Adds documentation for the security service update feature introduced during Wallaby release. Admin, user and contributor guides were updated to fit into the most recents changes. Change-Id: If0426d477302e5ef2a6516e804ad981e831c7c5d
39 KiB
Create and manage share networks
- local
A share network stores network information to create and manage shares. A share network provides a way to designate a network to export shares upon. In the most common use case, you can create a share network with a private OpenStack (neutron) network that you own. If the share network is an isolated network, manila can provide hard guarantees of network and data isolation for your shared file systems in a multi-tenant cloud. In some clouds, however, shares cannot be exported directly upon private project networks; and the cloud may have provider networks that are designated for use with share networks.
In either case, as long as the underlying network is connected to the clients (virtual machines, containers or bare metals), there will exist a direct path to communicate with shares exported on the share networks.
Important
In order to use share networks, the share type you choose must have
the extra specification driver_handles_share_servers
set to
True.
Create share networks
Create a share network.
$ manila share-network-create \ --name sharenetwork1 \ --description "Share Network created for demo purposes" \ --neutron-net-id c297b020-025a-4f3e-8120-57ea90404afb \ --neutron-subnet-id 29ecfbd5-a9be-467e-8b4a-3415d1f82888 +-------------------+-----------------------------------------+ | Property | Value | +-------------------+-----------------------------------------+ | name | sharenetwork1 | | segmentation_id | None | | created_at | 2019-07-02T11:14:06.228816 | | neutron_subnet_id | 29ecfbd5-a9be-467e-8b4a-3415d1f82888 | | updated_at | None | | network_type | None | | neutron_net_id | c297b020-025a-4f3e-8120-57ea90404afb | | ip_version | None | | cidr | None | | project_id | 907004508ef4447397ce6741a8f037c1 | | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | description | Share Network created for demo purposes | +-------------------+-----------------------------------------+
Show the created share network.
$ manila share-network-show sharenetwork1 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | neutron_net_id | c297b020-025a-4f3e-8120-57ea90404afb | | neutron_subnet_id | 29ecfbd5-a9be-467e-8b4a-3415d1f82888 | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
Note
Since API version 2.51, a share network is able to span multiple subnets in different availability zones and the network information will be stored on each subnet. To accommodate adding multiple subnets, the share network create command was updated to accept an availability zone as parameter. This parameter will be used in the share network creation process which also creates a new subnet. If you do not specify an availability zone, the created subnet will be considered default by the Shared File Systems service. A default subnet is expected to be available in all availability zones of the cloud. So when you are creating a share network, the output will be similar to:
$ manila share-network-create \ --name sharenetwork1 \ --description "Share Network created for demo purposes" \ --availability-zone manila-zone-0 +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | description | Share Network created for demo purposes | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': 'manila-zone-0', 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': None, 'segmentation_id': None, 'neutron_subnet_id': None, 'neutron_net_id': None, 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
List share networks
List share networks.
$ manila share-network-list +--------------------------------------+---------------+ | id | name | +--------------------------------------+---------------+ | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | sharenetwork1 | +--------------------------------------+---------------+
Update share networks
Update the share network data.
$ manila share-network-update sharenetwork1 \ --neutron-net-id a27160ca-5595-4c62-bf54-a04fb7b14316 \ --neutron-subnet-id f043f4b0-c05e-493f-bbe9-99689e2187d2 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:08.970945 | | neutron_net_id | a27160ca-5595-4c62-bf54-a04fb7b14316 | | neutron_subnet_id | f043f4b0-c05e-493f-bbe9-99689e2187d2 | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
Show details of the updated share network.
$ manila share-network-show sharenetwork1 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:09.000000 | | neutron_net_id | a27160ca-5595-4c62-bf54-a04fb7b14316 | | neutron_subnet_id | f043f4b0-c05e-493f-bbe9-99689e2187d2 | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
Note
You cannot update the
neutron_net_id
andneutron_subnet_id
of a share network that has shares exported onto it.Note
From API version 2.51, updating the
neutron_net_id
andneutron_subnet_id
is possible only for a default subnet. Non default subnets cannot be updated after they are created. You may delete the subnet in question, and re-create it. The output will look as shown below:$ manila share-network-update sharenetwork1 \ --neutron-net-id a27160ca-5595-4c62-bf54-a04fb7b14316 \ --neutron-subnet-id f043f4b0-c05e-493f-bbe9-99689e2187d2 +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:09.000000 | | description | Share Network created for demo purposes | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'a27160ca-5595-4c62-bf54-a04fb7b14316', 'neutron_subnet_id': 'f043f4b0-c05e-493f-bbe9-99689e2187d2', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Share network show
Show details of a share network.
