taikun.cloud

Taikun OCP Guide

Table of Contents

Share types

The Shared File System service back-end storage drivers offer a wide
range of capabilities. The variation in these capabilities allows cloud
administrators to provide a storage service catalog to their end users.
Share types can be used to create this storage service catalog. Cloud
administrators can influence provisioning of users’ shares with the help
of Share types. All shares are associated with a share type. Share types
are akin to flavors in the OpenStack Compute service
(nova), or volume types in the OpenStack Block Storage
service (cinder), or storage classes in Kubernetes. You can
allow a share type to be accessible to all users in your cloud if you
wish. You can also create private share types that allow only users
belonging to certain OpenStack projects to access them. You can have an
unlimited number of share types in your cloud, but for practical
purposes, you may want to create only a handful of publicly accessible
share types.

Each share type is an object that encompasses
extra-specs (extra specifications). These extra-specs can
map to storage back-end capabilities, or can be directives to the
service.

Consider for example, offering three share types in your cloud to map
to “service levels”:

Type

Capabilities/Instructions

Gold Allow creating snapshots, reverting to snapshots and share
replication, “thick” provision shares
Silver Allow creating snapshots, “thin” provision shares
Bronze Don’t allow creating snapshots, “thin” provision shares

Capabilities or instructions such as the ones above are coded as
extra-specs that your users and the Shared File System service
understand. Users in OpenStack projects can see all public share types
along with private share types that are made accessible to them. Not all
extra-specs that you configure in a share type are visible to your
users. This design helps preserve the cloud abstraction. Along with the
share type names, they can see the share type descriptions and
“tenant-visible” extra-specs.

For more details on extra-specs, see capabilities_and_extra_specs.

The Shared File Systems service also allows using quota controls with
share types. Quotas can help you maintain your SLAs by limiting the
number of consumable resources or aid in billing. See shared_file_systems_quotas
for more details.

Driver Handles Share Servers
(DHSS)

To provide secure and hard multi-tenancy on the network data path,
the Shared File Systems service allows users to use their own “share
networks”. When shares are created on a share network, users can be sure
they have their own isolated “share servers” that export their shares on
the share network that have the ability plug into user-determined
authentication domains (“security services”). Not all Shared File System
service storage drivers support share networks. Those that do assert the
capability driver_handles_share_servers=True.

When creating a share type, you are required to set an
extra-spec that matches this capability. It is visible to end users.

Default Share Type

When you are operating a cloud where all your tenants are trusted,
you may want to create a “default” share type that applies to all of
them. It simplifies share creation for your end users since they don’t
need to worry about share types.

Use of a default share type is not recommended in a multi-tenant
cloud where you may want to separate your user workloads, or offer
different service capabilities. In such instances, you must always
encourage your users to specify a share type at share creation time, and
not rely on the default share type.

Important

If you do not create and configure a default share type, users
must specify a valid share type during share creation, or share
creation requests will fail.

To configure the default share type, edit the
manila.conf file, and set the configuration option
[DEFAULT]/default_share_type.

You must then create a share type, using manila type-create:

manila type-create [--is_public <is_public>]
                   [--description <description>]
                   [--extra-specs <other-extra-specs>]
                   <name> <spec_driver_handles_share_servers>

where:

  • name is the share type name
  • is_public defines the visibility for the share type
    (true/false)
  • description is a free form text field to describe the
    characteristics of the share type for your users’ benefit
  • extra-specs defines a comma separated set of key=value
    pairs of optional extra specifications
  • spec_driver_handles_share_servers is the mandatory
    extra-spec (true/false)

Share type operations

To create a new share type you need to specify the name of the new
share type. You also require an extra spec
driver_handles_share_servers. The new share type can be
public or private.

