HPE 3PAR Driver for OpenStack Manila¶
The HPE 3PAR manila driver provides NFS and CIFS shared file systems to OpenStack using HPE 3PAR’s File Persona capabilities.
In OpenStack releases prior to Mitaka this driver was called the HP 3PAR driver. The Liberty configuration reference can be found at: http://docs.openstack.org/liberty/config-reference/content/hp-3par-share-driver.html
For information on HPE 3PAR Driver for OpenStack Manila, refer to content kit page.
The following operations are supported with HPE 3PAR File Persona:
Create/delete NFS and CIFS shares
Shares are not accessible until access rules allow access
Allow/deny NFS share access
IP access rules are required for NFS share access
Allow/deny CIFS share access
CIFS shares require user access rules.
User access requires a 3PAR local or AD user (LDAP is not yet supported)
Create shares from snapshots
Share networks are not supported. Shares are created directly on the 3PAR without the use of a share server or service VM. Network connectivity is setup outside of manila.
On the system running the manila share service:
python-3parclient 4.2.0 or newer from PyPI.
On the HPE 3PAR array:
HPE 3PAR Operating System software version 3.2.1 MU3 or higher
The array class and hardware configuration must support File Persona
Pre-Configuration on the HPE 3PAR¶
HPE 3PAR File Persona must be initialized and started (
A File Provisioning Group (FPG) must be created for use with manila
A Virtual File Server (VFS) must be created for the FPG
The VFS must be configured with an appropriate share export IP address
A local user in the Administrators group is needed for CIFS shares
The following parameters need to be configured in the manila configuration file for the HPE 3PAR driver:
share_backend_name = <backend name to enable>
share_driver = manila.share.drivers.hpe.hpe_3par_driver.HPE3ParShareDriver
driver_handles_share_servers = False
hpe3par_fpg = <FPG to use for share creation>
hpe3par_share_ip_address = <IP address to use for share export location>
hpe3par_san_ip = <IP address for SSH access to the SAN controller>
hpe3par_api_url = <3PAR WS API Server URL>
hpe3par_username = <3PAR username with the ‘edit’ role>
hpe3par_password = <3PAR password for the user specified in hpe3par_username>
hpe3par_san_login = <Username for SSH access to the SAN controller>
hpe3par_san_password = <Password for SSH access to the SAN controller>
hpe3par_debug = <False or True for extra debug logging>
hpe3par_cifs_admin_access_username = <CIFS admin user name>
hpe3par_cifs_admin_access_password = <CIFS admin password>
hpe3par_cifs_admin_access_domain = <CIFS admin domain>
hpe3par_share_mount_path = <Full path to mount shares>
The hpe3par_share_ip_address must be a valid IP address for the configured FPG’s VFS. This IP address is used in export locations for shares that are created. Networking must be configured to allow connectivity from clients to shares.
hpe3par_cifs_admin_access_username and hpe3par_cifs_admin_access_password must be provided to delete nested CIFS shares. If they are not, the share contents will not be deleted. hpe3par_cifs_admin_access_domain and hpe3par_share_mount_path can be provided for additional configuration.
Restart of manila-share service is needed for the configuration changes to take effect.
Backend Configuration for AD user¶
The following parameters need to be configured through HPE 3PAR CLI to access file share using AD.
Set authentication parameters:
$ setauthparam ldap-server IP_ADDRESS_OF_AD_SERVER
$ setauthparam binding simple
$ setauthparam user-attr AD_DOMAIN_NAME\\
$ setauthparam accounts-dn CN=Users,DC=AD,DC=DOMAIN,DC=NAME
$ setauthparam account-obj user
$ setauthparam account-name-attr sAMAccountName
$ setauthparam memberof-attr memberOf
$ setauthparam super-map CN=AD_USER_GROUP,DC=AD,DC=DOMAIN,DC=NAME
Verify new authentication parameters set as expected:
Verify AD users set as expected:
$ checkpassword AD_USER
Command result should show
user AD_USER is authenticated and authorized
message on successful configuration.
Add ‘ActiveDirectory’ in authentication providers list:
$ setfs auth ActiveDirectory Local
Verify authentication provider list shows ‘ActiveDirectory’:
$ showfs -auth
Set/Add AD user on FS:
$ setfs ad –passwd PASSWORD AD_USER AD_DOMAIN_NAME
Verify FS user details:
$ showfs -ad
Connectivity between the storage array (SSH/CLI and WSAPI) and the manila host is required for share management.
Connectivity between the clients and the VFS is required for mounting and using the shares. This includes:
Routing from the client to the external network
Assigning the client an external IP address (e.g., a floating IP)
Configuring the manila host networking properly for IP forwarding
Configuring the VFS networking properly for client subnets