From 69b4ed490f2f39cfb49275612219679d278fcbdd Mon Sep 17 00:00:00 2001 From: Ramana Raja Date: Mon, 3 Oct 2016 16:44:55 +0530 Subject: [PATCH] [config-ref] manila's cephfs_native driver doc enhancements Add info about features introduced in cephfs_native driver during Newton release of manila. Change-Id: Ia0a5fca7b197dcca7c98689fd2874bcb6de2a30d --- .../drivers/cephfs-native-driver.rst | 51 +++++-------------- 1 file changed, 14 insertions(+), 37 deletions(-) diff --git a/doc/config-reference/source/shared-file-systems/drivers/cephfs-native-driver.rst b/doc/config-reference/source/shared-file-systems/drivers/cephfs-native-driver.rst index 764c8256a8..b335495df8 100644 --- a/doc/config-reference/source/shared-file-systems/drivers/cephfs-native-driver.rst +++ b/doc/config-reference/source/shared-file-systems/drivers/cephfs-native-driver.rst @@ -31,12 +31,15 @@ The following operations are supported with CephFS back end: - Allow share access. - Note the following limitations for CephFS shares: + - ``read-only`` access level is supported. + + - ``read-write`` access level is supported. + + + Note the following limitation for CephFS shares: - Only ``cephx`` access type is supported. - - For the Mitaka release, only read-write access level is supported. - - Deny share access. - Create a snapshot. @@ -211,44 +214,24 @@ Allow Ceph auth ID ``alice`` access to the share using ``cephx`` access type. manila access-allow cephshare1 cephx alice +Note the access status and the secret access key of ``alice``. + +.. code-block:: console + + manila access-list cephshare1 + Mounting shares using FUSE client ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Using the secret key of the authorized ID ``alice`` create a keyring file, -``alice.keyring`` like: +Using the secret key of the authorized ID ``alice``, create a keyring file +``alice.keyring``. .. code-block:: ini [client.alice] key = AQA8+ANW/4ZWNRAAOtWJMFPEihBA1unFImJczA== -.. note:: - - In the Mitaka release, the secret key is not exposed by any Shared File - Systems service API. - The Ceph storage admin needs to pass the secret key to the guest out of - band of manila. You can refer to the link, - ``_, - to see how the storage admin could obtain the secret key of an ID. - - Alternatively, the cloud admin can create Ceph auth IDs for each of the - tenants. The users can then request manila to authorize the pre-created - Ceph auth IDs, whose secret keys are already shared with them out of band - of manila, to access the shares. - - The following is a command that the cloud admin could run from the server - running the :term:`manila-share` service to create a Ceph auth ID - and get its keyring file: - - .. code-block:: console - - ceph --name=client.manila --keyring=/etc/ceph/manila.keyring auth \ - get-or-create client.alice -o alice.keyring - - For more details, please see the Ceph documentation at, - ``_. - Using the monitor IP addresses from the share's export location, create a configuration file, ``ceph.conf``: @@ -279,12 +262,6 @@ in the future. However, it can be used in private cloud deployments. - The guests have direct access to Ceph's public network. -- The ``secret-key`` of a Ceph auth ID required to mount a share is not exposed - to a user by a Shared File Systems service API. To work around this, the - storage admin needs to pass the key out of band of the Shared File Systems - service, or the user needs to use the Ceph ID and key already created and - shared with her by the cloud admin. - - The snapshot support of the driver is disabled by default. ``cephfs_enable_snapshots`` configuration option needs to be set to ``True`` to allow snapshot operations.