"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/source/admin/shared-file-systems-share-types.rst" between
manila-8.1.3.tar.gz and manila-8.1.4.tar.gz

About: OpenStack Manila provides “Shared Filesystems as a service”.
The "Stein" series (maintained release).

shared-file-systems-share-types.rst  (manila-8.1.3):shared-file-systems-share-types.rst  (manila-8.1.4)
.. _shared_file_systems_share_types: .. _shared_file_systems_share_types:
=========== ===========
Share types Share types
=========== ===========
A share type enables you to filter or choose back ends before you create a The Shared File System service back-end storage drivers offer a wide range
share and to set data for the share driver. A share type behaves in the same of capabilities. The variation in these capabilities allows cloud
way as a Block Storage volume type behaves. administrators to provide a storage service catalog to their end users.
Share types can be used to create this storage service catalog.
Cloud administrators can influence provisioning of users' shares with the
help of Share types. All shares are associated with a share type. Share
types are akin to ``flavors`` in the OpenStack Compute service (nova), or
``volume types`` in the OpenStack Block Storage service (cinder), or ``storage
classes`` in Kubernetes. You can allow a share type to be accessible to all
users in your cloud if you wish. You can also create private share types that
allow only users belonging to certain OpenStack projects to access them.
You can have an unlimited number of share types in your
cloud, but for practical purposes, you may want to create only a handful of
publicly accessible share types.
Each share type is an object that encompasses ``extra-specs`` (extra
specifications). These extra-specs can map to storage back-end capabilities,
or can be directives to the service.
Consider for example, offering three share types in your cloud to map
to "service levels":
+--------+----------------------------------------------------------------------
----------------------------+
| Type | Capabilities/Instructions
|
+========+======================================================================
============================+
| Gold | Allow creating snapshots, reverting to snapshots and share replicatio
n, "thick" provision shares |
+--------+----------------------------------------------------------------------
----------------------------+
| Silver | Allow creating snapshots, "thin" provision shares
|
+--------+----------------------------------------------------------------------
----------------------------+
| Bronze | Don't allow creating snapshots, "thin" provision shares
|
+--------+----------------------------------------------------------------------
----------------------------+
Capabilities or instructions such as the ones above are coded as extra-specs
that your users and the Shared File System service understand. Users in
OpenStack projects can see all public share types along with private share
types that are made accessible to them. Not all extra-specs that you
configure in a share type are visible to your users. This design helps
preserve the cloud abstraction. Along with the share type names, they can
see the share type descriptions and "tenant-visible" extra-specs.
For more details on extra-specs, see :ref:`capabilities_and_extra_specs`.
The Shared File Systems service also allows using quota controls with share
types. Quotas can help you maintain your SLAs by limiting the number of
consumable resources or aid in billing. See :ref:`shared_file_systems_quotas`
for more details.
Driver Handles Share Servers (DHSS)
-----------------------------------
To provide secure and hard multi-tenancy on the network data path, the
Shared File Systems service allows users to use their own "share networks".
When shares are created on a share network, users can be sure they have
their own isolated "share servers" that export their shares on the share
network that have the ability plug into user-determined authentication
domains ("security services"). Not all Shared File System service storage
drivers support share networks. Those that do assert the capability
``driver_handles_share_servers=True``.
When creating a share type, you are *required* to set an extra-spec that
matches this capability. It is visible to end users.
Default Share Type
------------------
When you are operating a cloud where all your tenants are trusted, you may
want to create a "default" share type that applies to all of them. It
simplifies share creation for your end users since they don't need to worry
about share types.
Use of a default share type is not recommended in a multi-tenant cloud where
you may want to separate your user workloads, or offer different service
capabilities. In such instances, you must always encourage your users to
specify a share type at share creation time, and not rely on the default
share type.
.. important::
If you do not create and configure a default share type, users *must*
specify a valid share type during share creation, or share creation
requests will fail.
In the Shared File Systems configuration file ``manila.conf``, the To configure the default share type, edit the ``manila.conf`` file, and set
administrator can set the share type used by default for the share creation the configuration option [DEFAULT]/default_share_type.
and then create a default share type.
To create a share type, use :command:`manila type-create` command as: You must then create a share type, using :command:`manila type-create`:
.. code-block:: console .. code-block:: console
manila type-create [--snapshot_support <snapshot_support>] manila type-create [--is_public <is_public>]
[--is_public <is_public>] [--description <description>]
[--extra-specs <other-extra-specs>]
<name> <spec_driver_handles_share_servers> <name> <spec_driver_handles_share_servers>
where the ``name`` is the share type name, ``--is_public`` defines the level of where:
the visibility for the share type, ``snapshot_support`` and
``spec_driver_handles_share_servers`` are the extra specifications used to
filter back ends. Administrators can create share types with these extra
specifications for the back ends filtering:
- ``driver_handles_share_servers``. Required. Defines the driver mode for share
server lifecycle management. Valid values are ``true``/``1`` and
``false``/``0``.
Set to True when the share driver can manage, or handle, the share server
lifecycle.
