红帽全球峰会1.15. 使用共享文件系统服务
OpenStack Manila 是共享文件系统服务。它为 OpenStack 用户提供自助服务 API,用于创建和管理文件共享。文件共享(或只是"共享"),由任意数量的客户端为并发读/写访问权限构建。这与底层存储的固有弹性相结合,使共享文件系统服务在云环境需要 RWX ("read write many")持久性存储中至关重要。
1.15.1. 网络
复制链接链接已复制到粘贴板!
OpenStack 中的文件共享通过网络访问。因此,务必要规划云的网络,以便为共享文件系统创建成功且可持续的编配层。
Manila 支持两种级别的存储网络抽象 - 用户可以直接控制其各自文件共享的网络,另一个则由 OpenStack 管理员配置存储网络。在采用后,务必要确保 Red Hat OpenStack Platform 17.1 中的网络与您的新云的网络计划匹配。这样可确保租户工作负载通过采用过程保持与存储连接,即使 control plane 会出现较小的中断。Manila 的 control plane 服务不在数据路径中;关闭 API、调度程序和共享管理器服务不会影响对现有共享文件系统的访问。
通常,存储和存储设备管理网络是独立的。Manila 服务只需要访问存储设备管理网络。例如,如果在部署中使用了 Ceph 集群,"storage"网络指的是 Ceph 集群的公共网络,并且 Manila 的共享管理器服务需要可以访问它。
1.15.2. 先决条件
复制链接链接已复制到粘贴板!
- 确保 manila systemd 服务(api、cron、调度程序)已停止。如需更多信息,请参阅 停止 OpenStack 服务。
- 确保 manila pacemaker 服务("openstack-manila-share")已停止。如需更多信息,请参阅 停止 OpenStack 服务。
- 确保数据库迁移已完成。如需更多信息,请参阅将 数据库迁移到 MariaDB 实例。
-
确保部署
manila-share服务的 OpenShift 节点可以访问存储系统所在的管理网络。 - 在使用 manila 服务前,请确保可以使用 keystone 和 memcached 等服务。
-
如果启用了租户驱动的网络(
driver_handles_share_servers=True),请确保在采用 manila 服务前已经部署了 neutron。
1.15.3. 流程 - Manila 采用
复制链接链接已复制到粘贴板!
1.15.3.1. 从 RHOSP 17.1 部署复制配置
复制链接链接已复制到粘贴板!
定义 CONTROLLER1_SSH 环境变量( 如果尚未定义 )。然后,从 RHOSP 17.1 复制配置文件以参考。
$CONTROLLER1_SSH cat /var/lib/config-data/puppet-generated/manila/etc/manila/manila.conf | awk '!/^ *#/ && NF' > ~/manila.conf
$CONTROLLER1_SSH cat /var/lib/config-data/puppet-generated/manila/etc/manila/manila.conf | awk '!/^ *#/ && NF' > ~/manila.conf检查此配置,以及自 RHOSP 17.1 起记录的配置更改。并非所有项都对进入新的云环境有意义:
-
manila 操作器能够设置数据库相关配置(
[database])、服务身份验证(auth_strategy,[keystone_authtoken])、消息总线配置(transport_url,control_exchange)、默认的粘贴配置(api_paste_config)和 inter-service 通信配置(', '[nova],[cinder], [glance][glance][oslo_messagingClaimTemplate])。因此,所有这些都可以被忽略。 -
忽略
osapi_share_listen配置。在 RHOSP 18 中,依赖 OpenShift 路由和入口。 -
请注意策略覆盖。在 RHOSP 18 中,manila 附带一个安全的默认 RBAC,并且可能不需要覆盖。请使用 Oslo 策略生成器 工具查看 RBAC 默认值。如果需要自定义策略,则必须将其作为
ConfigMap提供。以下示例 spec 演示了如何使用名为policy.yaml的文件的内容设置名为manila-policy的ConfigMap。
spec:
manila:
enabled: true
template:
manilaAPI:
customServiceConfig: |
[oslo_policy]
policy_file=/etc/manila/policy.yaml
extraMounts:
- extraVol:
- extraVolType: Undefined
mounts:
- mountPath: /etc/manila/
name: policy
readOnly: true
propagation:
- ManilaAPI
volumes:
- name: policy
projected:
sources:
- configMap:
name: manila-policy
items:
- key: policy
path: policy.yaml
spec:
manila:
enabled: true
template:
manilaAPI:
customServiceConfig: |
[oslo_policy]
policy_file=/etc/manila/policy.yaml
extraMounts:
- extraVol:
- extraVolType: Undefined
mounts:
- mountPath: /etc/manila/
name: policy
readOnly: true
propagation:
- ManilaAPI
volumes:
- name: policy
projected:
sources:
- configMap:
name: manila-policy
items:
- key: policy
path: policy.yaml-
Manila API 服务需要在
manila: template: manilaAPI的customServiceConfig部分添加enabled_share_protocols选项。 -
如果您有调度程序覆盖,请将它们添加到
manila: template: manilaScheduler中的customServiceConfig部分。 -
如果您使用 RHOSP 17.1 配置多个存储后端驱动程序,则需要在部署 RHOSP 18 时分割它们。每个存储后端驱动程序都需要使用自己的
manila-share服务实例。 -
如果存储后端驱动程序需要自定义容器镜像,请在 RHOSP Ecosystem Catalog 上找到它,并设置
manila: template: manilaShares: <custom name> : containerImage值。以下示例演示了使用自定义容器镜像的多个存储后端驱动程序。
spec:
manila:
enabled: true
template:
manilaAPI:
customServiceConfig: |
[DEFAULT]
enabled_share_protocols = nfs
replicas: 3
manilaScheduler:
replicas: 3
manilaShares:
netapp:
customServiceConfig: |
[DEFAULT]
debug = true
