Merge "Blockbridge EPS Volume Driver Documentation"

doc/config-reference/block-storage/drivers/blockbridge-eps-driver.xml

@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<section xmlns="http://docbook.org/ns/docbook"
+  xmlns:xi="http://www.w3.org/2001/XInclude"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  version="5.0"
+  xml:id="Blockbridge-cinder-driver">
+  <title>Blockbridge EPS</title>
+  <?dbhtml stop-chunking?>
+
+  <section xml:id="bb-introduction">
+    <title>Introduction</title>
+    <para>Blockbridge is software that transforms commodity infrastructure into
+    secure multi-tenant storage that operates as a programmable service. It
+    provides automatic encryption, secure deletion, quality of service,
+    replication, and programmable security capabilities on your choice of
+    hardware. Blockbridge uses micro-segmentation to provide isolation that
+    allows you to concurrently operate OpenStack, Docker, and bare-metal
+    workflows on shared resources. When used with OpenStack, isolated management
+    domains are dynamically created on a per-project basis. All volumes and
+    clones, within and between projects, are automatically cryptographically
+    isolated and implement secure deletion.
+    </para>
+  </section>
+
+  <section xml:id="bb-architecture-reference">
+    <title>Architecture reference</title>
+
+    <figure>
+      <title>Blockbridge architecture</title>
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="figures/blockbridge/bb-cinder-fig1.png"
+                     align="center"
+                     contentwidth="6in"/>
+        </imageobject>
+      </mediaobject>
+    </figure>
+
+    <section xml:id="bb-control-paths">
+      <title>Control paths</title>
+      <para>The Blockbridge driver is packaged with the core distribution of
+      OpenStack. Operationally, it executes in the context of the Block Storage
+      service. The driver communicates with an OpenStack-specific API provided
+      by the Blockbridge EPS platform. Blockbridge optionally communicates with
+      OpenStack Identity, Compute, and Block Storage services.
+      </para>
+    </section>
+
+    <section xml:id="bb-native-openstack-api">
+      <title>Block storage API</title>
+      <para>Blockbridge is API driven software-defined storage. The system
+      implements a native HTTP API that is tailored to the specific needs of
+      OpenStack. Each Block Storage service operation maps to a single back-end
+      API request that provides ACID semantics. The API is specifically designed
+      to reduce, if not eliminate, the possibility of inconsistencies between
+      the Block Storage service and external storage infrastructure in the event
+      of hardware, software or data center failure.
+      </para>
+    </section>
+
+    <section xml:id="bb-extended-management">
+      <title>Extended management</title>
+      <para>OpenStack users may utilize Blockbridge interfaces to manage
+      replication, auditing, statistics, and performance information on a
+      per-project and per-volume basis. In addition, they can manage low-level
+      data security functions including verification of data authenticity and
+      encryption key delegation. Native integration with the Identity Service
+      allows tenants to use a single set of credentials. Integration with Block
+      storage and Compute services provides dynamic metadata mapping when using
+      Blockbridge management APIs and tools.
+      </para>
+    </section>
+
+    <section xml:id="bb-attribute-based-provisioning">
+      <title>Attribute-based provisioning</title>
+      <para>Blockbridge organizes resources using descriptive identifiers called
+      <emphasis>attributes</emphasis>. Attributes are assigned by administrators
+      of the infrastructure. They are used to describe the characteristics of
+      storage in an application-friendly way. Applications construct queries
+      that describe storage provisioning constraints and the Blockbridge storage
+      stack assembles the resources as described.
+      </para>
+      <para>Any given instance of a Blockbridge volume driver specifies a
+      <emphasis>query</emphasis> for resources. For example, a query could
+      specify <code>'+ssd +10.0.0.0 +6nines -production iops.reserve=1000
+      capacity.reserve=30%'</code>. This query is satisfied by selecting SSD
