[config-ref] manila's cephfs_native driver doc enhancements

Add info about features introduced in cephfs_native driver
during Newton release of manila.

Change-Id: Ia0a5fca7b197dcca7c98689fd2874bcb6de2a30d
This commit is contained in:
Ramana Raja 2016-10-03 16:44:55 +05:30
parent d2c433c8f4
commit 69b4ed490f

View File

@ -31,12 +31,15 @@ The following operations are supported with CephFS back end:
- Allow share access.
Note the following limitations for CephFS shares:
- ``read-only`` access level is supported.
- ``read-write`` access level is supported.
Note the following limitation for CephFS shares:
- Only ``cephx`` access type is supported.
- For the Mitaka release, only read-write access level is supported.
- Deny share access.
- Create a snapshot.
@ -211,44 +214,24 @@ Allow Ceph auth ID ``alice`` access to the share using ``cephx`` access type.
manila access-allow cephshare1 cephx alice
Note the access status and the secret access key of ``alice``.
.. code-block:: console
manila access-list cephshare1
Mounting shares using FUSE client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Using the secret key of the authorized ID ``alice`` create a keyring file,
``alice.keyring`` like:
Using the secret key of the authorized ID ``alice``, create a keyring file
``alice.keyring``.
.. code-block:: ini
[client.alice]
key = AQA8+ANW/4ZWNRAAOtWJMFPEihBA1unFImJczA==
.. note::
In the Mitaka release, the secret key is not exposed by any Shared File
Systems service API.
The Ceph storage admin needs to pass the secret key to the guest out of
band of manila. You can refer to the link,
`<http://docs.ceph.com/docs/jewel/rados/operations/user-management/#get-a-user>`_,
to see how the storage admin could obtain the secret key of an ID.
Alternatively, the cloud admin can create Ceph auth IDs for each of the
tenants. The users can then request manila to authorize the pre-created
Ceph auth IDs, whose secret keys are already shared with them out of band
of manila, to access the shares.
The following is a command that the cloud admin could run from the server
running the :term:`manila-share` service to create a Ceph auth ID
and get its keyring file:
.. code-block:: console
ceph --name=client.manila --keyring=/etc/ceph/manila.keyring auth \
get-or-create client.alice -o alice.keyring
For more details, please see the Ceph documentation at,
`<http://docs.ceph.com/docs/jewel/rados/operations/user-management/#add-a-user>`_.
Using the monitor IP addresses from the share's export location, create a
configuration file, ``ceph.conf``:
@ -279,12 +262,6 @@ in the future. However, it can be used in private cloud deployments.
- The guests have direct access to Ceph's public network.
- The ``secret-key`` of a Ceph auth ID required to mount a share is not exposed
to a user by a Shared File Systems service API. To work around this, the
storage admin needs to pass the key out of band of the Shared File Systems
service, or the user needs to use the Ceph ID and key already created and
shared with her by the cloud admin.
- The snapshot support of the driver is disabled by default.
``cephfs_enable_snapshots`` configuration option needs to be set to ``True``
to allow snapshot operations.