enabled_share_backends = netapp
[netapp]
driver_handles_share_servers = False
share_backend_name = netapp
share_driver = manila.share.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_transport_type = http
replicas: 1
pure:
customServiceConfig: |
[DEFAULT]
debug = true
enabled_share_backends=pure-1
[pure-1]
driver_handles_share_servers = False
share_backend_name = pure-1
share_driver = manila.share.drivers.purestorage.flashblade.FlashBladeShareDriver
flashblade_mgmt_vip = 203.0.113.15
flashblade_data_vip = 203.0.10.14
containerImage: registry.connect.redhat.com/purestorage/openstack-manila-share-pure-rhosp-18-0
replicas: 1
spec:
manila:
enabled: true
template:
manilaAPI:
customServiceConfig: |
[DEFAULT]
enabled_share_protocols = nfs
replicas: 3
manilaScheduler:
replicas: 3
manilaShares:
netapp:
customServiceConfig: |
[DEFAULT]
debug = true
enabled_share_backends = netapp
[netapp]
driver_handles_share_servers = False
share_backend_name = netapp
share_driver = manila.share.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_transport_type = http
replicas: 1
pure:
customServiceConfig: |
[DEFAULT]
debug = true
enabled_share_backends=pure-1
[pure-1]
driver_handles_share_servers = False
share_backend_name = pure-1
share_driver = manila.share.drivers.purestorage.flashblade.FlashBladeShareDriver
flashblade_mgmt_vip = 203.0.113.15
flashblade_data_vip = 203.0.10.14
containerImage: registry.connect.redhat.com/purestorage/openstack-manila-share-pure-rhosp-18-0
replicas: 1-
如果提供敏感信息,如密码、主机名和用户名,建议使用 OpenShift secret 和
customServiceConfigSecrets密钥。例如:
cat << __EOF__ > ~/netapp_secrets.conf [netapp] netapp_server_hostname = 203.0.113.10 netapp_login = fancy_netapp_user netapp_password = secret_netapp_password netapp_vserver = mydatavserver __EOF__ oc create secret generic osp-secret-manila-netapp --from-file=~/netapp_secrets.conf -n openstack
cat << __EOF__ > ~/netapp_secrets.conf
[netapp]
netapp_server_hostname = 203.0.113.10
netapp_login = fancy_netapp_user
netapp_password = secret_netapp_password
netapp_vserver = mydatavserver
__EOF__
oc create secret generic osp-secret-manila-netapp --from-file=~/netapp_secrets.conf -n openstack-
customConfigSecrets可用于任何服务,以下是一个使用上面创建的 secret 的配置映射。
spec:
manila:
enabled: true
template:
< . . . >
manilaShares:
netapp:
customServiceConfig: |
[DEFAULT]
debug = true
enabled_share_backends = netapp
[netapp]
driver_handles_share_servers = False
share_backend_name = netapp
share_driver = manila.share.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_transport_type = http
customServiceConfigSecrets:
- osp-secret-manila-netapp
replicas: 1
< . . . >
spec:
manila:
enabled: true
template:
< . . . >
manilaShares:
netapp:
customServiceConfig: |
[DEFAULT]
debug = true
enabled_share_backends = netapp
[netapp]
driver_handles_share_servers = False
share_backend_name = netapp
share_driver = manila.share.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_transport_type = http
customServiceConfigSecrets:
- osp-secret-manila-netapp
replicas: 1
< . . . >-
如果您需要向任何服务提供额外文件,您可以使用
extraMounts。例如,在使用 ceph 时,您需要 Manila 用户的密钥环文件以及ceph.conf配置文件。它们通过extraMounts挂载,如下例所示。 -
确保后端的名称(
share_backend_name)在 RHOSP 17.1 上保持不变。 -
建议将
manilaAPI服务的副本数和manilaScheduler服务设置为 3。您应该确保将manilaShares服务/s 的副本数设置为 1。 -
确保
manilaShares部分中指定了适当的存储管理网络。以下示例将manilaShares实例与 CephFS 后端驱动程序连接到存储网络。
1.15.3.2. 部署 manila control plane
复制链接链接已复制到粘贴板!
