HPE 3PAR Driver for OpenStack Manila
The HPE 3PAR manila driver provides NFS and CIFS shared file systems to
OpenStack using HPE 3PAR’s File Persona capabilities.
For information on HPE 3PAR Driver for OpenStack Manila, refer to
content kit page.
Supported Operations
The following operations are supported with HPE 3PAR File Persona:
Create/delete NFS and CIFS shares
Allow/deny NFS share access
Allow/deny CIFS share access
Create/delete snapshots
Create shares from snapshots
Share networks are not supported. Shares are created directly on the 3PAR
without the use of a share server or service VM. Network connectivity is
setup outside of manila.
Requirements
On the system running the manila share service:
On the HPE 3PAR array:
Pre-Configuration on the HPE 3PAR
HPE 3PAR File Persona must be initialized and started (startfs
)
A File Provisioning Group (FPG) must be created for use with manila
A Virtual File Server (VFS) must be created for the FPG
The VFS must be configured with an appropriate share export IP address
A local user in the Administrators group is needed for CIFS shares
Backend Configuration
The following parameters need to be configured in the manila configuration
file for the HPE 3PAR driver:
share_backend_name = <backend name to enable>
share_driver = manila.share.drivers.hpe.hpe_3par_driver.HPE3ParShareDriver
driver_handles_share_servers = False
hpe3par_fpg = <FPG to use for share creation>
hpe3par_share_ip_address = <IP address to use for share export location>
hpe3par_san_ip = <IP address for SSH access to the SAN controller>
hpe3par_api_url = <3PAR WS API Server URL>
hpe3par_username = <3PAR username with the ‘edit’ role>
hpe3par_password = <3PAR password for the user specified in hpe3par_username>
hpe3par_san_login = <Username for SSH access to the SAN controller>
hpe3par_san_password = <Password for SSH access to the SAN controller>
hpe3par_debug = <False or True for extra debug logging>
hpe3par_cifs_admin_access_username = <CIFS admin user name>
hpe3par_cifs_admin_access_password = <CIFS admin password>
hpe3par_cifs_admin_access_domain = <CIFS admin domain>
hpe3par_share_mount_path = <Full path to mount shares>
The hpe3par_share_ip_address must be a valid IP address for the configured
FPG’s VFS. This IP address is used in export locations for shares that are
created. Networking must be configured to allow connectivity from clients to
shares.
hpe3par_cifs_admin_access_username and hpe3par_cifs_admin_access_password
must be provided to delete nested CIFS shares. If they are not, the share
contents will not be deleted. hpe3par_cifs_admin_access_domain and
hpe3par_share_mount_path can be provided for additional configuration.
Restart of manila-share service is needed for the configuration changes to take
effect.
Backend Configuration for AD user
The following parameters need to be configured through HPE 3PAR CLI to access
file share using AD.
Set authentication parameters:
$ setauthparam ldap-server IP_ADDRESS_OF_AD_SERVER
$ setauthparam binding simple
$ setauthparam user-attr AD_DOMAIN_NAME\\
$ setauthparam accounts-dn CN=Users,DC=AD,DC=DOMAIN,DC=NAME
$ setauthparam account-obj user
$ setauthparam account-name-attr sAMAccountName
$ setauthparam memberof-attr memberOf
$ setauthparam super-map CN=AD_USER_GROUP,DC=AD,DC=DOMAIN,DC=NAME
Verify new authentication parameters set as expected:
Verify AD users set as expected:
Command result should show user AD_USER is authenticated and authorized
message on successful configuration.
Add ‘ActiveDirectory’ in authentication providers list:
$ setfs auth ActiveDirectory Local
Verify authentication provider list shows ‘ActiveDirectory’:
Set/Add AD user on FS:
$ setfs ad –passwd PASSWORD AD_USER AD_DOMAIN_NAME
Verify FS user details:
Example of using AD user to access CIFS share
Pre-requisite:
Create a CIFS file share with 2GB of size:
$ manila create --name FILE_SHARE_NAME --share-type SHARE_TYPE CIFS 2
Check file share created as expected:
$ manila show FILE_SHARE_NAME
Configuration to provide share access to AD user:
$ manila access-allow FILE_SHARE_NAME user AD_DOMAIN_NAME\\\\AD_USER
--access-level rw
Check users permission set as expected:
$ manila access-list FILE_SHARE_NAME
The AD_DOMAIN_NAME\AD_USER must be listed in access_to column and should
show active in its state column as result of this command.
