openstack
/
operations-guide
Code Issues Proposed changes

Add the Shared File Systems service to Ops Guide 

Make corrections into chapters 6: fix wording

Implements: blueprint openstack-operations-guide-update-with-manila-features

Change-Id: I7c3833bbdbf97262e03f6cde6cb9abe9981788ef
This commit is contained in:
musichenko 2015-10-02 18:57:56 +02:00
parent 237eebe5f0
commit 2c48b3a676
3 changed files with 1026 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
doc/openstack-ops/ch_arch_storage.xml
View File

@ -39,27 +39,37 @@
other resource and is always available, regardless of the state of a
running instance.</para>
<para>Today, OpenStack clouds explicitly support two types of persistent
storage: <emphasis>object storage</emphasis> and <emphasis>block
storage</emphasis>.<indexterm class="singular">
<para>Today, OpenStack clouds explicitly support three types of persistent
storage: <emphasis>object storage</emphasis>, <emphasis>block storage</emphasis>,
and <emphasis>file system storage</emphasis>.
<indexterm class="singular">
<primary>swift</primary>
<secondary>Object Storage API</secondary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>persistent storage</primary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>objects</primary>
<secondary>persistent storage of</secondary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>Object Storage</primary>
<secondary>Object Storage API</secondary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>storage</primary>
<secondary>object storage</secondary>
</indexterm></para>
</indexterm>
<indexterm class="singular">
<primary>shared file system storage</primary>
<secondary>shared file systems service</secondary>
</indexterm>
</para>
<section xml:id="object_storage">
<title>Object Storage</title>
@ -113,21 +123,22 @@
a rack, a server, or a disk?</para>
<para>Object Storage's network patterns might seem unfamiliar at first.
Consider these main traffic flows: <indexterm class="singular">
Consider these main traffic flows:
<indexterm class="singular">
<primary>objects</primary>
<secondary>storage decisions and</secondary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>containers</primary>
<secondary>storage decisions and</secondary>
</indexterm><indexterm class="singular">
<primary>account server</primary>
</indexterm><itemizedlist>
</indexterm>
<itemizedlist>
<listitem>
<para>Among <glossterm>object</glossterm>,
<glossterm>container</glossterm>, and <glossterm>account
server</glossterm>s</para>
<glossterm>container</glossterm>, and
<glossterm>account server</glossterm>s</para>
</listitem>
<listitem>
@ -137,7 +148,8 @@
<listitem>
<para>Between the proxies and your users</para>
</listitem>
</itemizedlist></para>
</itemizedlist>
</para>
<para>Object Storage is very "chatty" among servers hosting data—even a
small cluster does megabytes/second of traffic, which is predominantly,
@ -155,7 +167,8 @@
being uploaded, the proxy server must write out as many streams as there
are replicas—giving a multiple of network traffic. For a three-replica
cluster, 10 Gbps in means 30 Gbps out. Combining this with the previous
high bandwidth<indexterm class="singular">
high bandwidth
<indexterm class="singular">
<primary>bandwidth</primary>
<secondary>private vs. public network recommendations</secondary>
@ -163,12 +176,14 @@
recommendation that your private network be of significantly higher
bandwidth than your public need be. Oh, and OpenStack Object Storage
communicates internally with unencrypted, unauthenticated rsync for
performance—you do want the private network to be private.</para>
performance—you do want the private network to be private.
</para>
<para>The remaining point on bandwidth is the public-facing portion. The
<literal>swift-proxy</literal> service is stateless, which means that
you can easily add more and use HTTP load-balancing methods to share
bandwidth and availability between them.</para>
bandwidth and availability between them.
</para>
<para>More proxies means more bandwidth, if your storage can keep
up.</para>
@ -210,6 +225,78 @@
file-based virtual machines stored in
<code>/var/lib/nova/instances</code>.</para>
</section>
<section xml:id="shared_file_system_service">
<title>Shared File Systems Service</title>
<para>
The Shared File Systems service provides a set of services for
management of Shared File Systems in a multi-tenant cloud environment.
Users interact with Shared File Systems service by mounting remote File
Systems on their instances with the following usage of those systems
for file storing and exchange. Shared File Systems service provides you
with shares. A share is a remote, mountable file system. You can mount
a share to and access a share from several hosts by several users at a
time. With shares, user can also:
<itemizedlist>
<listitem>
<para>Create a share specifying its size, shared file system
protocol, visibility level
</para>
</listitem>
<listitem>
<para>
Create a share on either a share server or standalone, depending
on the selected back-end mode, with or without using a share
network.
