From a8a576fb378fea99ba0f672c8a16ee3583178a73 Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Mon, 24 Apr 2017 12:37:36 +0200 Subject: [PATCH] Add documentation how to access manila shares Adds steps how to create neutron provider network to access Ceph storage from user instances. Change-Id: I640984c2d14650e3abf982d4f8a3d9eb65380a26 Closes-Bug: #1680749 --- .../advanced_deployment/deploy_manila.rst | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/doc/source/advanced_deployment/deploy_manila.rst b/doc/source/advanced_deployment/deploy_manila.rst index 29620257..31e0b5b7 100644 --- a/doc/source/advanced_deployment/deploy_manila.rst +++ b/doc/source/advanced_deployment/deploy_manila.rst @@ -15,6 +15,103 @@ Overcloud:: -e /usr/share/openstack-tripleo-heat-templates/environments/services/ceph-mds.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/manila-cephfsnative-config.yaml +Network Isolation +~~~~~~~~~~~~~~~~~ +When mounting a ceph share from a user instance, the user instance needs access +to the Ceph public network. When mounting a ceph share from a user instance, +the user instance needs access to the Ceph public network, which in TripleO +maps to the Overcloud storage network. In an Overcloud which uses isolated +networks the tenant network and storage network are isolated from one another +so user instances cannot reach the Ceph public network unless the cloud +administrator creates a provider network in neutron that maps to the storage +network and exposes access to it. + +Before deploying Overcloud make sure that there is a bridge for storage network +interface. If single NIC with VLANs network configuration is used (as in +``/usr/share/openstack-tripleo-heat-templates/network/config/single-nic-vlans/``) +then by default ``br-ex`` bridge is used for storage network and no additional +customization is required for Overcloud deployment. If a dedicated interface is +used for storage network (as in +``/usr/share/openstack-tripleo-heat-templates/network/config/multiple-nics/``) +then update storage interface for each node type (controller, compute, ceph) to +use bridge. The following interface definition:: + + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + +should be replaced with:: + + - type: ovs_bridge + name: br-storage + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + members: + - type: interface + name: nic2 + use_dhcp: false + primary: true + +And pass following parameters when deploying Overcloud to allow Neutron to map +provider networks to the storage bridge:: + + parameter_defaults: + NeutronBridgeMappings: datacentre:br-ex,storage:br-storage + NeutronFlatNetworks: datacentre,storage + +When Overcloud is deployed, create a provider network which can be used to +access storage network. + +* If single NIC with VLANs is used, then the provider network is mapped + to the default datacentre network:: + + neutron net-create storage --shared --provider:physical_network \ + datacentre --provider:network_type vlan --provider:segmentation_id 30 + + neutron subnet-create --name storage-subnet \ + --allocation-pool start=172.16.1.100,end=172.16.1.120 \ + --enable-dhcp storage 172.16.1.0/24 + +* If a custom bridge was used for storage network interface (``br-storage`` in + the example above) then provider network is mapped to the network specified + by ``NeutronBridgeMappings`` parameter (``storage`` network in the example + above):: + + neutron net-create storage --shared --provider:physical_network storage \ + --provider:network_type flat + + neutron subnet-create --name storage-subnet \ + --allocation-pool start=172.16.1.200,end=172.16.1.220 --enable-dhcp \ + storage 172.16.1.0/24 --no-gateway + +.. note:: + Allocation pool should not overlap with storage network + pool used for storage nodes (``StorageAllocationPools`` parameter). + You may also need to shrink storage nodes pool size to reserve more IPs + for tenants using the provider network. + +.. note:: + + Make sure that subnet CIDR matches storage network CIDR (``StorageNetCidr`` + parameter)and + segmentation_id matches VLAN ID for the storage network traffic + (``StorageNetworkVlanID`` parameter). + +Then Ceph shares can be accessed from a user instance by adding the provider +network to the instance. + +.. note:: + + Cloud-init by default configures only first network interface to use DHCP + which means that user intances will not have network interface for storage + network autoconfigured. You can configure it manually or use + `dhcp-all-interfaces `_. + Deploying the Overcloud with an External Backend ------------------------------------------------ .. note::