+      resources, accessible on the 10.0.0.0 network, with high resiliency, for
+      non-production workloads, with guaranteed IOPS of 1000 and a storage
+      reservation for 30% of the volume capacity specified at create
+      time. Queries and parameters are completely administrator defined: they
+      reflect the layout, resource, and organizational goals of a specific
+      deployment.
+      </para>
+    </section>
+  </section>
+
+  <section xml:id="bb-supported-operation">
+    <title>Supported operations</title>
+    <itemizedlist>
+      <listitem>
+        <para>Create, delete, clone, attach, and detach volumes</para>
+      </listitem>
+      <listitem>
+        <para>Create and delete volume snapshots</para>
+      </listitem>
+      <listitem>
+        <para>Create a volume from a snapshot</para>
+      </listitem>
+      <listitem>
+        <para>Copy an image to a volume</para>
+      </listitem>
+      <listitem>
+        <para>Copy a volume to an image</para>
+      </listitem>
+      <listitem>
+        <para>Extend a volume</para>
+      </listitem>
+      <listitem>
+        <para>Get volume statistics</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
+  <section xml:id="bb-supported-protocols">
+    <title>Supported protocols</title>
+    <para>Blockbridge provides iSCSI access to storage. A unique iSCSI data
+    fabric is programmatically assembled when a volume is attached to an
+    instance. A fabric is disassembled when a volume is detached from an
+    instance. Each volume is an isolated SCSI device that supports persistent
+    reservations.</para>
+  </section>
+
+  <section xml:id="bb-driver-configuration">
+    <title>Configuration steps</title>
+    <section xml:id="bb-authentication-token">
+      <title>Create an authentication token</title>
+      <para>Whenever possible, avoid using password-based authentication. Even
+      if you have created a role-restricted administrative user via Blockbridge,
+      token-based authentication is preferred. You can generate persistent
+      authentication tokens using the Blockbridge command-line tool as follows:
+      </para>
+      <screen><prompt>$</prompt> <userinput>bb -H bb-mn authorization create --notes "OpenStack" --restrict none</userinput><computeroutput>
+Authenticating to https://bb-mn/api
+
+Enter user or access token: system
+Password for system:
+Authenticated; token expires in 3599 seconds.
+
+== Authorization: ATH4762894C40626410
+notes                 OpenStack
+serial                ATH4762894C40626410
+account               system (ACT0762594C40626440)
+user                  system (USR1B62094C40626440)
+enabled               yes
+created at            2015-10-24 22:08:48 +0000
+access type           online
+token suffix          xaKUy3gw
+restrict              none
+
+== Access Token
+access token          1/elvMWilMvcLAajl...3ms3U1u2KzfaMw6W8xaKUy3gw
+
+*** Remember to record your access token!</computeroutput></screen>
+    </section>
+
+    <section xml:id="bb-driver-volume-type">
+      <title>Create volume type</title>
+      <para>Before configuring and enabling the Blockbridge volume driver,
+      register an OpenStack volume type and associate it with a
+      <code>volume_backend_name</code>. In this example, a volume type,
+      'Production', is associated with the <code>volume_backend_name</code>
+      'blockbridge_prod': <screen><prompt>$</prompt> <userinput>cinder type-create Production
+</userinput><prompt>$</prompt> <userinput>cinder type-key Production volume_backend_name=blockbridge_prod</userinput></screen>
+      </para>
+    </section>
+
+    <section xml:id="bb-driver-selection">
+      <title>Specify volume driver</title>
+      <para>Configure the Blockbridge volume driver in
+      <filename>/etc/cinder/cinder.conf</filename>. Your
+      <code>volume_backend_name</code> must match the value specified in the
+      <command>cinder type-key</command> command in the previous step.
+      <programlisting language="ini">volume_driver = cinder.volume.drivers.blockbridge.BlockbridgeISCSIDriver
+volume_backend_name = blockbridge_prod</programlisting>
+      </para>
+    </section>
+
+    <section xml:id="bb-driver-authentication">
+      <title>Specify API endpoint and authentication</title>
+      <para>Configure the API endpoint and authentication. The following
