Share types¶
The Shared File System service back-end storage drivers offer a wide range
of capabilities. The variation in these capabilities allows cloud
administrators to provide a storage service catalog to their end users.
Share types can be used to create this storage service catalog.
Cloud administrators can influence provisioning of users’ shares with the
help of Share types. All shares are associated with a share type. Share
types are akin to flavors
in the OpenStack Compute service (nova), or
volume types
in the OpenStack Block Storage service (cinder), or storage
classes
in Kubernetes. You can allow a share type to be accessible to all
users in your cloud if you wish. You can also create private share types that
allow only users belonging to certain OpenStack projects to access them.
You can have an unlimited number of share types in your
cloud, but for practical purposes, you may want to create only a handful of
publicly accessible share types.
Each share type is an object that encompasses extra-specs
(extra
specifications). These extra-specs can map to storage back-end capabilities,
or can be directives to the service.
Consider for example, offering three share types in your cloud to map to “service levels”:
Type |
Capabilities/Instructions |
---|---|
Gold |
Allow creating snapshots, reverting to snapshots and share replication, “thick” provision shares |
Silver |
Allow creating snapshots, “thin” provision shares |
Bronze |
Don’t allow creating snapshots, “thin” provision shares |
Capabilities or instructions such as the ones above are coded as extra-specs that your users and the Shared File System service understand. Users in OpenStack projects can see all public share types along with private share types that are made accessible to them. Not all extra-specs that you configure in a share type are visible to your users. This design helps preserve the cloud abstraction. Along with the share type names, they can see the share type descriptions and “tenant-visible” extra-specs.
For more details on extra-specs, see Capabilities and Extra-Specs.
The Shared File Systems service also allows using quota controls with share types. Quotas can help you maintain your SLAs by limiting the number of consumable resources or aid in billing. See Quotas and limits for more details.
Driver Handles Share Servers (DHSS)¶
To provide secure and hard multi-tenancy on the network data path, the
Shared File Systems service allows users to use their own “share networks”.
When shares are created on a share network, users can be sure they have
their own isolated “share servers” that export their shares on the share
network that have the ability plug into user-determined authentication
domains (“security services”). Not all Shared File System service storage
drivers support share networks. Those that do assert the capability
driver_handles_share_servers=True
.
When creating a share type, you are required to set an extra-spec that matches this capability. It is visible to end users.
Default Share Type¶
When you are operating a cloud where all your tenants are trusted, you may want to create a “default” share type that applies to all of them. It simplifies share creation for your end users since they don’t need to worry about share types.
Use of a default share type is not recommended in a multi-tenant cloud where you may want to separate your user workloads, or offer different service capabilities. In such instances, you must always encourage your users to specify a share type at share creation time, and not rely on the default share type.
Important
If you do not create and configure a default share type, users must specify a valid share type during share creation, or share creation requests will fail.
To configure the default share type, edit the manila.conf
file, and set
the configuration option [DEFAULT]/default_share_type.
You must then create a share type, using manila type-create:
manila type-create [--is_public <is_public>]
[--description <description>]
[--extra-specs <other-extra-specs>]
<name> <spec_driver_handles_share_servers>
where:
name
is the share type nameis_public
defines the visibility for the share type (true/false)description
is a free form text field to describe the characteristics of the share type for your users’ benefitextra-specs
defines a comma separated set of key=value pairs of optional extra specificationsspec_driver_handles_share_servers
is the mandatory extra-spec (true/false)
Share type operations¶
To create a new share type you need to specify the name of the new share
type. You also require an extra spec driver_handles_share_servers
.
The new share type can be public or private.