</para>
</listitem>
<listitem>
<para>Specify access rules and security services for existing
shares.</para>
</listitem>
<listitem>
<para>Combine several shares in groups to keep data consistency
inside the groups for the following safe group operations.</para>
</listitem>
<listitem>
<para>Create a snapshot of a selected share or a share group for
storing the existing shares consistently or creating new shares from
that snapshot in a consistent way</para>
</listitem>
<listitem>
<para>Create a share from a snapshot.</para>
</listitem>
<listitem>
<para>Set rate limits and quotas for specific shares and snapshots</para>
</listitem>
<listitem>
<para>View usage of share resources</para>
</listitem>
<listitem>
<para>Remove shares.</para>
</listitem>
</itemizedlist>
Like Block Storage, the Shared File Systems service is persistent. It
can be:
<itemizedlist>
<listitem>
<para>Mounted to any number of client machines.</para>
</listitem>
<listitem>
<para>Detached from one instance and attached to another without
data loss. During this process the data are safe unless the
Shared File Systems service itself is changed or removed.</para>
</listitem>
</itemizedlist>
Shares are provided by the Shared File Systems service. In OpenStack,
Shared File Systems service is implemented by Shared File System
(manila) project, which supports multiple back-ends in the form of
drivers. The Shared File Systems service can be configured to provision
shares from one or more back-ends. Share servers are, mostly, virtual
machines that export file shares via different protocols such as NFS,
CIFS, GlusterFS, or HDFS.
</para>
</section>
</section>
<section xml:id="storage_concepts">
@ -227,6 +314,16 @@
<table rules="all" xml:id="openstack_storage">
<caption>OpenStack storage</caption>
<col width="12%" />
<col width="22%" />
<col width="22%" />
<col width="22%" />
<col width="22%" />
<thead>
<tr>
<th></th>
@ -236,6 +333,8 @@
<th>Block storage</th>
<th>Object storage</th>
<th>Shared File System storage</th>
</tr>
</thead>
@ -249,6 +348,8 @@
(VM)</para></td>
<td><para>Store data, including VM images</para></td>
<td><para>Add additional persistent storage to a virtual machine</para></td>
</tr>
<tr>
@ -260,6 +361,10 @@
partitioned, formatted, and mounted (such as, /dev/vdc)</para></td>
<td><para>The REST API</para></td>
<td><para>A Shared File Systems service share (either manila
managed or an external one registered in manila) that can be partitioned,
formatted and mounted (such as /dev/vdc)</para></td>
</tr>
<tr>
@ -270,6 +375,8 @@
<td><para>Within a VM</para></td>
<td><para>Anywhere</para></td>
<td><para>Within a VM</para></td>
</tr>
<tr>
@ -280,6 +387,8 @@
<td><para>OpenStack Block Storage (cinder)</para></td>
<td><para>OpenStack Object Storage (swift)</para></td>
<td><para>OpenStack Shared File System Storage (manila)</para></td>
</tr>
<tr>
@ -290,6 +399,8 @@
<td><para>Deleted by user</para></td>
<td><para>Deleted by user</para></td>
<td><para>Deleted by user</para></td>
</tr>
<tr>
@ -301,6 +412,33 @@
<td><para>User specification in initial request</para></td>
<td><para>Amount of available physical storage</para></td>
<td>
<para>
<itemizedlist>
<listitem>
<para>
User specification in initial request
</para>
</listitem>
<listitem>
<para>
Requests for extension
</para>
</listitem>
<listitem>
<para>
Available user-level quotes
</para>
</listitem>
<listitem>
<para>
Limitations applied by Administrator
</para>
</listitem>
</itemizedlist>
</para>
</td>
</tr>
<tr>
@ -309,10 +447,13 @@
<td><para>Parameter in nova.conf</para></td>
<td><para>Admin establishing
<link xlink:href="http://docs.openstack.org/user-guide-admin/dashboard_manage_volumes.html"> encrypted volume type</link>,
<link xlink:href="http://docs.openstack.org/user-guide-admin/dashboard_manage_volumes.html">encrypted volume type</link>,
then user selecting encrypted volume</para></td>
<td><para>Not yet available</para></td>
<td><para>Shared File Systems service does not apply any additional
encryption above what the shares back-end storage provides</para></td>
</tr>
<tr>
@ -323,6 +464,10 @@
<td><para>1 TB disk</para></td>
<td><para>10s of TBs of dataset storage</para></td>
<td><para>Depends completely on the size of back-end storage specified when
a share was being created. In case of thin provisioning it can be partial
space reservation (for more details see <link xlink:href="http://docs.openstack.org/developer/manila/devref/capabilities_and_extra_specs.html?highlight=extra%20specs#common-capabilities">Capabilities and Extra-Specs</link> specification)</para></td>
</tr>
</tbody>
</table>

10
doc/openstack-ops/ch_ops_upstream.xml
View File

@ -190,6 +190,16 @@
xlink:href="https://bugs.launchpad.net/python-cinderclient/+filebug/+login">python-cinderclient</link>.</para>
</listitem>
<listitem>
<para>Report a bug in <link
xlink:href="https://bugs.launchpad.net/manila/+filebug/+login">manila</link>.</para>
</listitem>
<listitem>
<para>Report a bug in <link
xlink:href="https://bugs.launchpad.net/python-manilaclient/+filebug/+login">python-manilaclient</link>.</para>
</listitem>
<listitem>
<para>Report a bug in <link
xlink:href="https://bugs.launchpad.net/python-openstackclient/+filebug/+login">python-openstackclient</link>.</para>

859
doc/openstack-ops/ch_ops_user_facing.xml
View File

@ -15,7 +15,7 @@
OpenStack from a basic user perspective, which helps you understand your
users' needs and determine, when you get a trouble ticket, whether it is a
user issue or a service issue. The main concepts covered are images,
flavors, security groups, block storage, and instances.</para>
flavors, security groups, block storage, shared file system storage, and instances.</para>
<section xml:id="user_facing_images">
<title>Images</title>
@ -31,6 +31,7 @@
<secondary>images</secondary>
</indexterm></para>
<section xml:id="add_images">
<title>Adding Images</title>
@ -816,17 +817,19 @@
instance at a time. Similar to an external hard drive, they do not provide
shared storage in the way a network file system or object store does. It
is left to the operating system in the instance to put a file system on
the block device and mount it, or not.<indexterm class="singular">
the block device and mount it, or not.