修补 OpenStackControlPlane 来部署 Manila;这里是一个使用原生 CephFS 的示例:
cat << __EOF__ > ~/manila.patch
spec:
manila:
enabled: true
apiOverride:
route: {}
template:
databaseInstance: openstack
secret: osp-secret
manilaAPI:
replicas: 3
customServiceConfig: |
[DEFAULT]
enabled_share_protocols = cephfs
override:
service:
internal:
metadata:
annotations:
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/allow-shared-ip: internalapi
metallb.universe.tf/loadBalancerIPs: 172.17.0.80
spec:
type: LoadBalancer
manilaScheduler:
replicas: 3
manilaShares:
cephfs:
replicas: 1
customServiceConfig: |
[DEFAULT]
enabled_share_backends = tripleo_ceph
[tripleo_ceph]
driver_handles_share_servers=False
share_backend_name=tripleo_ceph
share_driver=manila.share.drivers.cephfs.driver.CephFSDriver
cephfs_conf_path=/etc/ceph/ceph.conf
cephfs_auth_id=openstack
cephfs_cluster_name=ceph
cephfs_volume_mode=0755
cephfs_protocol_helper_type=CEPHFS
networkAttachments:
- storage
__EOF__
cat << __EOF__ > ~/manila.patch
spec:
manila:
enabled: true
apiOverride:
route: {}
template:
databaseInstance: openstack
secret: osp-secret
manilaAPI:
replicas: 3
customServiceConfig: |
[DEFAULT]
enabled_share_protocols = cephfs
override:
service:
internal:
metadata:
annotations:
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/allow-shared-ip: internalapi
metallb.universe.tf/loadBalancerIPs: 172.17.0.80
spec:
type: LoadBalancer
manilaScheduler:
replicas: 3
manilaShares:
cephfs:
replicas: 1
customServiceConfig: |
[DEFAULT]
enabled_share_backends = tripleo_ceph
[tripleo_ceph]
driver_handles_share_servers=False
share_backend_name=tripleo_ceph
share_driver=manila.share.drivers.cephfs.driver.CephFSDriver
cephfs_conf_path=/etc/ceph/ceph.conf
cephfs_auth_id=openstack
cephfs_cluster_name=ceph
cephfs_volume_mode=0755
cephfs_protocol_helper_type=CEPHFS
networkAttachments:
- storage
__EOF__oc patch openstackcontrolplane openstack --type=merge --patch-file=~/manila.patch
oc patch openstackcontrolplane openstack --type=merge --patch-file=~/manila.patch1.15.4. post-checks
复制链接链接已复制到粘贴板!
1.15.4.1. 检查生成的 manila 服务 pod
复制链接链接已复制到粘贴板!
oc get pods -l service=manila
oc get pods -l service=manila1.15.4.2. 检查 Manila API 服务是否在 Keystone 中注册
复制链接链接已复制到粘贴板!
openstack service list | grep manila
openstack service list | grep manilaopenstack endpoint list | grep manila | 1164c70045d34b959e889846f9959c0e | regionOne | manila | share | True | internal | http://manila-internal.openstack.svc:8786/v1/%(project_id)s | | 63e89296522d4b28a9af56586641590c | regionOne | manilav2 | sharev2 | True | public | https://manila-public-openstack.apps-crc.testing/v2 | | af36c57adcdf4d50b10f484b616764cc | regionOne | manila | share | True | public | https://manila-public-openstack.apps-crc.testing/v1/%(project_id)s | | d655b4390d7544a29ce4ea356cc2b547 | regionOne | manilav2 | sharev2 | True | internal | http://manila-internal.openstack.svc:8786/v2 |
openstack endpoint list | grep manila
| 1164c70045d34b959e889846f9959c0e | regionOne | manila | share | True | internal | http://manila-internal.openstack.svc:8786/v1/%(project_id)s |
| 63e89296522d4b28a9af56586641590c | regionOne | manilav2 | sharev2 | True | public | https://manila-public-openstack.apps-crc.testing/v2 |
| af36c57adcdf4d50b10f484b616764cc | regionOne | manila | share | True | public | https://manila-public-openstack.apps-crc.testing/v1/%(project_id)s |
| d655b4390d7544a29ce4ea356cc2b547 | regionOne | manilav2 | sharev2 | True | internal | http://manila-internal.openstack.svc:8786/v2 |1.15.4.3. 验证资源
复制链接链接已复制到粘贴板!
测试服务的健康状况:
openstack share service list openstack share pool list --detail
openstack share service list
openstack share pool list --detail检查现有工作负载:
openstack share list openstack share snapshot list
openstack share list
openstack share snapshot list您可以创建其他资源:
openstack share create cephfs 10 --snapshot mysharesnap --name myshareclone
openstack share create cephfs 10 --snapshot mysharesnap --name myshareclone
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}