$ manila manila type-create default-shares False \
  --description "Default share type for the cloud, no fancy capabilities"

$ manila type-list
 +--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
 | ID                                   | Name                              | visibility | is_default | required_extra_specs                 | optional_extra_specs                      | Description                                             |
 +--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
 | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares                    | public     | -          | driver_handles_share_servers : False |                                           | Default share type for the cloud, no fancy capabilities |
 +--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+

 $ manila type-show default-shares
 +----------------------+---------------------------------------------------------+
 | Property             | Value                                                   |
 +----------------------+---------------------------------------------------------+
 | id                   | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a                    |
 | name                 | default-shares                                          |
 | visibility           | public                                                  |
 | is_default           | NO                                                      |
 | description          | Default share type for the cloud, no fancy capabilities |
 | required_extra_specs | driver_handles_share_servers : False                    |
 | optional_extra_specs |                                                         |
 +----------------------+---------------------------------------------------------+

You did not provide optional capabilities, so they are all
assumed to be off by default. So, Non-privileged users see some
tenant-visible capabilities explicitly.

$ source demorc
$ manila type-list
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
| ID                                   | Name                              | visibility | is_default | required_extra_specs                 | optional_extra_specs                       | Description                                             |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
| cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares                    | public     | -          | driver_handles_share_servers : False | snapshot_support : False                   | Default share type for the cloud, no fancy capabilities |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+

$ manila type-show default-shares
+----------------------+---------------------------------------------------------+
| Property             | Value                                                   |
+----------------------+---------------------------------------------------------+
| id                   | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a                    |
| name                 | default-shares                                          |
| visibility           | public                                                  |
| is_default           | NO                                                      |
| description          | Default share type for the cloud, no fancy capabilities |
| required_extra_specs | driver_handles_share_servers : False                    |
| optional_extra_specs | snapshot_support : False                                |
|                      | create_share_from_snapshot_support : False              |
|                      | revert_to_snapshot_support : False                      |
|                      | mount_snapshot_support : False                          |
+----------------------+---------------------------------------------------------+

You can set or unset extra specifications for a share type using
manila type-key <share_type> set
<key=value>
command.

$ manila type-key default-shares set snapshot_support=True

$ manila type-show default-shares
 +----------------------+---------------------------------------------------------+
 | Property             | Value                                                   |
 +----------------------+---------------------------------------------------------+
 | id                   | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a                    |
 | name                 | default-shares                                          |
 | visibility           | public                                                  |
 | is_default           | NO                                                      |
 | description          | Default share type for the cloud, no fancy capabilities |
 | required_extra_specs | driver_handles_share_servers : False                    |
 | optional_extra_specs | snapshot_support : True                                 |
 +----------------------+---------------------------------------------------------+

Use manila type-key <share_type> unset <key>
to unset an extra specification.

A share type can be deleted with the manila type-delete
<share_type>
command. However, a share type can only be
deleted if there are no shares, share groups or share group types
associated with the share type.

Share type access control

You can provide access, revoke access, and retrieve list of allowed
projects for a specified private share.

Create a private type:

$ manila type-create my_type1 True \
         --is_public False \
         --extra-specs snapshot_support=True
+----------------------+--------------------------------------+
| Property             | Value                                |
+----------------------+--------------------------------------+
| required_extra_specs | driver_handles_share_servers : True  |
| Name                 | my_type1                             |
| Visibility           | private                              |
| is_default           | -                                    |
| ID                   | 06793be5-9a79-4516-89fe-61188cad4d6c |
| optional_extra_specs | snapshot_support : True              |
+----------------------+--------------------------------------+

Note

If you run manila type-list only public share types appear.
To see private share types, run manila type-list --all`.

Grant access to created private type for a demo and alt_demo projects
by providing their IDs:

$ manila type-access-add my_type1 d8f9af6915404114ae4f30668a4f5ba7
$ manila type-access-add my_type1 e4970f57f1824faab2701db61ee7efdf

To view information about access for a private share, type
my_type1:

$ manila type-access-list my_type1
+----------------------------------+
| Project_ID                       |
+----------------------------------+
| d8f9af6915404114ae4f30668a4f5ba7 |
| e4970f57f1824faab2701db61ee7efdf |
+----------------------------------+

After granting access to the share, the users in the allowed projects
can see the share type and use it to create shares.

To deny access for a specified project, use manila type-access-remove <share_type> <project_id>
command.