<indexterm class="singular">
<primary>block storage</primary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>storage</primary>
<secondary>block storage</secondary>
</indexterm><indexterm class="singular">
</indexterm>
<indexterm class="singular">
<primary>user training</primary>
<secondary>block storage</secondary>
</indexterm></para>
</indexterm>
</para>
<para>As with other removable disk technology, it is important that the
operating system is not trying to make use of the disk before removing it.
@ -863,7 +866,7 @@
| 0821...19f | active | test-volume | 10 | None | |
+------------+---------+--------------------+------+-------------+-------------+</computeroutput></screen>
<para>OpenStack Block Storage also allows for creating snapshots of
<para>OpenStack Block Storage also allows creating snapshots of
volumes. Remember that this is a block-level snapshot that is crash
consistent, so it is best if the volume is not connected to an instance
when the snapshot is taken and second best if the volume is not in use on
@ -905,6 +908,846 @@ Optional snapshot description. (Default=None)</programlisting>
</section>
</section>
<section xml:id="user_facing_shared_file_systems">
<?dbhtml stop-chunking?>
<title>Shared File Systems Service</title>
<para>Similar to Block Storage, the Shared File System is a persistent
storage, called share, that can be used in multi-tenant environments.
Users create and mount a share as a remote file system on any machine
that allows mounting shares, and has network access to share exporter.
This share can then be used for storing, sharing, and exchanging files.
The default configuration of the Shared File Systems service depends
on the back-end driver the admin chooses when starting the Shared File
Systems service.
For more information about existing back-end drivers, see section
<link xlink:href="http://docs.openstack.org/developer/manila/devref/index.html#share-backends">"Share Backends"</link>
of Shared File Systems service Developer Guide. For example,
in case of OpenStack Block Storage based back-end is used, the Shared
File Systems service cares about everything, including VMs, networking,
keypairs, and security groups. Other configurations require more
detailed knowledge of shares functionality to set up and tune specific
parameters and modes of shares functioning.
</para>
<para>
Shares are a remote mountable file system, so users can mount a share
to multiple hosts, and have it accessed from multiple hosts by multiple
users at a time. With the Shared File Systems service, you can perform
a large number of operations with shares:
<itemizedlist>
<listitem>
<para>Create, update, delete and force-delete shares</para>
</listitem>
<listitem>
<para>Change access rules for shares, reset share state</para>
</listitem>
<listitem>
<para>Specify quotas for existing users or tenants</para>
</listitem>
<listitem>
<para>Create share networks</para>
</listitem>
<listitem>
<para>Define new share types</para>
</listitem>
<listitem>
<para>Perform operations with share snapshots: create, change name,
create a share from a snapshot, delete</para>
</listitem>
<listitem>
<para>Operate with consistency groups</para>
</listitem>
<listitem>
<para>Use security services</para>
</listitem>
</itemizedlist>
For more information on share management see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_share_management.html">
“Share management”</link> of chapter “Shared File Systems” in
OpenStack Cloud Administrator Guide.
As to Security services, you should remember that different drivers
support different authentication methods, while generic driver does not
support Security Services at all (see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_security_services.html">
“Security services”</link> of chapter “Shared File Systems” in
OpenStack Cloud Administrator Guide).
</para>
<para>
You can create a share in a network, list shares, and
show information for, update, and delete a specified share. You can
also create snapshots of shares (see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_snapshots.html">
“Share snapshots”</link> of chapter “Shared File Systems” in OpenStack
Cloud Administrator Guide).
</para>
<para>
There are default and specific share types that allow you to filter or
choose back-ends before you create a share. Functions and behaviour of
share type is similar to Block Storage volume type (see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_share_types.html">
“Share types”</link> of chapter “Shared File Systems” in OpenStack
Cloud Administrator Guide).
</para>
<para>
To help users keep and restore their data, Shared File Systems service
provides a mechanism to create and operate snapshots (see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_snapshots.html">
“Share snapshots”</link> of chapter “Shared File Systems” in OpenStack
Cloud Administrator Guide).