+      example uses an authentication token. You must create your own as
+      described <link linkend="bb-authentication-token">above</link>.
+      <programlisting language="ini">blockbridge_api_host = [ip or dns of management cluster]
+blockbridge_auth_token = 1/elvMWilMvcLAajl...3ms3U1u2KzfaMw6W8xaKUy3gw</programlisting>
+      </para>
+    </section>
+
+    <section xml:id="bb-driver-query">
+      <title>Specify resource query</title>
+      <para>By default, a single pool is configured (implied) with a default
+      resource query of <code>'+openstack'</code>. Within Blockbridge,
+      datastore resources that advertise the 'openstack' attribute will be
+      selected to fulfill OpenStack provisioning requests. If you prefer a more
+      specific query, define a custom pool configuration.
+      <programlisting language="ini">blockbridge_pools = Production: +production +qos iops.reserve=5000</programlisting>
+      </para>
+      <para>Pools support storage systems that offer multiple classes of
+      service. You may wish to configure multiple pools to implement more
+      sophisticated scheduling capabilities.
+      </para>
+    </section>
+  </section>
+
+  <section xml:id="bb-configuration-options">
+    <title>Configuration options</title>
+    <xi:include href="../../../common/tables/cinder-blockbridge.xml"/>
+  </section>
+
+  <section xml:id="bb-configuration-example">
+    <title>Configuration example</title>
+    <subtitle>cinder.conf example file</subtitle>
+    <programlisting language="ini">[Default]
+enabled_backends = bb_devel bb_prod
+
+[bb_prod]
+volume_driver = cinder.volume.drivers.blockbridge.BlockbridgeISCSIDriver
+volume_backend_name = blockbridge_prod
+blockbridge_api_host = [ip or dns of management cluster]
+blockbridge_auth_token = 1/elvMWilMvcLAajl...3ms3U1u2KzfaMw6W8xaKUy3gw
+blockbridge_pools = Production: +production +qos iops.reserve=5000
+
+[bb_devel]
+volume_driver = cinder.volume.drivers.blockbridge.BlockbridgeISCSIDriver
+volume_backend_name = blockbridge_devel
+blockbridge_api_host = [ip or dns of management cluster]
+blockbridge_auth_token = 1/elvMWilMvcLAajl...3ms3U1u2KzfaMw6W8xaKUy3gw
+blockbridge_pools = Development: +development</programlisting>
+  </section>
+
+  <section xml:id="bb-multiple-volumes-types">
+    <title>Multiple volume types</title>
+    <para>Volume <emphasis>types</emphasis> are exposed to tenants,
+    <emphasis>pools</emphasis> are not. To offer multiple classes of storage to
+    OpenStack tenants, you should define multiple volume types. Simply repeat
+    the process above for each desired type. Be sure to specify a unique
+    <code>volume_backend_name</code> and pool configuration for each type. The
+    <link linkend="bb-configuration-example">
+    <filename>cinder.conf</filename></link> example included with this
+    documentation illustrates configuration of multiple types.
+    </para>
+  </section>
+
+  <section xml:id="bb-simulator">
+    <title>Testing resources</title>
+    <para>Blockbridge is freely available for testing purposes and deploys in
+    seconds as a Docker container. This is the same container used to run
+    continuous integration for OpenStack. For more information visit <link
+    xlink:href="http://www.blockbridge.io">www.blockbridge.io</link>.
+    </para>
+  </section>
+
+</section>

doc/config-reference/block-storage/section_misc.xml

@@ -16,7 +16,6 @@
     <xi:include href="../../common/tables/cinder-auth.xml"/>
     <xi:include href="../../common/tables/cinder-auth_token.xml"/>
     <xi:include href="../../common/tables/cinder-backups.xml"/>
-    <xi:include href="../../common/tables/cinder-blockbridge.xml"/>
     <xi:include href="../../common/tables/cinder-block-device.xml"/>
     <xi:include href="../../common/tables/cinder-ca.xml"/>
     <xi:include href="../../common/tables/cinder-cloudbyte.xml"/>

doc/config-reference/block-storage/section_volume-drivers.xml

@@ -15,6 +15,7 @@
         The default is:</para>
     <programlisting>volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver</programlisting>
     <!-- Keep this list alphabetically sorted. -->
+    <xi:include href="drivers/blockbridge-eps-driver.xml"/>
     <xi:include href="drivers/ceph-rbd-volume-driver.xml"/>
     <xi:include href="drivers/dell-equallogic-driver.xml"/>
     <xi:include href="drivers/dell-storagecenter-driver.xml"/>