$ manila manila type-create default-shares False \
--description "Default share type for the cloud, no fancy capabilities"
$ manila type-list
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
| ID | Name | visibility | is_default | required_extra_specs | optional_extra_specs | Description |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
| cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares | public | - | driver_handles_share_servers : False | | Default share type for the cloud, no fancy capabilities |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+-------------------------------------------+---------------------------------------------------------+
$ manila type-show default-shares
+----------------------+---------------------------------------------------------+
| Property | Value |
+----------------------+---------------------------------------------------------+
| id | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a |
| name | default-shares |
| visibility | public |
| is_default | NO |
| description | Default share type for the cloud, no fancy capabilities |
| required_extra_specs | driver_handles_share_servers : False |
| optional_extra_specs | |
+----------------------+---------------------------------------------------------+
You did not provide optional capabilities, so they are all assumed to be off by default. So, Non-privileged users see some tenant-visible capabilities explicitly.
$ source demorc
$ manila type-list
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
| ID | Name | visibility | is_default | required_extra_specs | optional_extra_specs | Description |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
| cf1f92ec-4d0a-4b79-8f18-6bb82c22840a | default-shares | public | - | driver_handles_share_servers : False | snapshot_support : False | Default share type for the cloud, no fancy capabilities |
+--------------------------------------+-----------------------------------+------------+------------+--------------------------------------+--------------------------------------------+---------------------------------------------------------+
$ manila type-show default-shares
+----------------------+---------------------------------------------------------+
| Property | Value |
+----------------------+---------------------------------------------------------+
| id | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a |
| name | default-shares |
| visibility | public |
| is_default | NO |
| description | Default share type for the cloud, no fancy capabilities |
| required_extra_specs | driver_handles_share_servers : False |
| optional_extra_specs | snapshot_support : False |
| | create_share_from_snapshot_support : False |
| | revert_to_snapshot_support : False |
| | mount_snapshot_support : False |
+----------------------+---------------------------------------------------------+
You can set or unset extra specifications for a share type using manila type-key <share_type> set <key=value> command.
$ manila type-key default-shares set snapshot_support=True
$ manila type-show default-shares
+----------------------+---------------------------------------------------------+
| Property | Value |
+----------------------+---------------------------------------------------------+
| id | cf1f92ec-4d0a-4b79-8f18-6bb82c22840a |
| name | default-shares |
| visibility | public |
| is_default | NO |
| description | Default share type for the cloud, no fancy capabilities |
| required_extra_specs | driver_handles_share_servers : False |
| optional_extra_specs | snapshot_support : True |
+----------------------+---------------------------------------------------------+
Use manila type-key <share_type> unset <key> to unset an extra specification.
A share type can be deleted with the manila type-delete <share_type> command. However, a share type can only be deleted if there are no shares, share groups or share group types associated with the share type.
Share type access control¶
You can provide access, revoke access, and retrieve list of allowed projects for a specified private share.
Create a private type:
$ manila type-create my_type1 True \
--is_public False \
--extra-specs snapshot_support=True
+----------------------+--------------------------------------+
| Property | Value |
+----------------------+--------------------------------------+
| required_extra_specs | driver_handles_share_servers : True |
| Name | my_type1 |
| Visibility | private |
| is_default | - |
| ID | 06793be5-9a79-4516-89fe-61188cad4d6c |
| optional_extra_specs | snapshot_support : True |
+----------------------+--------------------------------------+
Note
If you run manila type-list only public share types appear. To see private share types, run manila type-list --all`.
Grant access to created private type for a demo and alt_demo projects by providing their IDs:
$ manila type-access-add my_type1 d8f9af6915404114ae4f30668a4f5ba7
$ manila type-access-add my_type1 e4970f57f1824faab2701db61ee7efdf
To view information about access for a private share, type my_type1
:
$ manila type-access-list my_type1
+----------------------------------+
| Project_ID |
+----------------------------------+
| d8f9af6915404114ae4f30668a4f5ba7 |
| e4970f57f1824faab2701db61ee7efdf |
+----------------------------------+
After granting access to the share, the users in the allowed projects can see the share type and use it to create shares.
To deny access for a specified project, use manila type-access-remove <share_type> <project_id> command.