Table of Contents
The OpenStack Shared File System is a service which helps every case of Compute to utilize the shared file system.
It is offered with the help of following selected services:
manila-api:
It is a Web Server Gateway Interface (WSGI) application which verifies and directs the requests across the shared file system service and also provides support to the OpenStack APIs.
manila-data:
The objective of this independent service is to accept the requests, carry out the data operations with the help of services that probably run for a long time like copying, backup or sharing migration.
manila-scheduler:
manila-scheduler is a service whose purpose is to schedule and direct the requests to the proper shared file system services. For directing the requests, this scheduler takes help of customizable filters and weighing or weighers. The manila-scheduler is default and it starts the filters when the things like Capacity, Availability Zone, Share Types and Capabilities and also the customized filters gets triggered.
manila-share:
All the back end machines or devices which offer the shared file systems are managed by manila-share services. This service can work in any of the two modes, along with or in the absence of share servers. Through share networks, share servers transport the file shares. In the absence of share servers, all the networking needs are managed away from or outside of the manila.
We have already discussed that the Shared File System Service are used by users. These users can be either various cloud computing users or tenants. They can use Shared File System service with the help of role based access projects. That means the roles assigned to the users decides the actions to be performed by that user.
But most of the actions do not require a specific role in the default configuration, until those actions are limited to the administrators. Still if the system administrators want to configure them, then they can configure it properly in the policy.json file which manages the rules.
A project can restrict a users’ access to handle the specific share. If a guest wants to access the mount and consume the shares, then it is secured by IP and/or user access rules. As per each project, the quotas are assigned for controlling the resource usage throughout the offered hardware resources.
For projects, controlling quota is accessible to restrict:
Administrators can edit the restrictions allocated by the quotas; therefore it is important to reconsider the default values of the quotas using Shared File Systems’ Command Line Interpreter.
As discussed earlier, the Shared File Services requires back end devices. In other words we can say that these services needs some kind of back end shared file system supplier on which the shared file system services are implemented. The performance of the resource takes help of Block Storage service (Cinder) and also a virtual machine service to offer shares. With the help of extra drivers the shared file systems can be accessed through a series of vendor services.
Shares, snapshots and share networks are the basic resources which are provided by the Shared File System service. Let’s discuss about them in detail:
It is a unit of storage which includes a protocol, a size and an access list. Shares are the original units offered by manila. All of them reside on a backend and few of them are connected with share networks and share servers. Shares support the main protocols like NFS, CIFs as well as some other protocols.
A snapshot is a copy of share in the moment of time, which is used only for creating a new share including the data which is snapshot. Unless and until all the related snapshots are removed or deleted, it is not possible to delete shares.
It is an object described by using a project which notifies manila regarding the security and network setup for a set of shares. These are applicable only for the backends which controls the share servers. It includes security service as well as security network or subnet.
For verification and confirmation of the users, the storage service of the Shared File Systems may be configured optionally with the help of various authentication protocols. Share networks provide support to the authentication protocols like LDAP, Kerberos and Microsoft Active Directory authentication service.
Security services:
Once a share is created and once its dispatch location is received, then users are not allowed to implement it as well as work with files. Shared File System needs to specifically allocate or grant the access to the new share.
By using security services the user configuration data for verification and confirmation can be stored. The authentication protocols like LDAP, Kerberos or Microsoft Active Directory are utilized by the Shared File Systems service, only if these protocols are supported by drives and back ends. It is possible to configure the verification services without using the Shared File Systems’ service.
Important Note:
In few situations it is needed to specifically mention one of the security services like NetApp, EMC and Windows drivers need Active Directory for the development of shares with the help of CIFS protocol.
Management of Security Services:
This service is an object of the Shared File Systems’ service which extracts a group of options that describes a security domain for a specific shared file system protocol like Kerberos domain or an Active Directory domain. Security service consists of complete information required for the Shared File Systems for creating a server which connects to a given domain.
With the help of APIs it is possible for the users to create, update view and delete a security services.
These security services are designed on the basis of following rules:
Important Note:
As discussed earlier, variety of authentication services are backed by variety of shared drivers. Different authentication services are supported by different share drivers. Providing a support for a particular verification service with the help of a driver does not indicate that security services can be setup by using any shared file system protocol like NFS, CIFS, GlusterFS and HDFS.
The security services that mentioned above are supported by few drives and some other drivers do not support them. For instance, Generic Driver along with NFS or the CIFS shared file system protocol provides support just for the verification method via an IP address.
Hint:
That’s all for today! I hope you find this information useful and please do not forget to add a comment in the comment section below. Thank you for reading the blog! See you soon with another interesting blog!
As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…
Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…
Welcome to the complete guide to WordPress security best practices in 2024. As technology evolves rapidly, implementing strong security measures…
Hey, wanted to learn about web hosting? Or do you want to start a new website and need hosting? Questions…
In today's digital world, the threat of DDoS attacks has become increasingly prevalent. These types of attacks have the power…