[Deepsea-users] NFS Ganesha custom roles

Ricardo Dias rdias at suse.com
Thu Jun 15 00:53:58 MDT 2017


Hi,

In a near future version of openATTIC, it will support the management of NFS-Ganesha services and exports using either CephFS or RGW storage backends.

This feature already allows to manage different nfs-Ganesha services in different hosts, and also allows to create an export assigning it to a particular host/service.

Some screenshots available here:
https://tracker.openattic.org/plugins/servlet/mobile#issue/OP-2195


Ricardo Dias

> On 14 Jun 2017, at 20:38, Supriti Singh <Supriti.Singh at suse.com> wrote:
> 
> With default ganesha you have possible options:
> 
> 1. Ganesha + RGW + Cephfs
>    When both mds and rgw are defined. 
> 
> 2. Ganesha + RGW:
>     If you don't have any mfs role define, but have a rgw, ganesha.conf will define export block for each user defined in rgw.sls under "rgw_configurations". 
> 
> 3. Ganesha + Cephfs
>     Only mds role.
> 
> The example ganesha_rgw and ganesha_cephfs is applicable when admin wants to run only Ganesha+Cephfs on one node and Ganesha +RGW on other. With defaul "ganesha" role its not possible. 
> 
> 
> 
> ------
> Supriti Singh 
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
> HRB 21284 (AG Nürnberg)
> 
> >>> Nathan Cutler <ncutler at suse.cz> 06/14/17 7:18 PM >>>
> I like this idea, I think. If I understand correctly, with the default 
> "ganesha" role I can do cephfs FSAL by itself, or cephfs + rgw FSAL, but 
> I cannot do rgw FSAL by itself. So I will need the custom role 
> ganesha_rgw for that.
> 
> On 06/14/2017 05:44 PM, Supriti Singh wrote:
> > Hello,
> > 
> > I am writing the mail to explain the logic behind introducing custom 
> > roles for NFS-Ganesha in Deepsea.
> > 
> > Normal use case:
> > -------------------------
> > Deepsea provides a default "Ganesha" role. This role uses the 
> > configuration from the /srv/salt/ceph/ganesha/files/ganesha.conf.j2. If 
> > you look at this file it defines both FSALs, cephfs and rgw. For cephfs, 
> > things are pretty simple. But for rgw, we also need to populate the FSAL 
> > block with user_id, access_key and secret_access_key. To do so we need a 
> > list of users. That should be provided in the file /srv/pillar/ceph/rgw.sls.
> > 
> > Example rgw.sls:
> > rgw_configurations:
> > rgw:
> > users:
> > - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
> > - { uid: "demo1", name: "Demo1", email: "demo1 at demo.nil" }
> > 
> > Ganesha will read this file and populate the RGW FSAL with users "demo" 
> > and "demo1".
> > 
> > Custom roles:
> > --------------------
> > In the default setup, we are running both the FSALs on the same ganesha 
> > server node. But there may be a case where user wants to run NFS-Ganesha 
> > + Ceph FSAL on one set of nodes and NFS-Ganesha + RGW FSAL on other set 
> > of nodes. With just the role "ganesha", its not possible. There is 
> > another case possible, where admin may want to run NFS-Ganesha + RGW 
> > with user1, and for other user2 on other node. To handle such cases we 
> > added support for custom roles.
> > 
> > 1. NFS-Ganesha server with CephFS and RGW on different nodes
> > 
> > * Assign custom roles, ganesha_cephfs and ganesha_rgw to nodes (in
> > policy.cfg)
> > * Add new conf file, ganesha_cephfs.conf.j2 and ganesha_rgw.conf.j2,
> > with their respective FSALs.
> > * Add keyring file, ganesha_cephfs.j2 and ganesha_rgw.j2
> > * Update rgw.sls to reflect new ganesha_configurations and
> > rgw_configurations.
> > * Run the stages upto 4
> > 
> > In this case rgw.sls:
> > 
> > rgw_configurations:
> > ganesha_rgw:
> > users:
> > - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
> > - { uid: "demo1", name: "Demo1", email: "demo1 at demo.nil" }
> > 
> > 
> > ganesha_configurations:
> > 
> > - ganesha_rgw:
> > 
> > 
> > 2. NFS-Ganesha + Custom RGW:
> > 
> > The other use case could be where admin wants to run NFS-Ganesha RGW 
> > FSAL but with different users on different nodes. Let say these 
> > different set of nodes are named as "silver" and "gold".
> > 
> > So, we want only silver users to run on silver node. Similarly, only 
> > gold users to run on gold nodes. To do so, we define the following rgw.sls
> > 
> > 
> > rgw.sls
> > 
> > -----------
> > 
> > rgw_configurations:
> > silver:
> > users:
> > - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
> > 
> > gold:
> > users:
> > - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
> > 
> > 
> > 
> > ganesha_configurations:
> > 
> > - silver
> > - gold
> > 
> > * Assign custom roles,silver and gold to nodes (in policy.cfg)
> > * Add new conf file, silver.conf.j2 and gold.conf.j2, with their
> > respective FSALs.
> > * Add keyring file, silver.j2 and gold.j2
> > * Update rgw.sls to reflect new ganesha_configurations and
> > rgw_configurations. Similar to above example.
> > * Run the stages upto 4
> > 
> > SIlver and gold are just names.
> > 
> > 
> > Thanks,
> > 
> > Supriti
> > 
> > 
> > ------
> > Supriti Singh
> > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
> > HRB 21284 (AG Nürnberg)
> > 
> > 
> > 
> > _______________________________________________
> > Deepsea-users mailing list
> > Deepsea-users at lists.suse.com
> > http://lists.suse.com/mailman/listinfo/deepsea-users
> > 
> 
> -- 
> Nathan Cutler
> Software Engineer Distributed Storage
> SUSE LINUX, s.r.o.
> Tel.: +420 284 084 037
> _______________________________________________
> Deepsea-users mailing list
> Deepsea-users at lists.suse.com
> http://lists.suse.com/mailman/listinfo/deepsea-users
> _______________________________________________
> Deepsea-users mailing list
> Deepsea-users at lists.suse.com
> http://lists.suse.com/mailman/listinfo/deepsea-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/deepsea-users/attachments/20170615/47b83d9d/attachment.htm>


More information about the Deepsea-users mailing list