Set to False when an administrator, rather than a share driver, manages
the bare metal storage with some net interface instead of the presence
of the share servers.
- ``snapshot_support``. Filters back ends by whether they do or do not support
share snapshots. Default is ``True``.
Set to True to find back ends that support share snapshots.
Set to False to find back ends that do not support share snapshots.
.. note:: - ``name`` is the share type name
- ``is_public`` defines the visibility for the share type (true/false)
The extra specifications set in the share types are operated in the - ``description`` is a free form text field to describe the characteristics
:ref:`shared_file_systems_scheduling`. of the share type for your users' benefit
- ``extra-specs`` defines a comma separated set of key=value pairs of
Administrators can also set additional extra specifications for a share type optional extra specifications
for the following purposes: - ``spec_driver_handles_share_servers`` is the mandatory extra-spec
(true/false)
- *Filter back ends*. Unqualified extra specifications written in
this format: ``extra_spec=value``. For example, **netapp_raid_type=raid4**.
- *Set data for the driver*. Qualified extra specifications always written
with the prefix with a colon, except for the special ``capabilities``
prefix, in this format: ``vendor:extra_spec=value``. For example,
**netapp:thin_provisioned=true**.
The scheduler uses the special capabilities prefix for filtering. The scheduler
can only create a share on a back end that reports capabilities matching the
un-scoped extra-spec keys for the share type. For details, see `Capabilities
and Extra-Specs <https://docs.openstack.org/manila/latest/admin/
capabilities_and_extra_specs.html>`_.
Each driver implementation determines which extra specification keys it uses.
For details, see the documentation for the driver.
An administrator can use the ``policy.json`` file to grant permissions for
share type creation with extra specifications to other roles.
You set a share type to private or public and
:ref:`manage the access<share_type_access>` to the private share types. By
default a share type is created as publicly accessible. Set
``--is_public`` to ``False`` to make the share type private.
Share type operations Share type operations
--------------------- ---------------------
To create a new share type you need to specify the name of the new share To create a new share type you need to specify the name of the new share
type. You also require an extra spec ``driver_handles_share_servers``. type. You also require an extra spec ``driver_handles_share_servers``.
The new share type can also be public. The new share type can be public or private.
.. code-block:: console .. code-block:: console
$ manila type-create netapp1 False --is_public True $ manila manila type-create default-shares False \
--description "Default share type for the cloud, no fancy capabilities"
$ manila type-list $ manila type-list
+-----+--------+-----------+-----------+-----------------------------------+- +--------------------------------------+-----------------------------------+
----------------------+ ------------+------------+--------------------------------------+---------------
| ID | Name | Visibility| is_default| required_extra_specs | ----------------------------+---------------------------------------------------
optional_extra_specs | ------+
+-----+--------+-----------+-----------+-----------------------------------+- | ID | Name |
----------------------+ visibility | is_default | required_extra_specs | optional_extra
| c0..| netapp1| public | - | driver_handles_share_servers:False| _specs | Description
snapshot_support:True | |
+-----+--------+-----------+-----------+-----------------------------------+- +--------------------------------------+-----------------------------------+
----------------------+ ------------+------------+--------------------------------------+---------------
----------------------------+---------------------------------------------------
You can set or unset extra specifications for a share type ------+
using **manila type-key <share_type> set <key=value>** command. Since it is up | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares |
to each driver what extra specification keys it uses, see the documentation public | - | driver_handles_share_servers : False |
for the specified driver. | Default share type for the cloud, no fancy capabil
ities |
+--------------------------------------+-----------------------------------+
------------+------------+--------------------------------------+---------------
----------------------------+---------------------------------------------------
------+
$ manila type-show default-shares
+----------------------+----------------------------------------------------
-----+
| Property | Value
|
+----------------------+----------------------------------------------------
-----+
| id | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a
|
| name | default-shares
|
| visibility | public
|
| is_default | NO
|
| description | Default share type for the cloud, no fancy capabili
ties |
| required_extra_specs | driver_handles_share_servers : False
|
| optional_extra_specs |
|
+----------------------+----------------------------------------------------
-----+
You did not provide optional capabilities, so they are all *assumed to be off
by default*. So, Non-privileged users see some tenant-visible capabilities
explicitly.
.. code-block:: console .. code-block:: console
$ manila type-key netapp1 set thin_provisioned=True $ source demorc
$ manila type-list
+--------------------------------------+-----------------------------------+
------------+------------+--------------------------------------+---------------
-----------------------------+--------------------------------------------------
-------+
| ID | Name |
visibility | is_default | required_extra_specs | optional_extra
_specs | Description
|
+--------------------------------------+-----------------------------------+
------------+------------+--------------------------------------+---------------
-----------------------------+--------------------------------------------------
-------+
| cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares |
public | - | driver_handles_share_servers : False | snapshot_suppo
rt : False | Default share type for the cloud, no fancy capabi
lities |
+--------------------------------------+-----------------------------------+
------------+------------+--------------------------------------+---------------
-----------------------------+--------------------------------------------------
-------+
$ manila type-show default-shares
+----------------------+----------------------------------------------------
-----+
| Property | Value
|
+----------------------+----------------------------------------------------
-----+
| id | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a
|
| name | default-shares
|
| visibility | public
|
| is_default | NO
|
| description | Default share type for the cloud, no fancy capabili
ties |
| required_extra_specs | driver_handles_share_servers : False
|
| optional_extra_specs | snapshot_support : False
|
| | create_share_from_snapshot_support : False
|
| | revert_to_snapshot_support : False
|
| | mount_snapshot_support : False
|
+----------------------+----------------------------------------------------
-----+
It is also possible to view a list of current share types and extra You can set or unset extra specifications for a share type
specifications: using **manila type-key <share_type> set <key=value>** command.
