Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 4. File Shares

Important

The OpenStack Shared File System service is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

OpenStack’s Shared File System service (openstack-manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. In the past, OpenStack users needed to manually deploy shared file systems before mounting them on instances. The Shared File System service, on the other hand, allows users to easily provision shares from a pre-configured storage pool, ready to be mounted securely. This pool, in turn, can be independently managed and scaled to meet demand.

The OpenStack Shared File System service also allows administrators to define settings for different types of shares (namely, share type), in the same way that the OpenStack Block Storage service uses volume types. In addition, the Shared File System service also provides the means to manage access, security, and snapshots for provisioned shares.

At present, the Shared File System service can only be deployed manually. For instructions on how to do so, see Install the Shared File System Service (Technology Preview).

4.1. Create and Manage Shares

This section assumes that you manually deployed the Shared File System service as described in Install the Shared File System Service (Technology Preview) and OpenStack Shared File System Service (Manila). As such, at this point you should be using the NetApp driver (manila.share.drivers.netapp.common.NetAppDriver) for shares.

With this driver, you should be able to perform the following operations:

  • Create and delete a share.
  • Allow (read/write) or deny access to a share.

Before creating a share, you must first create a share type. Typically, this step is part of the Shared File System service deployment, as described in Create a Share Type for the Defined Back End.

The following procedures assume that your NetApp back end:

  • Can be invoked through a share type named netapp, and
  • Supports the NFS share protocol.

4.2. Create a Share

To create a share, log in to the Shared File System service host and run:

# manila create --share-type SHARETYPE --name SHARENAME PROTO GB

Where:

  • SHARETYPE applies settings associated with the specified share type.
  • SHARENAME is the name of the share.
  • PROTO is the share protocol you want to use.
  • GB is the size of the share, in GB.

For example, to create a 1 GB NFS share named share-00 using the netapp back end, run:

# manila create --share-type netapp --name share-00 nfs 10
 +-------------------+--------------------------------------+
 | Property          | Value                                |
 +-------------------+--------------------------------------+
 | status            | creating                             |
 | description       | None                                 |
 | availability_zone | nova                                 |
 | share_network_id  | None                                 |
 | export_locations  | []                                   |
 | share_server_id   | None                                 |
 | host              | None                                 |
 | snapshot_id       | None                                 |
 | is_public         | False                                |
 | id                | d760eee8-1d91-48c4-8f9a-ad07072e17a2 |
 | size              | 10                                   |
 | name              | share-01                             |
 | share_type        | 8245657b-ab9e-4db1-8224-451c32d6b5ea |
 | created_at        | 2015-09-29T16:27:54.092272           |
 | export_location   | None                                 |
 | share_proto       | NFS                                  |
 | project_id        | a19dc7ec562c4ed48cea58d22eb0d3c7     |
 | metadata          | {}                                   |
 +-------------------+--------------------------------------+

4.3. List Shares and Export Information

To verify that the shares were created successfully:

# manila list
 +--------------------------------------+----------+-----+-----------+
 | ID                                   | Name     | ... | Status    ...
 +--------------------------------------+----------+-----+-----------+
 | d760eee8-1d91-48c4-8f9a-ad07072e17a2 | share-01 | ... | available ...
 +--------------------------------------+----------+-----+-----------+

The manila list command will also display the export location of the share:

 +-------------------------------------------------------------+
 | Export location                                             ...
 +-------------------------------------------------------------+
 | 10.70.37.46:/manila-nfs-volume-01/share-d760eee8-1d91-...
 +-------------------------------------------------------------+

This information will be used later when mounting the share (Section 4.5, “Mount a Share on an Instance”).

4.4. Grant Share Access

Before you can mount a share on an instance, grant the instance access to the share first:

# manila access-allow SHAREID IDENT IDENTKEY

Where:

  • SHAREID is the ID of the share created in Section 4.2, “Create a Share”.
  • IDENT is the method that the File Share Service should use to authenticate a share user or instance.
  • The IDENTKEY varies depending on what identifying method you choose as IDENT:

    • cert: this method is used for authenticating an instance through TLS certificates.
    • user: use this to authenticate by user or group name.
    • ip: use this to authenticate an instance through its IP address.

For example, to grant read-write access to an instance (identified by the IP 10.70.36.85), run:

# manila access-allow d760eee8-1d91-48c4-8f9a-ad07072e17a2 ip 10.70.36.85
 +--------------+--------------------------------------+
 | Property     | Value                                |
 +--------------+--------------------------------------+
 | share_id     | d760eee8-1d91-48c4-8f9a-ad07072e17a2 |
 | deleted      | False                                |
 | created_at   | 2015-09-29T16:35:33.862114           |
 | updated_at   | None                                 |
 | access_type  | ip                                   |
 | access_to    | 10.70.36.85                          |
 | access_level | rw                                   |
 | state        | new                                  |
 | deleted_at   | None                                 |
 | id           | b4e990d7-e9d1-4801-bcbe-a860fc1401d1 |
 +--------------+--------------------------------------+

Note that access to the share has its own ID (ACCESSID), b4e990d7-e9d1-4801-bcbe-a860fc1401d1.

To verify that the access configuration was successful:

# manila access-list d760eee8-1d91-48c4-8f9a-ad07072e17a2
 +---------------------------+-----------+-----------+--------------+
 | id                        |access type|access to  | access level ...
 +---------------------------+-----------+-----------+--------------+
 |b4e990d7-e9d1-4801-bcbe-...|ip         |10.70.36.85| rw           ...
 +---------------------------+-----------+-----------+--------------+

4.5. Mount a Share on an Instance

After configuring the share to authenticate an instance, you can then mount the share. For example, to mount the share from Section 4.2, “Create a Share” to /mnt on the instance from Section 4.4, “Grant Share Access”, log in to the instance and mount as normal:

# ssh root@10.70.36.85
# mount -t nfs -o vers=3 10.70.37.46:/manila-nfs-volume-01/share-d760eee8-1d91-48c4-8f9a-ad07072e17a2 /mnt

See Section 4.3, “List Shares and Export Information” to learn how to view a share’s export information.

Upon mounting the volume from inside the instance, check if you can write to the share at its mount point.

4.6. Revoke Access to a Share

To revoke previously-granted access to a share, you need to delete the access to the share:

# manila access-deny SHAREID ACCESSID

For example, to revoke the access granted earlier in Section 4.4, “Grant Share Access”:

# manila access-list d760eee8-1d91-48c4-8f9a-ad07072e17a2
 +---------------------------+-----------+-----------+--------------+
 | id                        |access type|access to  | access level ...
 +---------------------------+-----------+-----------+--------------+
 |b4e990d7-e9d1-4801-bcbe-...|ip         |10.70.36.85| rw           ...
 +---------------------------+-----------+-----------+--------------+
# manila access-deny d760eee8-1d91-48c4-8f9a-ad07072e17a2 b4e990d7-e9d1-4801-bcbe-a860fc1401d1

At this point, the instance will no longer be able to use the mounted share.

4.7. Delete a Share

To delete a share:

# manila delete SHAREID

For example:

# manila delete d760eee8-1d91-48c4-8f9a-ad07072e17a2