</para>
<para>
A security service stores configuration information for clients for
authentication and authorization. Inside Manila a share network can be
associated with up to three security types (for detailed
information see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_security_services.html">
“Security services”</link> of chapter “Shared File Systems” in
OpenStack Cloud Administrator Guide):
<itemizedlist>
<listitem>
<para>LDAP</para>
</listitem>
<listitem>
<para>Kerberos</para>
</listitem>
<listitem>
<para>Microsoft Active Directory</para>
</listitem>
</itemizedlist>
</para>
<para>
Shared File Systems service differs from the principles
implemented in Block Storage. Shared File Systems service can work in
two modes:
<itemizedlist>
<listitem>
<para>Without interaction with share networks, in so called
"no share servers" mode.</para>
</listitem>
<listitem>
<para>Interacting with share networks.</para>
</listitem>
</itemizedlist>
Networking service is used by the Shared File Systems service to
directly operate with share servers. For switching interaction with
Networking service on, create a share specifying a share network.
To use "share servers" mode even being out of OpenStack, a network
plugin called StandaloneNetworkPlugin is used. In this case,
provide network information in the configuration: IP range, network
type, and segmentation ID.
Also you can add security services to a share network (see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_networking.html">
“Networking”</link> of chapter “Shared File Systems” in OpenStack
Cloud Administrator Guide).
</para>
<para>
The main idea of consistency groups is to enable you to create
snapshots at the exact same point in time from multiple file system
shares. Those snapshots can be then used for restoring all shares that
were associated with the consistency group (see section
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_cgroups.html">
“Consistency groups”</link> of chapter “Shared File Systems” in
OpenStack Cloud Administrator Guide).
</para>
<para>
Shared File System storage allows administrators to set limits and
quotas for specific tenants and users. Limits are the resource
limitations that are allowed for each tenant or user. Limits consist
of:
<itemizedlist>
<listitem>
<para>Rate limits</para>
</listitem>
<listitem>
<para>Absolute limits</para>
</listitem>
</itemizedlist>
Rate limits control the frequency at which users can issue specific API
requests. Rate limits are configured by administrators in a config file.
Also, administrator can specify quotas also known as max values of
absolute limits per tenant. Whereas users can see only the amount of
their consumed resources.
Administrator can specify rate limits or quotas for the following
resources:
<itemizedlist>
<listitem>
<para>Max amount of space awailable for all shares</para>
<para>Max number of shares</para>
<para>Max number of shared networks</para>
<para>Max number of share snapshots</para>
<para>Max total amount of all snapshots</para>
<para>Type and number of API calls that can be made in a
specific time interval</para>
</listitem>
</itemizedlist>
User can see his rate limits and absolute limits by running commands
<code>manila rate-limits</code> and <code>manila absolute-limits</code>
respectively.
For more details on limits and quotas see subsection
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_quotas.html">
"Quotas and limits"</link> of "Share management" section of OpenStack
Cloud Administrator Guide document.
</para>
<para>
This section lists several of the most important Use Cases that
demonstrate the main functions and abilities of Shared File Systems
service:
<itemizedlist>
<listitem>
<para>Create share</para>
</listitem>
<listitem>
<para>Operating with a share</para>
</listitem>
<listitem>
<para>Manage access to shares</para>
</listitem>
<listitem>
<para>Create snapshots</para>
</listitem>
<listitem>
<para>Create a share network</para>
</listitem>
<listitem>
<para>Manage a share network</para>
</listitem>
</itemizedlist>
</para>
<note>
<para>Shared File Systems service cannot warn you
beforehand if it is safe to write a specific large amount of data onto
a certain share or to remove a consistency group if it has a number of
shares assigned to it. In such a potentially erroneous situations, if a
mistake happens, you can expect some error message or even failing of
shares or consistency groups into an incorrect status. You can also
expect some level of system corruption if a user tries to unmount an
unmanaged share while a process is using it for data transfer.
</para>
</note>
<section xml:id="create_share">
<title>Create Share</title>
<para>
In this section, we examine the process of creating a simple share.
It consists of several steps:
<itemizedlist>
<listitem>
<para>Check if there is an appropriate share type defined in the
Shared File Systems service
</para>
</listitem>
<listitem>
<para>If such a share type does not exist, an Admin should create
it using <code>manila type-create</code> command before other
users are able to use it</para>
</listitem>
<listitem>
<para>Using a share network is optional. However if you need one,
check if there is an appropriate network defined in Shared File
Systems service by using <code>manila share-network-list</code>
command. For the information on creating a share network, see
<xref linkend="create_a_share_network" /> below in this chapter.
</para>
</listitem>
<listitem>
<para>Create a public share using <code>manila create</code></para>
</listitem>
<listitem>
<para>Make sure that the share has been created successfully and is
ready to use (check the share status and see the share export
location)</para>
</listitem>
</itemizedlist>
Below is the same whole procedure described step by step and in more
detail.
</para>
<note>
<para>
Before you start, make sure that Shared File Systems service is
installed on your OpenStack cluster and is ready to use.
