Share types

The Shared File System service back-end storage drivers offer a wide range of capabilities. The variation in these capabilities allows cloud administrators to provide a storage service catalog to their end users. Share types can be used to create this storage service catalog. Cloud administrators can influence provisioning of users’ shares with the help of Share types. All shares are associated with a share type. Share types are akin to flavors in the OpenStack Compute service (nova), or volume types in the OpenStack Block Storage service (cinder), or storage classes in Kubernetes. You can allow a share type to be accessible to all users in your cloud if you wish. You can also create private share types that allow only users belonging to certain OpenStack projects to access them. You can have an unlimited number of share types in your cloud, but for practical purposes, you may want to create only a handful of publicly accessible share types.

Each share type is an object that encompasses extra-specs (extra specifications). These extra-specs can map to storage back-end capabilities, or can be directives to the service.

Consider for example, offering three share types in your cloud to map to “service levels”:

Type

Capabilities/Instructions

Gold

Allow creating snapshots, reverting to snapshots and share replication, “thick” provision shares

Silver

Allow creating snapshots, “thin” provision shares

Bronze

Don’t allow creating snapshots, “thin” provision shares

Capabilities or instructions such as the ones above are coded as extra-specs that your users and the Shared File System service understand. Users in OpenStack projects can see all public share types along with private share types that are made accessible to them. Not all extra-specs that you configure in a share type are visible to your users. This design helps preserve the cloud abstraction. Along with the share type names, they can see the share type descriptions and “tenant-visible” extra-specs.

For more details on extra-specs, see Capabilities and Extra-Specs.

The Shared File Systems service also allows using quota controls with share types. Quotas can help you maintain your SLAs by limiting the number of consumable resources or aid in billing. See Quotas and limits for more details.

Driver Handles Share Servers (DHSS)

To provide secure and hard multi-tenancy on the network data path, the Shared File Systems service allows users to use their own “share networks”. When shares are created on a share network, users can be sure they have their own isolated “share servers” that export their shares on the share network that have the ability plug into user-determined authentication domains (“security services”). Not all Shared File System service storage drivers support share networks. Those that do assert the capability driver_handles_share_servers=True.

When creating a share type, you are required to set an extra-spec that matches this capability. It is visible to end users.

Default Share Type

When you are operating a cloud where all your tenants are trusted, you may want to create a “default” share type that applies to all of them. It simplifies share creation for your end users since they don’t need to worry about share types.

Use of a default share type is not recommended in a multi-tenant cloud where you may want to separate your user workloads, or offer different service capabilities. In such instances, you must always encourage your users to specify a share type at share creation time, and not rely on the default share type.

Important

If you do not create and configure a default share type, users must specify a valid share type during share creation, or share creation requests will fail.

To configure the default share type, edit the manila.conf file, and set the configuration option [DEFAULT]/default_share_type.

You must then create a share type, using manila type-create:

manila type-create [--is_public <is_public>]
                   [--description <description>]
                   [--extra-specs <other-extra-specs>]
                   <name> <spec_driver_handles_share_servers>

where:

  • name is the share type name

  • is_public defines the visibility for the share type (true/false)

  • description is a free form text field to describe the characteristics of the share type for your users’ benefit

  • extra-specs defines a comma separated set of key=value pairs of optional extra specifications

  • spec_driver_handles_share_servers is the mandatory extra-spec (true/false)

Share type operations

To create a new share type you need to specify the name of the new share type. You also require an extra spec driver_handles_share_servers. The new share type can be public or private.