Network Approach
Connectivity between the storage array (SSH/CLI and WSAPI) and the manila host
is required for share management.
Connectivity between the clients and the VFS is required for mounting
and using the shares. This includes:
Routing from the client to the external network
Assigning the client an external IP address (e.g., a floating IP)
Configuring the manila host networking properly for IP forwarding
Configuring the VFS networking properly for client subnets
Share Types
When creating a share, a share type can be specified to determine where and
how the share will be created. If a share type is not specified, the
default_share_type set in the manila configuration file is used.
Manila requires that the share type includes the
driver_handles_share_servers extra-spec. This ensures that the share
will be created on a backend that supports the requested
driver_handles_share_servers (share networks) capability.
For the HPE 3PAR driver, this must be set to False.
Another common manila extra-spec used to determine where a share is created
is share_backend_name. When this extra-spec is defined in the share type,
the share will be created on a backend with a matching share_backend_name.
The HPE 3PAR driver automatically reports capabilities based on the FPG used
for each backend. Share types with extra specs can be created by an
administrator to control which share types are allowed to use FPGs with or
without specific capabilities. The following extra-specs are used with
the capabilities filter and the HPE 3PAR driver:
hpe3par_flash_cache = ‘<is> True’ or ‘<is> False’
thin_provisioning = ‘<is> True’ or ‘<is> False’
dedupe = ‘<is> True’ or ‘<is> False’
hpe3par_flash_cache will be reported as True for backends that have
3PAR’s Adaptive Flash Cache enabled.
thin_provisioning will be reported as True for backends that use thin
provisioned volumes. FPGs that use fully provisioned volumes will report
False. Backends that use thin provisioning also support manila’s
over-subscription feature.
dedupe will be reported as True for backends that use deduplication
technology.
Scoped extra-specs are used to influence vendor-specific implementation
details. Scoped extra-specs use a prefix followed by a colon. For HPE 3PAR
these extra-specs have a prefix of hpe3par. For HP 3PAR these extra-specs
have a prefix of hp3par.
The following HPE 3PAR extra-specs are used when creating CIFS (SMB) shares:
hpe3par:smb_access_based_enum = true or false
hpe3par:smb_continuous_avail = true or false
hpe3par:smb_cache = off, manual, optimized or auto
smb_access_based_enum (Access Based Enumeration) specifies if users can see
only the files and directories to which they have been allowed access on the
shares. The default is false.
smb_continuous_avail (Continuous Availability) specifies if SMB3 continuous
availability features should be enabled for this share. If not specified,
the default is true. This setting will be ignored with hp3parclient 3.2.1
or earlier.
smb_cache specifies client-side caching for offline files. Valid values are:
off: The client must not cache any files from this share. The share is
configured to disallow caching.
manual: The client must allow only manual caching for the files open from
this share.
optimized: The client may cache every file that it opens from
this share. Also, the client may satisfy the file requests from its
local cache. The share is configured to allow automatic caching
of programs and documents.
auto: The client may cache every file that it opens from this
share. The share is configured to allow automatic caching of
documents.
If this is not specified, the default is manual.
The following HPE 3PAR extra-specs are used when creating NFS shares:
The NFS export options have the following limitations:
ro and rw are not allowed (manila will determine the read-only option)
no_subtree_check and fsid are not allowed per HPE 3PAR CLI support
(in)secure and (no_)root_squash are not allowed because the HPE 3PAR
driver controls those settings
All other NFS options are forwarded to the HPE 3PAR as part of share creation.
The HPE 3PAR will do additional validation at share creation time. Refer to
HPE 3PAR CLI help for more details.
Delete Nested Shares
When a nested share is deleted (nested shares will be created when
hpe_3par_fstore_per_share
is set to False
), the file tree also
attempts to be deleted.
