[Deepsea-users] NFS Ganesha custom roles
Supriti Singh
Supriti.Singh at suse.com
Mon Jun 19 09:36:13 MDT 2017
For Openattic + RGW backend, will custom ganesha roles (in rgw.sls) be required to create different ganesha export
files for different "rgw" users?
------
Supriti Singh��SUSE Linux GmbH, GF: Felix Imend��rffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N��rnberg)
>>> Ricardo Dias <rdias at suse.com> 06/15/17 8:54 AM >>>
Hi,
In a near future version of openATTIC, it will support the management of NFS-Ganesha services and exports using either
CephFS or RGW storage backends.
This feature already allows to manage different nfs-Ganesha services in different hosts, and also allows to create an
export assigning it to a particular host/service.
Some screenshots available here:
https://tracker.openattic.org/plugins/servlet/mobile#issue/OP-2195
Ricardo Dias
On 14 Jun 2017, at 20:38, Supriti Singh <Supriti.Singh at suse.com> wrote:
With default ganesha you have possible options:
1. Ganesha + RGW + Cephfs
When both mds and rgw are defined.
2. Ganesha + RGW:
If you don't have any mfs role define, but have a rgw, ganesha.conf will define export block for each user defined
in rgw.sls under "rgw_configurations".
3. Ganesha + Cephfs
Only mds role.
The example ganesha_rgw and ganesha_cephfs is applicable when admin wants to run only Ganesha+Cephfs on one node and
Ganesha +RGW on other. With defaul "ganesha" role its not possible.
------
Supriti Singh SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
>>> Nathan Cutler <ncutler at suse.cz> 06/14/17 7:18 PM >>>
I like this idea, I think. If I understand correctly, with the default
"ganesha" role I can do cephfs FSAL by itself, or cephfs + rgw FSAL, but
I cannot do rgw FSAL by itself. So I will need the custom role
ganesha_rgw for that.
On 06/14/2017 05:44 PM, Supriti Singh wrote:
> Hello,
>
> I am writing the mail to explain the logic behind introducing custom
> roles for NFS-Ganesha in Deepsea.
>
> Normal use case:
> -------------------------
> Deepsea provides a default "Ganesha" role. This role uses the
> configuration from the /srv/salt/ceph/ganesha/files/ganesha.conf.j2. If
> you look at this file it defines both FSALs, cephfs and rgw. For cephfs,
> things are pretty simple. But for rgw, we also need to populate the FSAL
> block with user_id, access_key and secret_access_key. To do so we need a
> list of users. That should be provided in the file /srv/pillar/ceph/rgw.sls.
>
> Example rgw.sls:
> rgw_configurations:
> rgw:
> users:
> - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
> - { uid: "demo1", name: "Demo1", email: "demo1 at demo.nil" }
>
> Ganesha will read this file and populate the RGW FSAL with users "demo"
> and "demo1".
>
> Custom roles:
> --------------------
> In the default setup, we are running both the FSALs on the same ganesha
> server node. But there may be a case where user wants to run NFS-Ganesha
> + Ceph FSAL on one set of nodes and NFS-Ganesha + RGW FSAL on other set
> of nodes. With just the role "ganesha", its not possible. There is
> another case possible, where admin may want to run NFS-Ganesha + RGW
> with user1, and for other user2 on other node. To handle such cases we
> added support for custom roles.
>
> 1. NFS-Ganesha server with CephFS and RGW on different nodes
>
> * Assign custom roles, ganesha_cephfs and ganesha_rgw to nodes (in
> policy.cfg)
> * Add new conf file, ganesha_cephfs.conf.j2 and ganesha_rgw.conf.j2,
> with their respective FSALs.
> * Add keyring file, ganesha_cephfs.j2 and ganesha_rgw.j2
> * Update rgw.sls to reflect new ganesha_configurations and
> rgw_configurations.
> * Run the stages upto 4
>
> In this case rgw.sls:
>
> rgw_configurations:
> ganesha_rgw:
> users:
> - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
> - { uid: "demo1", name: "Demo1", email: "demo1 at demo.nil" }
>
>
> ganesha_configurations:
>
> -> The other use case could be where admin wants to run NFS-Ganesha RGW
> FSAL but with different users on different nodes. Let say these
> different set of nodes are named as "silver" and "gold".
>
> So, we want only silver users to run on silver node. Similarly, only
> gold users to run on gold nodes. To do so, we define the following rgw.sls
>
>
> rgw.sls
>
> -----------
>
> rgw_configurations:
> silver:
> users:
> - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
>
> gold:
> users:
> - { uid: "demo", name: "Demo", email: "demo at demo.nil" }
>
>
>
> ganesha_configurations:
>
> - silver
> - gold
>
> * Assign custom roles,silver and gold to nodes (in policy.cfg)
> * Add new conf file, silver.conf.j2 and gold.conf.j2, with their
> respective FSALs.
> * Add keyring file, silver.j2 and gold.j2
> * Update rgw.sls to reflect new ganesha_configurations and
> rgw_configurations. Similar to above example.
> * Run the stages upto 4
>
> SIlver and gold are just names.
>
>
> Thanks,
>
> Supriti
>
>
> ------
> Supriti Singh
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
> HRB 21284 (AG Nürnberg)
>
>
>
> _______________________________________________
> Deepsea-users mailing list
> Deepsea-users at lists.suse.com
> http://lists.suse.com/mailman/listinfo/deepsea-users
>
--
Nathan Cutler
Software Engineer Distributed Storage
SUSE LINUX, s.r.o.
Tel.: +420 284 084 037
_______________________________________________
Deepsea-users mailing list
Deepsea-users at lists.suse.com
http://lists.suse.com/mailman/listinfo/deepsea-users
_______________________________________________
Deepsea-users mailing list
Deepsea-users at lists.suse.com
http://lists.suse.com/mailman/listinfo/deepsea-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/deepsea-users/attachments/20170619/59609179/attachment.htm>
More information about the Deepsea-users
mailing list