILA_ENDPOINT_BASE=$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST/share
fi
# Common info for Generic driver(s)
SHARE_DRIVER=${SHARE_DRIVER:-manila.share.drivers.generic.GenericShareDriver}
eval USER_HOME=~
MANILA_PATH_TO_PUBLIC_KEY=${MANILA_PATH_TO_PUBLIC_KEY:-"$USER_HOME/.ssh/id_rsa.pub"}
MANILA_PATH_TO_PRIVATE_KEY=${MANILA_PATH_TO_PRIVATE_KEY:-"$USER_HOME/.ssh/id_rsa"}
MANILA_SERVICE_KEYPAIR_NAME=${MANILA_SERVICE_KEYPAIR_NAME:-"manila-service"}
MANILA_SERVICE_INSTANCE_USER=${MANILA_SERVICE_INSTANCE_USER:-"manila"}
MANILA_SERVICE_IMAGE_URL=${MANILA_SERVICE_IMAGE_URL:-"http://tarballs.openstack.org/manila-image-elements/images/manila-service-image-master.qcow2"}
MANILA_SERVICE_IMAGE_NAME=${MANILA_SERVICE_IMAGE_NAME:-"manila-service-image-master"}
# Third party CI Vendors should set this to false to skip the service image download
MANILA_SERVICE_IMAGE_ENABLED=$(trueorfalse True MANILA_SERVICE_IMAGE_ENABLED)
MANILA_USE_SERVICE_INSTANCE_PASSWORD=${MANILA_USE_SERVICE_INSTANCE_PASSWORD:-"False"}
MANILA_SERVICE_INSTANCE_PASSWORD=${MANILA_SERVICE_INSTANCE_PASSWORD:-"manila"}
MANILA_SERVICE_VM_FLAVOR_REF=${MANILA_SERVICE_VM_FLAVOR_REF:-100}
MANILA_SERVICE_VM_FLAVOR_NAME=${MANILA_SERVICE_VM_FLAVOR_NAME:-"manila-service-flavor"}
MANILA_SERVICE_VM_FLAVOR_RAM=${MANILA_SERVICE_VM_FLAVOR_RAM:-320}
MANILA_SERVICE_VM_FLAVOR_DISK=${MANILA_SERVICE_VM_FLAVOR_DISK:-3}
MANILA_SERVICE_VM_FLAVOR_VCPUS=${MANILA_SERVICE_VM_FLAVOR_VCPUS:-1}
# Support for multi backend configuration (default is no support)
MANILA_MULTI_BACKEND=$(trueorfalse False MANILA_MULTI_BACKEND)
DEPRECATED_TEXT="$DEPRECATED_TEXT\n'MANILA_MULTI_BACKEND' is deprecated,
it makes influence only when is set to True and 'MANILA_ENABLED_BACKENDS' is not set.
Use 'MANILA_ENABLED_BACKENDS' instead if you want to use custom setting.
Set there a list of back end names to be enabled.\n
To configure custom back ends use (any opt in any group can be set in this way) following:
MANILA_OPTGROUP_foo_bar=value
where 'foo' is name of config group and 'bar' is name of option.\n"
# First share backend data, that will be used in any installation
MANILA_BACKEND1_CONFIG_GROUP_NAME=${MANILA_BACKEND1_CONFIG_GROUP_NAME:-generic1} # deprecated
MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-GENERIC1} # deprecated
# Second share backend data, that will be used only with MANILA_MULTI_BACKEND=True
MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-generic2} # deprecated
MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-GENERIC2} # deprecated
# Enable this option when using a storage backend that is on the same host
# as the devstack host, these iptable rules are necessary to allow mounting
# shares from the host
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:-False}
# Options for configuration of LVM share driver
SHARE_BACKING_FILE_SIZE=${SHARE_BACKING_FILE_SIZE:-8400M}
SHARE_GROUP=${SHARE_GROUP:-lvm-shares}
MANILA_MNT_DIR=${MANILA_MNT_DIR:=$MANILA_STATE_PATH/mnt}
SMB_CONF=${SMB_CONF:-/etc/samba/smb.conf}
SMB_PRIVATE_DIR=${SMB_PRIVATE_DIR:-/var/lib/samba/private}
CONFIGURE_BACKING_FILE=${CONFIGURE_BACKING_FILE:-"True"}
MANILA_LVM_SHARE_EXPORT_IPS=${MANILA_LVM_SHARE_EXPORT_IPS:-$HOST_IP}
# Options for replication
MANILA_REPLICA_STATE_UPDATE_INTERVAL=${MANILA_REPLICA_STATE_UPDATE_INTERVAL:-300}
# Options for configuration of ZFSonLinux driver
# 'MANILA_ZFSONLINUX_ZPOOL_SIZE' defines size of each zpool. That value
# will be used for creation of sparse files.
MANILA_ZFSONLINUX_ZPOOL_SIZE=${MANILA_ZFSONLINUX_ZPOOL_SIZE:-"30G"}
MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR=${MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR:-"/opt/stack/data/manila/zfsonlinux"}
MANILA_ZFSONLINUX_SHARE_EXPORT_IP=${MANILA_ZFSONLINUX_SHARE_EXPORT_IP:-$HOST_IP}
MANILA_ZFSONLINUX_SERVICE_IP=${MANILA_ZFSONLINUX_SERVICE_IP:-$HOST_IP}
MANILA_ZFSONLINUX_DATASET_CREATION_OPTIONS=${MANILA_ZFSONLINUX_DATASET_CREATION_OPTIONS:-"compression=gzip"}
MANILA_ZFSONLINUX_USE_SSH=${MANILA_ZFSONLINUX_USE_SSH:-"False"}
MANILA_ZFSONLINUX_SSH_USERNAME=${MANILA_ZFSONLINUX_SSH_USERNAME:-$STACK_USER}
# If MANILA_ZFSONLINUX_REPLICATION_DOMAIN is set to empty value then
# Manila will consider replication feature as disabled for ZFSonLinux share driver.
MANILA_ZFSONLINUX_REPLICATION_DOMAIN=${MANILA_ZFSONLINUX_REPLICATION_DOMAIN:-"ZFSonLinux"}
# Container Driver
MANILA_CONTAINER_DRIVER=${MANILA_CONTAINER_DRIVER:-"manila.share.drivers.container.driver.ContainerShareDriver"}
MANILA_DOCKER_IMAGE_ALIAS=${MANILA_DOCKER_IMAGE_ALIAS:-"manila_docker_image"}
MANILA_CONTAINER_VOLUME_GROUP_NAME=${MANILA_CONTAINER_VOLUME_GROUP_NAME:-"manila_docker_volumes"}
# (aovchinnikov): This location is temporary and will be changed to a
# permanent one as soon as possible.
MANILA_DOCKER_IMAGE_URL=${MANILA_DOCKER_IMAGE_URL:-"https://github.com/a-ovchinnikov/manila-image-elements-lxd-images/releases/download/0.1.0/manila-docker-container.tar.gz"}
# Network Plugin
MANILA_NETWORK_API_CLASS=${MANILA_NETWORK_API_CLASS:-"manila.network.neutron.neutron_network_plugin.NeutronBindNetworkPlugin"}
MANILA_NEUTRON_VNIC_TYPE=${MANILA_NEUTRON_VNIC_TYPE:-"normal"}
# SSH TIMEOUT
MANILA_SSH_TIMEOUT=${MANILA_SSH_TIMEOUT:-180}
# Admin Network setup
MANILA_ADMIN_NET_RANGE=${MANILA_ADMIN_NET_RANGE:=10.2.5.0/24}
# Data Service IP configuration
MANILA_DATA_NODE_IP=${MANILA_DATA_NODE_IP:=$MANILA_ADMIN_NET_RANGE}
# Data Service copy validation
MANILA_DATA_COPY_CHECK_HASH=${MANILA_DATA_COPY_CHECK_HASH:=True}
# Manila IPv6 Setup flag
MANILA_SETUP_IPV6=${MANILA_SETUP_IPV6:=False}
MANILA_RESTORE_IPV6_DEFAULT_ROUTE=${MANILA_RESTORE_IPV6_DEFAULT_ROUTE:=True}
# Install manila-tempest-plugin system-wide
# This operation has been deprecated. manila-tempest-plugin has a devstack
# plugin that must be preferred over this approach.
MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=${MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE:=True}
# Enable manila services
# ----------------------
# We have to add Manila to enabled services for screen_it to work
# It consists of 4 parts: m-api (API), m-shr (Share), m-sch (Scheduler)
# and m-dat (Data).
enable_service manila
enable_service m-api
enable_service m-shr
enable_service m-sch
enable_service m-dat
View Git Blame Copy Permalink