[openstack-dev] [Manila] Access rule types for protocols
Ben Swartzlander
ben at swartzlander.org
Thu Jul 27 14:51:44 UTC 2017
Manila has a long standing design flaw that I'd like to address in
Queens. We've discussed this as previous PTGs and will cover it in
detail as the upcoming PTG but because of the potential for impacting
users I wanted to bring it up here too.
In short, Manila allows potentially incompatible access rules to be
added to shares. We handle this by allowing the driving to fail to apply
the rule and reporting that error back to the user by marking the access
rule as being in an error state.
This history of this design is that at the very beginning of the
project, we didn't have a strong sense of what kind of access rules
would be used in practice, or implemented by vendors, and we didn't want
to design the API to limit what users were allowed to request. In
retrospect, this attempt at flexibility was misguided because it's now
very hard for users to know what is supported on any given cloud and we
have a complete lack of standardization.
Informally, we've settled on the idea that each protocol has exactly 1
access type that must be supported, and I'd like to formalize that
notion by changing the API to enforce the agreed upon standard. This
raises the specter of "backwards incompatibility" because such an API
change would block requests that were previously allowed. My feeling
about this specific case is that the requests were going to result in an
error eventually, so making them result in an error earlier is an
improvement.
The concern is whether there might be any legitimate cases for using the
nonstandard access methods that could be broken by the proposed change.
In particular, I'd like to know if anyone actually uses IP-based access
for CIFS or User-based access for NFS and what that looks like -- in
particular which driver and what is the use case for it. My current
assumption is that these are effectively broken and removing them will
hurt nobody. If legitimate cases can be found, then we need to find a
way to support them in a more standardized, discoverable fashion.
-Ben Swartzlander
More information about the OpenStack-dev
mailing list