</para>
</note>
<para>By default, there are no share types defined in Shared File Systems
service, so you can check if a required one has been already created:
<screen><prompt>$</prompt> <userinput>manila type-list</userinput>
<computeroutput>+------+--------+-----------+-----------+----------------------------------+----------------------+
| ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs |
+------+--------+-----------+-----------+----------------------------------+----------------------+
| c0...| default| public | YES | driver_handles_share_servers:True| snapshot_support:True|
+------+--------+-----------+-----------+----------------------------------+----------------------+</computeroutput></screen>
</para>
<para>If the share types list is empty or does not contain a type you
need, create the required share type using this command:
<screen><prompt>$</prompt> <userinput>manila type-create netapp1 False --is_public True</userinput></screen>
This command will create a public share with the following parameters:
<code>name = netapp1</code>, <code>spec_driver_handles_share_servers = False</code>
</para>
<para>You can now create a public share with
my_share_net network, default share type, NFS shared file systems
protocol, and 1 GB size:
<screen><prompt>$</prompt> <userinput>manila create nfs 1 --name "Share1" --description "My first share" --share-type default --share-network my_share_net --metadata aim=testing --public</userinput>
<computeroutput>+-----------------------------+--------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------+
| status | None |
| share_type_name | default |
| description | My first share |
| availability_zone | None |
| share_network_id | None |
| export_locations | [] |
| share_server_id | None |
| host | None |
| snapshot_id | None |
| is_public | True |
| task_state | None |
| snapshot_support | True |
| id | aca648eb-8c03-4394-a5cc-755066b7eb66 |
| size | 1 |
| name | Share1 |
| share_type | c0086582-30a6-4060-b096-a42ec9d66b86 |
| created_at | 2015-09-24T12:19:06.925951 |
| export_location | None |
| share_proto | NFS |
| consistency_group_id | None |
| source_cgsnapshot_member_id | None |
| project_id | 20787a7ba11946adad976463b57d8a2f |
| metadata | {u'aim': u'testing'} |
+-----------------------------+--------------------------------------+</computeroutput></screen>
</para>
<para>
To confirm that creation has been successful, see the share in the
share list:
<screen><prompt>$</prompt> <userinput>manila list</userinput>
<computeroutput>+----+-------+-----+------------+-----------+-------------------------------+----------------------+
| ID | Name | Size| Share Proto| Share Type| Export location | Host |
+----+-------+-----+------------+-----------+-------------------------------+----------------------+
| a..| Share1| 1 | NFS | c0086... | 10.254.0.3:/shares/share-2d5..| manila@generic1#GEN..|
+----+-------+-----+------------+-----------+-------------------------------+----------------------+</computeroutput></screen>
</para>
<para>
Check the share status and see the share export location. After
creation, the share status should become <code>available</code>:
<screen><prompt>$</prompt> <userinput>manila show Share1</userinput>
<computeroutput>+-----------------------------+-------------------------------------------+
| Property | Value |
+-----------------------------+-------------------------------------------+
| status | available |
| share_type_name | default |
| description | My first share |
| availability_zone | nova |
| share_network_id | 5c3cbabb-f4da-465f-bc7f-fadbe047b85a |
| export_locations | 10.254.0.3:/shares/share-2d5e2c0a-1f84... |
| share_server_id | 41b7829d-7f6b-4c96-aea5-d106c2959961 |
| host | manila@generic1#GENERIC1 |
| snapshot_id | None |
| is_public | True |
| task_state | None |
| snapshot_support | True |
| id | aca648eb-8c03-4394-a5cc-755066b7eb66 |
| size | 1 |
| name | Share1 |
| share_type | c0086582-30a6-4060-b096-a42ec9d66b86 |
| created_at | 2015-09-24T12:19:06.000000 |
| share_proto | NFS |
| consistency_group_id | None |
| source_cgsnapshot_member_id | None |
| project_id | 20787a7ba11946adad976463b57d8a2f |
| metadata | {u'aim': u'testing'} |
+-----------------------------+-------------------------------------------+</computeroutput></screen>
The value <code>is_public</code> defines the level of visibility for the
share: whether other tenants can or cannot see the share. By default,
the share is private. Now you can mount the created share like a remote
file system and use it for your purposes.
<tip>
<para>See subsection
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_share_management.html">
“Share Management”</link> of “Shared File Systems” section of
Cloud Administration Guide document for the details on share
management operations.
</para>
</tip>
</para>
</section>
<section xml:id="manage_access_to_shares">
<title>Manage Access To Shares</title>
<para>
Currently, you have a share and would like to control access to this
share for other users. For this, you have to perform a number of steps
and operations. Before getting to manage access to the share, pay
attention to the following important parameters.
To grant or deny access to a share, specify one of these supported
share access levels:
<itemizedlist>
<listitem>
<para>
<code>rw</code>: read and write (RW) access. This is the default
value.
</para>
</listitem>
<listitem>
<para>
<code>ro:</code> read-only (RO) access.