With NFS shares, there is no additional configuration that needs to be done.
For CIFS shares, hpe3par_cifs_admin_access_username
and
hpe3par_cifs_admin_access_password
must be provided. If they are omitted,
the original functionality is honored and the file tree remains untouched.
hpe3par_cifs_admin_access_domain
and hpe3par_share_mount_path
can also
be specified to create further customization.
The manila.share.drivers.hpe.hpe_3par_driver
Module
HPE 3PAR Driver for OpenStack Manila.
-
class FPG(min_ip=0, max_ip=4, type_name='FPG')
Bases: String
, IPAddress
FPG type.
Used to represent multiple pools per backend values.
Converts configuration value to an FPGs value.
FPGs value format:
FPG name, IP address 1, IP address 2, ..., IP address 4
where FPG name is a string value,
IP address is of type types.IPAddress
Optionally doing range checking.
If value is whitespace or empty string will raise error
- Parameters:
min_ip – Optional check that number of min IP address of VFS.
max_ip – Optional check that number of max IP address of VFS.
type_name – Type name to be used in the sample config file.
-
MAX_SUPPORTED_IP_PER_VFS = 4
-
class HPE3ParShareDriver(*args, **kwargs)
Bases: ShareDriver
HPE 3PAR driver for Manila.
Supports NFS and CIFS protocols on arrays with File Persona.
Version history:
1.0.0 - Begin Liberty development (post-Kilo)
1.0.1 - Report thin/dedup/hp_flash_cache capabilities
1.0.2 - Add share server/share network support
2.0.0 - Rebranded HP to HPE
2.0.1 - Add access_level (e.g. read-only support)
2.0.2 - Add extend/shrink
2.0.3 - Remove file tree on delete when using nested shares #1538800
2.0.4 - Reduce the fsquota by share size
when a share is deleted #1582931
2.0.5 - Add update_access support
2.0.6 - Multi pool support per backend
2.0.7 - Fix get_vfs() to correctly validate conf IP addresses at
boot up #1621016
2.0.8 - Replace ConsistencyGroup with ShareGroup
-
VERSION = '2.0.8'
-
static build_share_comment(share)
Create an informational only comment to help admins and testers.
-
check_for_setup_error()
Check for setup error.
-
choose_share_server_compatible_with_share(context, share_servers, share, snapshot=None, share_group=None)
Method that allows driver to choose share server for provided share.
If compatible share-server is not found, method should return None.
- Parameters:
context – Current context
share_servers – list with share-server models
share – share model
snapshot – snapshot model
share_group – ShareGroup model with shares
- Returns:
share-server or None
-
create_share(context, share, share_server=None)
Is called to create share.
-
create_share_from_snapshot(context, share, snapshot, share_server=None, parent_share=None)
Is called to create share from snapshot.
-
create_snapshot(context, snapshot, share_server=None)
Creates a snapshot of a share.
-
delete_share(context, share, share_server=None)
Deletes share and its fstore.
-
delete_snapshot(context, snapshot, share_server=None)
Deletes a snapshot of a share.
-
do_setup(context)
Any initialization the share driver does while starting.
-
ensure_share(context, share, share_server=None)
Invoked to ensure that share is exported.
Driver can use this method to update the list of export locations of
the share if it changes. To do that, you should return list with
export locations.
It is preferred if the driver implements “get_backend_info” and
“ensure_shares” instead of this routine.
- Returns:
None or list with export locations
-
extend_share(share, new_size, share_server=None)
Extends size of existing share.
-
get_network_allocations_number()
Returns number of network allocations for creating VIFs.
Drivers that use Nova for share servers should return zero (0) here
same as Generic driver does.
Because Nova will handle network resources allocation.
Drivers that handle networking itself should calculate it according
to their own requirements. It can have 1+ network interfaces.
-
static sha1_hash(clazz)
Get the SHA1 hash for the source of a class.
-
shrink_share(share, new_size, share_server=None)
Shrinks size of existing share.
-
update_access(context, share, access_rules, add_rules, delete_rules, update_rules, share_server=None)
Update access to the share.
-
to_list(var)
Convert var to list type if not