创建和管理共享网络¶
共享网络存储网络信息,用于创建和管理共享。共享网络提供了一种指定网络来导出共享的方式。在最常见的用例中,您可以创建一个与私有 OpenStack (neutron) 网络关联的共享网络,该网络归您所有。如果共享网络是隔离网络,manila 可以为多租户云中的共享文件系统提供网络和数据隔离的硬性保证。但是,在某些云中,共享无法直接导出到私有项目网络;并且云可能具有指定用于共享网络的提供商网络。
无论哪种情况,只要底层网络连接到客户端(虚拟机、容器或裸机),就存在与共享网络上的共享通信的直接路径。
重要提示
为了使用共享网络,您选择的共享类型必须具有额外的规范 driver_handles_share_servers 设置为 True。
创建共享网络¶
创建一个共享网络。
$ manila share-network-create \ --name sharenetwork1 \ --description "Share Network created for demo purposes" \ --neutron-net-id c297b020-025a-4f3e-8120-57ea90404afb \ --neutron-subnet-id 29ecfbd5-a9be-467e-8b4a-3415d1f82888 +-------------------+-----------------------------------------+ | Property | Value | +-------------------+-----------------------------------------+ | name | sharenetwork1 | | segmentation_id | None | | created_at | 2019-07-02T11:14:06.228816 | | neutron_subnet_id | 29ecfbd5-a9be-467e-8b4a-3415d1f82888 | | updated_at | None | | network_type | None | | neutron_net_id | c297b020-025a-4f3e-8120-57ea90404afb | | ip_version | None | | cidr | None | | project_id | 907004508ef4447397ce6741a8f037c1 | | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | description | Share Network created for demo purposes | +-------------------+-----------------------------------------+
显示创建的共享网络。
$ manila share-network-show sharenetwork1 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | neutron_net_id | c297b020-025a-4f3e-8120-57ea90404afb | | neutron_subnet_id | 29ecfbd5-a9be-467e-8b4a-3415d1f82888 | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
注意
自 API 版本 2.51 起,共享网络能够在不同的可用区跨越多个子网,并且网络信息将存储在每个子网上。为了适应添加多个子网,共享网络创建命令已更新为接受可用区作为参数。此参数将在共享网络创建过程中使用,该过程还会创建一个新的子网。如果您未指定可用区,共享文件系统服务会将创建的子网视为默认子网。默认子网预计在云的所有可用区中都可用。因此,当您创建共享网络时,输出将类似于
$ manila share-network-create \ --name sharenetwork1 \ --description "Share Network created for demo purposes" \ --availability-zone manila-zone-0 +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | description | Share Network created for demo purposes | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': 'manila-zone-0', 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': None, 'segmentation_id': None, 'neutron_subnet_id': None, 'neutron_net_id': None, 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
列出共享网络¶
列出共享网络。
$ manila share-network-list +--------------------------------------+---------------+ | id | name | +--------------------------------------+---------------+ | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | sharenetwork1 | +--------------------------------------+---------------+
更新共享网络¶
更新共享网络数据。
$ manila share-network-update sharenetwork1 \ --neutron-net-id a27160ca-5595-4c62-bf54-a04fb7b14316 \ --neutron-subnet-id f043f4b0-c05e-493f-bbe9-99689e2187d2 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:08.970945 | | neutron_net_id | a27160ca-5595-4c62-bf54-a04fb7b14316 | | neutron_subnet_id | f043f4b0-c05e-493f-bbe9-99689e2187d2 | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
显示更新后的共享网络的详细信息。
$ manila share-network-show sharenetwork1 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:09.000000 | | neutron_net_id | a27160ca-5595-4c62-bf54-a04fb7b14316 | | neutron_subnet_id | f043f4b0-c05e-493f-bbe9-99689e2187d2 | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
注意
您无法更新具有导出共享的共享网络的
neutron_net_id和neutron_subnet_id。注意
从 API 版本 2.51 开始,仅可以更新默认子网的
neutron_net_id和neutron_subnet_id。创建后无法更新非默认子网。您可以删除相关子网,然后重新创建它。输出将如下所示$ manila share-network-update sharenetwork1 \ --neutron-net-id a27160ca-5595-4c62-bf54-a04fb7b14316 \ --neutron-subnet-id f043f4b0-c05e-493f-bbe9-99689e2187d2 +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:09.000000 | | description | Share Network created for demo purposes | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'a27160ca-5595-4c62-bf54-a04fb7b14316', 'neutron_subnet_id': 'f043f4b0-c05e-493f-bbe9-99689e2187d2', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
共享网络显示¶
显示共享网络的详细信息。
$ manila share-network-show sharenetwork1 +-------------------+--------------------------------------+ | Property | Value | +-------------------+--------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 5b23075b4b504261a5987b18588f86cf | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | 2019-10-10T17:14:09.000000 | | neutron_net_id | fake_updated_net_id | | neutron_subnet_id | fake_updated_subnet_id | | network_type | None | | segmentation_id | None | | cidr | None | | ip_version | None | | description | None | | gateway | None | | mtu | None | +-------------------+--------------------------------------+
注意
自 API 版本 2.51 起,
share-network-show命令还显示共享网络中包含的子网列表,如下所示。+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | description | Share Network created for demo purposes | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'fake_updated_net_id', 'neutron_subnet_id': 'fake_updated_subnet_id', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
注意
自 API 版本 2.63 起,
