Add documentation how to access manila shares

Adds steps how to create neutron provider network to access Ceph storage from user instances. Change-Id: I640984c2d14650e3abf982d4f8a3d9eb65380a26 Closes-Bug: #1680749
2017-04-24 12:37:36 +02:00 · 2017-04-24 12:37:36 +02:00 · a8a576fb37
commit a8a576fb37
parent 9ca30ee2d6
1 changed files with 97 additions and 0 deletions
--- a/doc/source/advanced_deployment/deploy_manila.rst
+++ b/doc/source/advanced_deployment/deploy_manila.rst
@ -15,6 +15,103 @@ Overcloud::
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/ceph-mds.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/manila-cephfsnative-config.yaml

+Network Isolation
+~~~~~~~~~~~~~~~~~
+When mounting a ceph share from a user instance, the user instance needs access
+to the Ceph public network. When mounting a ceph share from a user instance,
+the user instance needs access to the Ceph public network, which in TripleO
+maps to the Overcloud storage network.  In an Overcloud which uses isolated
+networks the tenant network and storage network are isolated from one another
+so user instances cannot reach the Ceph public network unless the cloud
+administrator creates a provider network in neutron that maps to the storage
+network and exposes access to it.
+
+Before deploying Overcloud make sure that there is a bridge for storage network
+interface. If single NIC with VLANs network configuration is used (as in
+``/usr/share/openstack-tripleo-heat-templates/network/config/single-nic-vlans/``)
+then by default ``br-ex`` bridge is used for storage network and no additional
+customization is required for Overcloud deployment. If a dedicated interface is
+used for storage network (as in
+``/usr/share/openstack-tripleo-heat-templates/network/config/multiple-nics/``)
+then update storage interface for each node type (controller, compute, ceph) to
+use bridge. The following interface definition::
+
+    - type: interface
+        name: nic2
+        use_dhcp: false
+        addresses:
+        - ip_netmask:
+            get_param: StorageIpSubnet
+
+should be replaced with::
+
+    - type: ovs_bridge
+      name: br-storage
+      use_dhcp: false
+      addresses:
+      - ip_netmask:
+          get_param: StorageIpSubnet
+      members:
+      - type: interface
+        name: nic2
+        use_dhcp: false
+        primary: true
+
+And pass following parameters when deploying Overcloud to allow Neutron to map
+provider networks to the storage bridge::
+
+      parameter_defaults:
+          NeutronBridgeMappings: datacentre:br-ex,storage:br-storage
+          NeutronFlatNetworks: datacentre,storage
+
+When Overcloud is deployed, create a provider network which can be used to
+access storage network.
+
+* If single NIC with VLANs is used, then the provider network is mapped
+  to the default datacentre network::
+
+      neutron net-create storage --shared --provider:physical_network \
+        datacentre --provider:network_type vlan --provider:segmentation_id 30
+
+      neutron subnet-create --name storage-subnet \
+        --allocation-pool start=172.16.1.100,end=172.16.1.120 \
+        --enable-dhcp storage 172.16.1.0/24
+
+* If a custom bridge was used for storage network interface (``br-storage`` in
+  the example above) then provider network is mapped to the network specified
+  by ``NeutronBridgeMappings`` parameter (``storage`` network in the example
+  above)::
+
+      neutron net-create storage --shared --provider:physical_network storage \
+        --provider:network_type flat
+
+      neutron subnet-create --name storage-subnet \
+        --allocation-pool start=172.16.1.200,end=172.16.1.220 --enable-dhcp \
+        storage 172.16.1.0/24 --no-gateway
+
+.. note::
+    Allocation pool should not overlap with storage network
+    pool used for storage nodes (``StorageAllocationPools`` parameter).
+    You may also need to shrink storage nodes pool size to reserve more IPs
+    for tenants using the provider network.
+
+.. note::
+
+    Make sure that subnet CIDR matches storage network CIDR (``StorageNetCidr``
+    parameter)and
+    segmentation_id matches VLAN ID for the storage network traffic
+    (``StorageNetworkVlanID`` parameter).
+
+Then Ceph shares can be accessed from a user instance by adding the provider
+network to the instance.
+
+.. note::
+
+    Cloud-init by default configures only first network interface to use DHCP
+    which means that user intances will not have network interface for storage
+    network autoconfigured. You can configure it manually or use
+    `dhcp-all-interfaces <https://docs.openstack.org/developer/diskimage-builder/elements/dhcp-all-interfaces/README.html>`_.
+
 Deploying the Overcloud with an External Backend
 ------------------------------------------------
 .. note::