</para>
</listitem>
</itemizedlist>
Additionally, you should also specify one of these supported
authentication methods:
<itemizedlist>
<listitem>
<para>
<code>ip</code>: authenticates an instance through its IP address.
A valid format is XX.XX.XX.XX orXX.XX.XX.XX/XX.
For example 0.0.0.0/0.
</para>
</listitem>
<listitem>
<para>
<code>cert</code>: authenticates an instance through a TLS
certificate. Specify the TLS identity as the IDENTKEY. A valid
value is any string up to 64 characters long in the common name
(CN) of the certificate. The meaning of a string depends on its
interpretation.
</para>
</listitem>
<listitem>
<para>
<code>user</code>: authenticates by a specified user or group
name. A valid value is an alphanumeric string that can contain
some special characters and is from 4 to 32 characters long.
</para>
</listitem>
</itemizedlist>
<note>
<para>Do not mount a share without an access rule! This can lead to
an exception.</para>
</note>
</para>
<para>
Allow access to the share with IP access type and 10.254.0.4 IP address:
<screen><prompt>$</prompt> <userinput>manila access-allow Share1 ip 10.254.0.4 --access-level rw</userinput>
<computeroutput>+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| share_id | 7bcd888b-681b-4836-ac9c-c3add4e62537 |
| access_type | ip |
| access_to | 10.254.0.4 |
| access_level | rw |
| state | new |
| id | de715226-da00-4cfc-b1ab-c11f3393745e |
+--------------+--------------------------------------+</computeroutput></screen>
</para>
<para>
Mount the Share:
<screen><prompt>$</prompt> <userinput>sudo mount -v -t nfs 10.254.0.5:/shares/share-5789ddcf-35c9-4b64-a28a-7f6a4a574b6a /mnt/</userinput></screen>
Then check if the share mounted successfully and according to the
specified access rules:
<screen><prompt>$</prompt> <userinput>manila access-list Share1</userinput>
<computeroutput>+--------------------------------------+-------------+------------+--------------+--------+
| id | access type | access to | access level | state |
+--------------------------------------+-------------+------------+--------------+--------+
| 4f391c6b-fb4f-47f5-8b4b-88c5ec9d568a | user | demo | rw | error |
| de715226-da00-4cfc-b1ab-c11f3393745e | ip | 10.254.0.4 | rw | active |
+--------------------------------------+-------------+------------+--------------+--------+</computeroutput></screen>
</para>
<note>
<para>
Different share features are supported by different share drivers.
In these examples there was used generic (Cinder as a back-end)
driver that does not support <code>user</code> and
<code>cert</code> authentication methods.
</para>
</note>
<tip>
<para>
For the details of features supported by different drivers see
section
<link xlink:href="http://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html">
“Manila share features support mapping”</link> of Manila Developer Guide document.
</para>
</tip>
</section>
<section xml:id="manage_shares">
<title>Manage Shares</title>
<para>
There are several other useful operations you would perform when working with shares.
</para>
<section xml:id="update_share">
<title>Update Share</title>
<para>
To change the name of a share, or update its description, or level of
visibility for other tenants, use this command:
<screen><prompt>$</prompt> <userinput>manila update Share1 --description "My first share. Updated" --is-public False</userinput></screen>
Check the attributes of the updated Share1:
<screen><prompt>$</prompt> <userinput>manila show Share1</userinput>
<computeroutput>+-----------------------------+--------------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------------+
| status | available |
| share_type_name | default |
| description | My first share. Updated |
| availability_zone | nova |
| share_network_id | 5c3cbabb-f4da-465f-bc7f-fadbe047b85a |
| export_locations | 10.254.0.3:/shares/share-2d5e2c0a-1f84-... |
| share_server_id | 41b7829d-7f6b-4c96-aea5-d106c2959961 |
| host | manila@generic1#GENERIC1 |
| snapshot_id | None |
| is_public | False |
| task_state | None |
| snapshot_support | True |
| id | aca648eb-8c03-4394-a5cc-755066b7eb66 |
| size | 1 |
| name | Share1 |
| share_type | c0086582-30a6-4060-b096-a42ec9d66b86 |
| created_at | 2015-09-24T12:19:06.000000 |
| share_proto | NFS |
| consistency_group_id | None |
| source_cgsnapshot_member_id | None |
| project_id | 20787a7ba11946adad976463b57d8a2f |
| metadata | {u'aim': u'testing'} |
+-----------------------------+--------------------------------------------+</computeroutput></screen>
</para>
</section>
<section xml:id="reset_share_state">
<title>Reset Share State</title>
<para>
Sometimes a share may appear and then
hang in an erroneous or a transitional state. Unprivileged users do
not have the appropriate access rights to correct this situation.
However, having cloud administrator's permissions, you can reset the
share's state by using
<screen><prompt>$</prompt> <userinput>manila reset-state [state state] share_name</userinput></screen>
command to reset share state, where state indicates which state to
assign the share to. Options include:
<code>available, error, creating, deleting, error_deleting</code>
states.