.. code-block:: console .. code-block:: console
$ manila extra-specs-list $ manila type-key default-shares set snapshot_support=True
+-------------+---------+-------------------------------------+
| ID | Name | all_extra_specs | $ manila type-show default-shares
+-------------+---------+-------------------------------------+ +----------------------+----------------------------------------------------
| c0086582-...| netapp1 | snapshot_support : True | -----+
| | | thin_provisioned : True | | Property | Value
| | | driver_handles_share_servers : True | |
+-------------+---------+-------------------------------------+ +----------------------+----------------------------------------------------
-----+
| id | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a
|
| name | default-shares
|
| visibility | public
|
| is_default | NO
|
| description | Default share type for the cloud, no fancy capabili
ties |
| required_extra_specs | driver_handles_share_servers : False
|
| optional_extra_specs | snapshot_support : True
|
+----------------------+----------------------------------------------------
-----+
Use :command:`manila type-key <share_type> unset <key>` to unset an extra Use :command:`manila type-key <share_type> unset <key>` to unset an extra
specification. specification.
The public or private share type can be deleted with the A share type can be deleted with the :command:`manila type-delete
:command:`manila type-delete <share_type>` command. <share_type>` command. However, a share type can only be deleted if there
are no shares, share groups or share group types associated with the share
type.
.. _share_type_access: .. _share_type_access:
Share type access Share type access control
-------------------------
You can manage access to a private share type for different projects. You can provide access, revoke access, and retrieve list of allowed projects
Administrators can provide access, remove access, and retrieve for a specified private share.
information about access for a specified private share.
Create a private type: Create a private type:
.. code-block:: console .. code-block:: console
$ manila type-create my_type1 True --is_public False $ manila type-create my_type1 True \
--is_public False \
--extra-specs snapshot_support=True
+----------------------+--------------------------------------+ +----------------------+--------------------------------------+
| Property | Value | | Property | Value |
+----------------------+--------------------------------------+ +----------------------+--------------------------------------+
| required_extra_specs | driver_handles_share_servers : True | | required_extra_specs | driver_handles_share_servers : True |
| Name | my_type1 | | Name | my_type1 |
| Visibility | private | | Visibility | private |
| is_default | - | | is_default | - |
| ID | 06793be5-9a79-4516-89fe-61188cad4d6c | | ID | 06793be5-9a79-4516-89fe-61188cad4d6c |
| optional_extra_specs | snapshot_support : True | | optional_extra_specs | snapshot_support : True |
+----------------------+--------------------------------------+ +----------------------+--------------------------------------+
.. note:: .. note::
If you run :command:`manila type-list` only public share types appear. If you run :command:`manila type-list` only public share types appear.
To see private share types, run :command:`manila type-list` with To see private share types, run :command:`manila type-list --all``.
``--all`` optional argument.
Grant access to created private type for a demo and alt_demo projects Grant access to created private type for a demo and alt_demo projects
by providing their IDs: by providing their IDs:
.. code-block:: console .. code-block:: console
$ manila type-access-add my_type1 d8f9af6915404114ae4f30668a4f5ba7 $ manila type-access-add my_type1 d8f9af6915404114ae4f30668a4f5ba7
$ manila type-access-add my_type1 e4970f57f1824faab2701db61ee7efdf $ manila type-access-add my_type1 e4970f57f1824faab2701db61ee7efdf
To view information about access for a private share, type ``my_type1``: To view information about access for a private share, type ``my_type1``:
skipping to change at line 174 skipping to change at line 253
.. code-block:: console .. code-block:: console
$ manila type-access-list my_type1 $ manila type-access-list my_type1
+----------------------------------+ +----------------------------------+
| Project_ID | | Project_ID |
+----------------------------------+ +----------------------------------+
| d8f9af6915404114ae4f30668a4f5ba7 | | d8f9af6915404114ae4f30668a4f5ba7 |
| e4970f57f1824faab2701db61ee7efdf | | e4970f57f1824faab2701db61ee7efdf |
+----------------------------------+ +----------------------------------+
After granting access to the share, the target project After granting access to the share, the users in the allowed projects
can see the share type in the list, and create private can see the share type and use it to create shares.
shares.
To deny access for a specified project, use To deny access for a specified project, use
:command:`manila type-access-remove <share_type> <project_id>` command. :command:`manila type-access-remove <share_type> <project_id>` command.
 End of changes. 18 change blocks. 
100 lines changed or deleted 249 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)