第3章 Post-deployment configuration
You must complete some post-deployment configuration tasks before you create NFS shares, grant user access, and mount NFS shares.
- Map the Networking service (neutron) storage network to the isolated data center storage network.
- Make the storage provider network available to trusted tenants only through custom role based access control (RBAC). Do not share the storage provider network globally.
- Create a private share type.
- Grant access to specific trusted tenants.
After you complete these steps, the tenant compute instances can create, allow access to, and mount native CephFS shares.
3.1. Creating the storage provider network
You must map the new isolated storage network to a Networking (neutron) provider network. The Compute VMs attach to the network to access native CephFS share export locations.
For information about network security with the Shared File Systems service, see Hardening the Shared File Systems Service in the Security and Hardening Guide.
openstack network create command defines the configuration for the storage neutron network.
From an undercloud node, enter the following command:
[stack@undercloud ~]$ source ~/overcloudrc
On an undercloud node, create the storage network:
(overcloud) [stack@undercloud-0 ~]$ openstack network create Storage --provider-network-type vlan --provider-physical-network datacentre --provider-segment 30
You can enter this command with the following options:
--provider-physical-networkoption, use the default value
datacentre, unless you set another tag for the br-isolated bridge through NeutronBridgeMappings in your tripleo-heat-templates.
--provider-segmentoption, use the value set for the Storage isolated network in your network environment file. If this was not customized, the default environment file is
/usr/share/openstack-tripleo-heat-templates/network_data.yaml. The VLAN associated with the Storage network value is
30unless you modified the isolated network definitions.
--provider-network-typeoption, use the value
- For the