</para>
<para>
After running
<screen><prompt>$</prompt> <userinput>manila reset-state Share2 --state deleting</userinput></screen>
check the share's status:
<screen><prompt>$</prompt> <userinput>manila show Share2</userinput>
<computeroutput>+-----------------------------+-------------------------------------------+
| Property | Value |
+-----------------------------+-------------------------------------------+
| status | deleting |
| share_type_name | default |
| description | share from a snapshot. |
| availability_zone | nova |
| share_network_id | 5c3cbabb-f4da-465f-bc7f-fadbe047b85a |
| export_locations | [] |
| share_server_id | 41b7829d-7f6b-4c96-aea5-d106c2959961 |
| host | manila@generic1#GENERIC1 |
| snapshot_id | 962e8126-35c3-47bb-8c00-f0ee37f42ddd |
| is_public | False |
| task_state | None |
| snapshot_support | True |
| id | b6b0617c-ea51-4450-848e-e7cff69238c7 |
| size | 1 |
| name | Share2 |
| share_type | c0086582-30a6-4060-b096-a42ec9d66b86 |
| created_at | 2015-09-25T06:25:50.000000 |
| export_location | 10.254.0.3:/shares/share-1dc2a471-3d47-...|
| share_proto | NFS |
| consistency_group_id | None |
| source_cgsnapshot_member_id | None |
| project_id | 20787a7ba11946adad976463b57d8a2f |
| metadata | {u'source': u'snapshot'} |
+-----------------------------+-------------------------------------------+</computeroutput></screen>
</para>
</section>
<section xml:id="delete_share">
<title>Delete Share</title>
<para>
If you do not need a share any more, you can delete it using
<command>manila delete share_name_or_ID</command> command like:
<screen><prompt>$</prompt> <userinput>manila delete Share2</userinput></screen>
</para>
<note>
<para>
If you specified the consistency group while creating a share,
you should provide the --consistency-group parameter to delete
the share:
</para>
</note>
<para>
<screen><prompt>$</prompt> <userinput>manila delete ba52454e-2ea3-47fa-a683-3176a01295e6 --consistency-group ffee08d9-c86c-45e5-861e-175c731daca2</userinput></screen>
</para>
<para>
Sometimes it appears that a share hangs in one of transitional states
(i.e. <code>creating, deleting, managing, unmanaging, extending, and shrinking</code>).
In that case, to delete it, you need
<command>manila force-delete share_name_or_ID</command> command and
administrative permissions to run it:
<screen><prompt>$</prompt> <userinput>manila force-delete b6b0617c-ea51-4450-848e-e7cff69238c7</userinput></screen>
</para>
<tip>
<para>
For more details and additional information about other cases, features,
API commands etc, see subsection
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_share_management.html">
“Share Management”</link> of “Shared File Systems”
section of Cloud Administration Guide document.
</para>
</tip>
</section>
</section>
<section xml:id="create_snapshots">
<title>Create Snapshots</title>
<para>
The Shared File Systems service provides a mechanism of snapshots to
help users to restore their own data. To create a snapshot, use
<command>manila snapshot-create</command> command like:
<screen><prompt>$</prompt> <userinput>manila snapshot-create Share1 --name Snapshot1 --description "Snapshot of Share1"</userinput>
<computeroutput>+-------------+--------------------------------------+
| Property | Value |
+-------------+--------------------------------------+
| status | creating |
| share_id | aca648eb-8c03-4394-a5cc-755066b7eb66 |
| name | Snapshot1 |
| created_at | 2015-09-25T05:27:38.862040 |
| share_proto | NFS |
| id | 962e8126-35c3-47bb-8c00-f0ee37f42ddd |
| size | 1 |
| share_size | 1 |
| description | Snapshot of Share1 |
+-------------+--------------------------------------+</computeroutput></screen>
</para>
<para>
Then, if needed, update the name and description of the created snapshot:
<screen><prompt>$</prompt> <userinput>manila snapshot-rename Snapshot1 Snapshot_1 --description "Snapshot of Share1. Updated."</userinput></screen>
To make sure that the snapshot is available, run:
<screen><prompt>$</prompt> <userinput>manila snapshot-show Snapshot1</userinput>
<computeroutput>+-------------+--------------------------------------+
| Property | Value |
+-------------+--------------------------------------+
| status | available |
| share_id | aca648eb-8c03-4394-a5cc-755066b7eb66 |
| name | Snapshot1 |
| created_at | 2015-09-25T05:27:38.000000 |
| share_proto | NFS |
| id | 962e8126-35c3-47bb-8c00-f0ee37f42ddd |
| size | 1 |
| share_size | 1 |
| description | Snapshot of Share1 |
+-------------+--------------------------------------+</computeroutput></screen>
<tip>
<para>
For more details and additional information on snapshots, see
subsection
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_snapshots.html">
“Share Snapshots”</link> of “Shared File Systems” section of
“Cloud Administration Guide” document.
</para>
</tip>
</para>
</section>
<section xml:id="create_a_share_network">
<title>Create a Share Network</title>
<para>
To control a share network, Shared File Systems service requires
interaction with Networking service to manage share servers on its own.
