glusterfs native driver for openstack manila at glusternight paris @ openstack paris summit nov....
TRANSCRIPT
Manila – GlusterFS Integration
GlusterNight@openstack-paris
Deepak C [email protected]
IRC: deepakcs
Openstack Paris Summit 2
What is Manila● Shared FileSystem as a service
● Incubated since openstack Juno
● Provision file shares to Nova (openstack compute) instance(s)
● Strives to provide an API for management of shared filesystems with support for multiple protocols and backend implementations
– NFS and CIFS primarily supported
– Other protocols are encouraged too (eg: glusterfs)● Supports Multi-tenancy
– Enables public cloud usecase
– Has framework to support storage backends that don't support multi-tenancy natively
Openstack Paris Summit 3
Manila usecase
Openstack Paris Summit 4
Manila GlusterFS
● 2 approaches– GlusterFS native driver
● 'glusterfs' protocol● 'cert' based access type
– NFS-Ganesha with GlusterFS FSAL● 'nfs' protocol● 'ip' based access type
Openstack Paris Summit 5
Manila access types● IP
– Access control using IP address
– Takes IP as an argument
– Typically used in controlling access to NFS shares
● User– Access control using user name
– Takes user name as argument
– Typically used in controlling access to CIFS shares
● Cert– Access control using SSL certificates
– Takes SSL Certificate's CN (common name) as argument
– Certificate setup (aka trust setup) between client and server is out of band
– Currently implemented by GlusterFS native driver ('glusterfs' protocol)
Openstack Paris Summit 6
● Supports Certificate based access type of Manila● Provision shares that use the 'glusterfs' protocol● Instances directly talk with GlusterFS storage backend
– No service VM needed
● Secure access– Only tenants with the right certificate will be able to access the share
● Multi-tenant– Separation using tenant specific certificates
● Supports certificate chaining and cipher lists
GlusterFS Native Driver
Openstack Paris Summit 7
GlusterFS Native Driver contd.● Available upstream
– 1 Manila share == 1 GlusterFS volume
– Pre-requisites● GlusterFS volume(s) setup with Cert based access enabled● Instance should have server signed client certificates pre-loaded● Manila.conf – Provide list of glusterfs volume(s) to work with
● TODOs– Add documentation
– Snapshot support
– Dynamic creation of glusterfs volumes
– Data shredding as part of gluster volume delete
– Create share from snapshot