$ manila manila type-create default-shares False \
  --description "Default share type for the cloud, no fancy capabilities"

$ manila type-list
 +--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
 | ID                                   | Name                              | visibility | is_default | required_extra_specs                 | optional_extra_specs                      | Description                                             |
 +--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
 | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares                    | public     | -          | driver_handles_share_servers : False |                                           | Default share type for the cloud, no fancy capabilities |
 +--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+

 $ manila type-show default-shares
 +----------------------+---------------------------------------------------------+
 | Property             | Value                                                   |
 +----------------------+---------------------------------------------------------+
 | id                   | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a                    |
 | name                 | default-shares                                          |
 | visibility           | public                                                  |
 | is_default           | NO                                                      |
 | description          | Default share type for the cloud, no fancy capabilities |
 | required_extra_specs | driver_handles_share_servers : False                    |
 | optional_extra_specs |                                                         |
 +----------------------+---------------------------------------------------------+

You did not provide optional capabilities, so they are all assumed to be off by default. So, Non-privileged users see some tenant-visible capabilities explicitly.

$ source demorc
$ manila type-list
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
| ID                                   | Name                              | visibility | is_default | required_extra_specs                 | optional_extra_specs                       | Description                                             |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
| cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares                    | public     | -          | driver_handles_share_servers : False | snapshot_support : False                   | Default share type for the cloud, no fancy capabilities |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+

$ manila type-show default-shares
+----------------------+---------------------------------------------------------+
| Property             | Value                                                   |
+----------------------+---------------------------------------------------------+
| id                   | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a                    |
| name                 | default-shares                                          |
| visibility           | public                                                  |
| is_default           | NO                                                      |
| description          | Default share type for the cloud, no fancy capabilities |
| required_extra_specs | driver_handles_share_servers : False                    |
| optional_extra_specs | snapshot_support : False                                |
|                      | create_share_from_snapshot_support : False              |
|                      | revert_to_snapshot_support : False                      |
|                      | mount_snapshot_support : False                          |
+----------------------+---------------------------------------------------------+

You can set or unset extra specifications for a share type using manila type-key <share_type> set <key=value> command.

$ manila type-key default-shares set snapshot_support=True

$ manila type-show default-shares
 +----------------------+---------------------------------------------------------+
 | Property             | Value                                                   |
 +----------------------+---------------------------------------------------------+
 | id                   | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a                    |
 | name                 | default-shares                                          |
 | visibility           | public                                                  |
 | is_default           | NO                                                      |
 | description          | Default share type for the cloud, no fancy capabilities |
 | required_extra_specs | driver_handles_share_servers : False                    |
 | optional_extra_specs | snapshot_support : True                                 |
 +----------------------+---------------------------------------------------------+

Use manila type-key <share_type> unset <key> to unset an extra specification.

A share type can be deleted with the manila type-delete <share_type> command. However, a share type can only be deleted if there are no shares, share groups or share group types associated with the share type.

Share type access control

You can provide access, revoke access, and retrieve list of allowed projects for a specified private share.

Create a private type:

$ manila type-create my_type1 True \
         --is_public False \
         --extra-specs snapshot_support=True
+----------------------+--------------------------------------+
| Property             | Value                                |
+----------------------+--------------------------------------+
| required_extra_specs | driver_handles_share_servers : True  |
| Name                 | my_type1                             |
| Visibility           | private                              |
| is_default           | -                                    |
| ID                   | 06793be5-9a79-4516-89fe-61188cad4d6c |
| optional_extra_specs | snapshot_support : True              |
+----------------------+--------------------------------------+

Note

If you run manila type-list only public share types appear. To see private share types, run manila type-list --all`.

Grant access to created private type for a demo and alt_demo projects by providing their IDs:

$ manila type-access-add my_type1 d8f9af6915404114ae4f30668a4f5ba7
$ manila type-access-add my_type1 e4970f57f1824faab2701db61ee7efdf

To view information about access for a private share, type my_type1:

$ manila type-access-list my_type1
+----------------------------------+
| Project_ID                       |
+----------------------------------+
| d8f9af6915404114ae4f30668a4f5ba7 |
| e4970f57f1824faab2701db61ee7efdf |
+----------------------------------+

After granting access to the share, the users in the allowed projects can see the share type and use it to create shares.

To deny access for a specified project, use manila type-access-remove <share_type> <project_id> command.