share-network-show命令还显示status和security_service_update_support字段。+---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | feed6a6c-f9e0-45ba-9a2b-0db76bde63e1 | | name | sharenetwork1 | | project_id | 8c2962a4832743469a336f7c179f7d34 | | created_at | 2019-10-09T04:19:31.000000 | | updated_at | None | | description | Share Network created for demo purposes | | status | active | | security_service_update_support | True | | share_network_subnets | [{'id': '900d9ddc-7062-404e-8ef5-f63b84782d89', 'availability_zone': None, 'created_at': '2019-10-09T04:19:31.000000', 'updated_at': '2019-10-09T07:39:59.000000', 'segmentation_id': None, 'neutron_net_id': 'fake_updated_net_id', 'neutron_subnet_id': 'fake_updated_subnet_id', 'ip_version': None, 'cidr': None, 'network_type': None, 'mtu': None, 'gateway': None}] | +---------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
添加安全服务/s¶
将预先存在的安全服务添加到给定的共享网络中。
$ manila share-network-security-service-add \ sharenetwork1 \ my_sec_service $ manila share-network-security-service-list sharenetwork1 +--------------------------------------+----------------+--------+------+ | id | name | status | type | +--------------------------------------+----------------+--------+------+ | 50303c35-2c53-4d37-a0d9-61dfe3789569 | my_sec_service | new | ldap | +--------------------------------------+----------------+--------+------+
注意
自 API 版本 2.63 起,manila 支持将安全服务添加到已经使用的共享网络,具体取决于共享网络的支持。共享网络实体现在包含一个名为 security_service_update_support 的字段,该字段包含有关构建在其上的所有资源是否可以执行此类操作的信息。在开始实际将安全服务添加到正在使用的共享网络的实际操作之前,必须触发检查操作。请参阅 子部分。
列出共享网络安全服务¶
列出共享网络中存在的所有安全服务。
$ manila share-network-security-service-list sharenetwork1 +--------------------------------------+----------------+--------+------+ | id | name | status | type | +--------------------------------------+----------------+--------+------+ | 50303c35-2c53-4d37-a0d9-61dfe3789569 | my_sec_service | new | ldap | +--------------------------------------+----------------+--------+------+
从共享网络中移除安全服务¶
从给定的共享网络中移除安全服务。
$ manila share-network-security-service-remove \ sharenetwork1 \ my_sec_service $ manila share-network-security-service-list sharenetwork1 +----+------+--------+------+ | id | name | status | type | +----+------+--------+------+ +----+------+--------+------+
删除共享网络¶
删除共享网络。
$ manila share-network-delete sharenetwork1
列出所有共享网络
$ manila share-network-list +--------------------------------------+---------------+ | id | name | +--------------------------------------+---------------+ +--------------------------------------+---------------+
更新共享网络安全服务检查(自 API 版本 2.63 起)¶
检查是否可以执行相同类型的安全服务的更新
$ manila share-network-security-service-update-check \ sharenetwork1 \ my_sec_service \ my_sec_service_updated +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | compatible | None | | requested_operation | {'operation': 'update_security_service', 'current_security_service': 50303c35-2c53-4d37-a0d9-61dfe3789569, 'new_security_service': '8971c5f6-52ec-4c53-bf6a-3fae38a9221e'} | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
检查操作的结果
$ manila share-network-security-service-update-check \ sharenetwork1 \ my_sec_service \ my_sec_service_updated +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | compatible | True | | requested_operation | {'operation': 'update_security_service', 'current_security_service': 50303c35-2c53-4d37-a0d9-61dfe3789569, 'new_security_service': '8971c5f6-52ec-4c53-bf6a-3fae38a9221e'} | +---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
现在,应该接受更新共享网络安全服务的请求。
更新共享网络安全服务(自 API 版本 2.63 起)¶
将一个安全服务替换为另一个相同类型的安全服务。
$ manila share-network-security-service-update \ sharenetwork1 \ my_sec_service \ my_sec_service_updated $ manila share-network-security-service-list sharenetwork1 +--------------------------------------+------------------------+--------+------+ | id | name | status | type | +--------------------------------------+------------------------+--------+------+ | 8971c5f6-52ec-4c53-bf6a-3fae38a9221e | my_sec_service_updated | new | ldap | +--------------------------------------+------------------------+--------+------+
注意
共享网络实体现在包含一个名为 security_service_update_support 的字段,该字段包含有关构建在其上的所有资源是否可以执行此类操作的信息。为了更新当前包含共享的共享网络中的安全服务,必须执行一个检查操作以查看是否可以完成该操作。请参阅 子部分。
添加共享网络安全服务检查(自 API 版本 2.63 起)¶
检查是否可以将安全服务添加到共享网络
$ manila share-network-security-service-add-check \ sharenetwork1 \ my_sec_service +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | compatible | None | | requested_operation | {'operation': 'add_security_service', 'current_security_service': None, 'new_security_service': '50303c35-2c53-4d37-a0d9-61dfe3789569'} | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
检查操作的结果
$ manila share-network-security-service-add-check \ sharenetwork1 \ my_sec_service +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | compatible | True | | requested_operation | {'operation': 'add_security_service', 'current_security_service': None, 'new_security_service': '50303c35-2c53-4d37-a0d9-61dfe3789569'} | +---------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