$ manila share-network-show sharenetwork1 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:09.000000 | | neutron_net_id | fake_updated_net_id | | neutron_subnet_id | fake_updated_subnet_id | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
Note
Since API version 2.51, the
share-network-show
command also shows a list of subnets contained in the share network as show below.+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | description | Share Network created for demo purposes | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'fake_updated_net_id', 'neutron_subnet_id': 'fake_updated_subnet_id', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Note
Since API version 2.63, the
share-network-show
command also shows thestatus
andsecurity_service_update_support
fields.+---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | description | Share Network created for demo purposes | | status | active | | security_service_update_support | True | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'fake_updated_net_id', 'neutron_subnet_id': 'fake_updated_subnet_id', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Add security service/s
Add a pre existent security service in a given share network.
$ manila share-network-security-service-add \ sharenetwork1 \ my_sec_service $ manila share-network-security-service-list sharenetwork1 +--------------------------------------+----------------+--------+------+ | id | name | status | type | +--------------------------------------+----------------+--------+------+ | 50303c35-2c53-4d37-a0d9-61dfe3789569 | my_sec_service | new | ldap | +--------------------------------------+----------------+--------+------+
Note
Since API version 2.63, manila supports adding security services to
share networks that already are in use, depending on the share network's
support. The share network entity now contains a field called
security_service_update_support
which holds information
whether all resources built within it can hold such operation. Before
starting the operation to actually add the security service to a share
network that is being used, a check operation must be triggered. See
subsection <share_network_security_service_add_check>
.
List share network security services
List all the security services existent in a share network.
$ manila share-network-security-service-list sharenetwork1 +--------------------------------------+----------------+--------+------+ | id | name | status | type | +--------------------------------------+----------------+--------+------+ | 50303c35-2c53-4d37-a0d9-61dfe3789569 | my_sec_service | new | ldap | +--------------------------------------+----------------+--------+------+
Remove a security service from a share network
Remove a security service from a given share network.
$ manila share-network-security-service-remove \ sharenetwork1 \ my_sec_service $ manila share-network-security-service-list sharenetwork1 +----+------+--------+------+ | id | name | status | type | +----+------+--------+------+ +----+------+--------+------+
Delete share networks
Delete a share network.
$ manila share-network-delete sharenetwork1
List all share networks
$ manila share-network-list +--------------------------------------+---------------+ | id | name | +--------------------------------------+---------------+ +--------------------------------------+---------------+
Update share network security service check (Since API version 2.63)
Check if the update for security services of the same type can be performed:
$ manila share-network-security-service-update-check \ sharenetwork1 \ my_sec_service \ my_sec_service_updated +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | compatible | None | | requested_operation | {'operation': 'update_security_service', 'current_security_service': 50303c35-2c53-4d37-a0d9-61dfe3789569, 'new_security_service': '8971c5f6-52ec-4c53-bf6a-3fae38a9221e'} | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Check the result of the operation:
$ manila share-network-security-service-update-check \ sharenetwork1 \ my_sec_service \ my_sec_service_updated +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | compatible | True | | requested_operation | {'operation': 'update_security_service', 'current_security_service': 50303c35-2c53-4d37-a0d9-61dfe3789569, 'new_security_service': '8971c5f6-52ec-4c53-bf6a-3fae38a9221e'} | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Now, the request to update a share network security service should be accepted.
Update share network security services (Since API version 2.63)
Replaces one security service for another of the same type.
$ manila share-network-security-service-update \ sharenetwork1 \ my_sec_service \ my_sec_service_updated $ manila share-network-security-service-list sharenetwork1 +--------------------------------------+------------------------+--------+------+ | id | name | status | type | +--------------------------------------+------------------------+--------+------+ | 8971c5f6-52ec-4c53-bf6a-3fae38a9221e | my_sec_service_updated | new | ldap | +--------------------------------------+------------------------+--------+------+
Note
The share network entity now contains a field called
security_service_update_support
which holds information
whether all resources built within it can hold such operation. In order
to update security services in share networks that currently contain
shares, an operation to check if the operation can be completed must be
performed. See subsection <share_network_security_service_update_check>
.
Add share network security service check (Since API version 2.63)
Check if it is possible to add a security service to a share network:
$ manila share-network-security-service-add-check \ sharenetwork1 \ my_sec_service +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | compatible | None | | requested_operation | {'operation': 'add_security_service', 'current_security_service': None, 'new_security_service': '50303c35-2c53-4d37-a0d9-61dfe3789569'} | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
Check if the result of the operation:
$ manila share-network-security-service-add-check \ sharenetwork1 \ my_sec_service +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | compatible | True | | requested_operation | {'operation': 'add_security_service', 'current_security_service': None, 'new_security_service': '50303c35-2c53-4d37-a0d9-61dfe3789569'} | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+