openstack/openstack-manuals
Code Issues Proposed changes

Merge "[config-ref] manila's cephfs_native driver doc enhancements"

Browse Source
This commit is contained in:
Jenkins 2016-10-06 09:08:45 +00:00 committed by Gerrit Code Review
commit ca63bf4564
1 changed files with 14 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
doc/config-reference/source/shared-file-systems/drivers/cephfs-native-driver.rst
View File

@ -31,12 +31,15 @@ The following operations are supported with CephFS back end:
- Allow share access. - Allow share access.
Note the following limitations for CephFS shares: - ``read-only`` access level is supported.
- ``read-write`` access level is supported.
Note the following limitation for CephFS shares:
- Only ``cephx`` access type is supported. - Only ``cephx`` access type is supported.
- For the Mitaka release, only read-write access level is supported.
- Deny share access. - Deny share access.
- Create a snapshot. - Create a snapshot.
@ -211,44 +214,24 @@ Allow Ceph auth ID ``alice`` access to the share using ``cephx`` access type.
manila access-allow cephshare1 cephx alice manila access-allow cephshare1 cephx alice
Note the access status and the secret access key of ``alice``.
.. code-block:: console
manila access-list cephshare1
Mounting shares using FUSE client Mounting shares using FUSE client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Using the secret key of the authorized ID ``alice`` create a keyring file, Using the secret key of the authorized ID ``alice``, create a keyring file
``alice.keyring`` like: ``alice.keyring``.
.. code-block:: ini .. code-block:: ini
[client.alice] [client.alice]
key = AQA8+ANW/4ZWNRAAOtWJMFPEihBA1unFImJczA== key = AQA8+ANW/4ZWNRAAOtWJMFPEihBA1unFImJczA==
.. note::
In the Mitaka release, the secret key is not exposed by any Shared File
Systems service API.
The Ceph storage admin needs to pass the secret key to the guest out of
band of manila. You can refer to the link,
`<http://docs.ceph.com/docs/jewel/rados/operations/user-management/#get-a-user>`_,
to see how the storage admin could obtain the secret key of an ID.
Alternatively, the cloud admin can create Ceph auth IDs for each of the
tenants. The users can then request manila to authorize the pre-created
Ceph auth IDs, whose secret keys are already shared with them out of band
of manila, to access the shares.
The following is a command that the cloud admin could run from the server
running the :term:`manila-share` service to create a Ceph auth ID
and get its keyring file:
.. code-block:: console
ceph --name=client.manila --keyring=/etc/ceph/manila.keyring auth \
get-or-create client.alice -o alice.keyring
For more details, please see the Ceph documentation at,
`<http://docs.ceph.com/docs/jewel/rados/operations/user-management/#add-a-user>`_.
Using the monitor IP addresses from the share's export location, create a Using the monitor IP addresses from the share's export location, create a
configuration file, ``ceph.conf``: configuration file, ``ceph.conf``:
@ -279,12 +262,6 @@ in the future. However, it can be used in private cloud deployments.
- The guests have direct access to Ceph's public network. - The guests have direct access to Ceph's public network.
- The ``secret-key`` of a Ceph auth ID required to mount a share is not exposed
to a user by a Shared File Systems service API. To work around this, the
storage admin needs to pass the key out of band of the Shared File Systems
service, or the user needs to use the Ceph ID and key already created and
shared with her by the cloud admin.
- The snapshot support of the driver is disabled by default. - The snapshot support of the driver is disabled by default.
``cephfs_enable_snapshots`` configuration option needs to be set to ``True`` ``cephfs_enable_snapshots`` configuration option needs to be set to ``True``
to allow snapshot operations. to allow snapshot operations.