manila/doc/source/admin/shared-file-systems-key-concepts.rst
ericxiett 9603287c10 Add missing space
The first half of the Key concept 'Security Services' display
 format is incorrect because a space is missing. This commit
Adds one space.

Change-Id: Idfdf9380031cba39bc27da799167ade81ae0dc8e
2019-08-05 15:41:13 +08:00

120 lines
4.8 KiB
ReStructuredText

.. _shared_file_systems_key_concepts:
============
Key concepts
============
Share
~~~~~
In the Shared File Systems service ``share`` is the fundamental resource unit
allocated by the Shared File System service. It represents an allocation of a
persistent, readable, and writable filesystems. Compute instances access these
filesystems. Depending on the deployment configuration, clients outside of
OpenStack can also access the filesystem.
.. note::
A ``share`` is an abstract storage object that may or may not directly
map to a "share" concept from the underlying storage provider.
See the description of ``share instance`` for more details.
Share instance
~~~~~~~~~~~~~~
This concept is tied with ``share`` and represents created resource on specific
back end, when ``share`` represents abstraction between end user and
back-end storages. In common cases, it is one-to-one relation.
One single ``share`` has more than one ``share instance`` in two cases:
- When ``share migration`` is being applied
- When ``share replication`` is enabled
Therefore, each ``share instance`` stores information specific to real
allocated resource on storage. And ``share`` represents the information
that is common for ``share instances``.
A user with ``member`` role will not be able to work with it directly. Only
a user with ``admin`` role has rights to perform actions against specific
share instances.
Snapshot
~~~~~~~~
A ``snapshot`` is a point-in-time, read-only copy of a ``share``. You can
create ``Snapshots`` from an existing, operational ``share`` regardless
of whether a client has mounted the file system. A ``snapshot``
can serve as the content source for a new ``share``. Specify the
**Create from snapshot** option when creating a new ``share`` on the
dashboard.
Storage Pools
~~~~~~~~~~~~~
With the Kilo release of OpenStack, Shared File Systems can use
``storage pools``. The storage may present one or more logical storage
resource pools that the Shared File Systems service
will select as a storage location when provisioning ``shares``.
Share Type
~~~~~~~~~~
``Share type`` is an abstract collection of criteria used to characterize
``shares``. They are most commonly used to create a hierarchy of functional
capabilities. This hierarchy represents tiered storage services levels. For
example, an administrator might define a premium ``share type`` that
indicates a greater level of performance than a basic ``share type``.
Premium represents the best performance level.
Share Access Rules
~~~~~~~~~~~~~~~~~~
``Share access rules`` define which users can access a particular ``share``.
For example, administrators can declare rules for NFS shares by
listing the valid IP networks which will access the ``share``. List the
IP networks in CIDR notation.
Security Services
~~~~~~~~~~~~~~~~~
``Security services`` allow granular client access rules for
administrators. They can declare rules for authentication or
authorization to access ``share`` content. External services including LDAP,
Active Directory, and Kerberos can be declared as resources. Examine and
consult these resources when making an access decision for a
particular ``share``. You can associate ``Shares`` with multiple
security services, but only one service per one type.
Share Networks
~~~~~~~~~~~~~~
A ``share network`` is an object that defines a relationship between a
project network and subnet, as defined in an OpenStack Networking service or
Compute service. The ``share network`` is also defined in ``shares``
created by the same project. A project may find it desirable to
provision ``shares`` such that only instances connected to a particular
OpenStack-defined network have access to the ``share``. Also,
``security services`` can be attached to ``share networks``,
because most of auth protocols require some interaction with network services.
The Shared File Systems service has the ability to work outside of OpenStack.
That is due to the ``StandaloneNetworkPlugin``. The plugin is compatible with
any network platform, and does not require specific network services in
OpenStack like Compute or Networking service. You can set the network
parameters in the ``manila.conf`` file.
Share Servers
~~~~~~~~~~~~~
A ``share server`` is a logical entity that hosts the shares created
on a specific ``share network``. A ``share server`` may be a
configuration object within the storage controller, or it may represent
logical resources provisioned within an OpenStack deployment used to
support the data path used to access ``shares``.
``Share servers`` interact with network services to determine the appropriate
IP addresses on which to export ``shares`` according to the related ``share
network``. The Shared File Systems service has a pluggable network model that
allows ``share servers`` to work with different implementations of
the Networking service.