If the selected driver runs in a mode that requires such kind of
interaction, you need to specify the share network when a share is
created. For the information on share creation, see
<xref linkend="create_share" /> earlier in this chapter.
Initially, check the existing share networks type list by:
<screen><prompt>$</prompt> <userinput>manila share-network-list</userinput>
<computeroutput>+--------------------------------------+--------------+
| id | name |
+--------------------------------------+--------------+
+--------------------------------------+--------------+</computeroutput></screen>
</para>
<para>
If share network list is empty or does not contain a required network,
just create, for example, a share network with a private network and
subnetwork.
<screen><prompt>$</prompt> <userinput>manila share-network-create --neutron-net-id 5ed5a854-21dc-4ed3-870a-117b7064eb21 --neutron-subnet-id 74dcfb5a-b4d7-4855-86f5-a669729428dc --name my_share_net --description "My first share network"</userinput>
<computeroutput>+-------------------+--------------------------------------+
| Property | Value |
+-------------------+--------------------------------------+
| name | my_share_net |
| segmentation_id | None |
| created_at | 2015-09-24T12:06:32.602174 |
| neutron_subnet_id | 74dcfb5a-b4d7-4855-86f5-a669729428dc |
| updated_at | None |
| network_type | None |
| neutron_net_id | 5ed5a854-21dc-4ed3-870a-117b7064eb21 |
| ip_version | None |
| nova_net_id | None |
| cidr | None |
| project_id | 20787a7ba11946adad976463b57d8a2f |
| id | 5c3cbabb-f4da-465f-bc7f-fadbe047b85a |
| description | My first share network |
+-------------------+--------------------------------------+</computeroutput></screen>
The <code>segmentation_id</code>, <code>cidr</code>, <code>ip_version</code>,
and <code>network_type</code> share network attributes are
automatically set to the values determined by the network provider.
</para>
<para>
Then check if the network became created by requesting the networks
list once again:
<screen><prompt>$</prompt> <userinput>manila share-network-list</userinput>
<computeroutput>+--------------------------------------+--------------+
| id | name |
+--------------------------------------+--------------+
| 5c3cbabb-f4da-465f-bc7f-fadbe047b85a | my_share_net |
+--------------------------------------+--------------+</computeroutput></screen>
</para>
<para>
Finally, to create a share that uses this share network, get to Create
Share use case described earlier in this chapter.
<tip>
<para>
See subsection <link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_share_networks.html">
“Share Networks”</link> of “Shared File Systems” section of Cloud
Administration Guide document for more details.
</para>
</tip>
</para>
</section>
<section xml:id="manage_a_share_network">
<title>Manage a Share Network</title>
<para>
There is a pair of useful commands that help manipulate share networks.
To start, check the network list:
<screen><prompt>$</prompt> <userinput>manila share-network-list</userinput>
<computeroutput>+--------------------------------------+--------------+
| id | name |
+--------------------------------------+--------------+
| 5c3cbabb-f4da-465f-bc7f-fadbe047b85a | my_share_net |
+--------------------------------------+--------------+</computeroutput></screen>
If you configured the back-end with <code>driver_handles_share_servers = True</code>
(with the share servers) and had already some operations in the Shared
File Systems service, you can see <code>manila_service_network</code>
in the neutron list of networks. This network was created by the share
driver for internal usage.
<screen><prompt>$</prompt> <userinput>neutron net-list</userinput>
<computeroutput>+--------------+------------------------+------------------------------------+
| id | name | subnets |
+--------------+------------------------+------------------------------------+
| 3b5a629a-e...| manila_service_network | 4f366100-50... 10.254.0.0/28 |
| bee7411d-d...| public | 884a6564-01... 2001:db8::/64 |
| | | e6da81fa-55... 172.24.4.0/24 |
| 5ed5a854-2...| private | 74dcfb5a-bd... 10.0.0.0/24 |
| | | cc297be2-51... fd7d:177d:a48b::/64 |
+--------------+------------------------+------------------------------------+</computeroutput></screen>
</para>
<para>
You also can see detailed information about the share network including
<code>network_type, segmentation_id</code> fields:
<screen><prompt>$</prompt> <userinput>neutron net-show manila_service_network</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 3b5a629a-e7a1-46a3-afb2-ab666fb884bc |
| mtu | 0 |
| name | manila_service_network |
| port_security_enabled | True |
| provider:network_type | vxlan |
| provider:physical_network | |
| provider:segmentation_id | 1068 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | 4f366100-5108-4fa2-b5b1-989a121c1403 |
| tenant_id | 24c6491074e942309a908c674606f598 |
+---------------------------+--------------------------------------+</computeroutput></screen>
You also can add and remove the security services to the share network.
</para>
<tip>
<para>
For details, see subsection
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/shared_file_systems_security_services.html">
"Security Services"</link> of “Shared File Systems” section of
Cloud Administration Guide document.
</para>
</tip>
</section>
</section>
<section xml:id="instances">
<?dbhtml stop-chunking?>