[manila] CephFS NFS high availability cluster
Goutham Pacha Ravi
gouthampravi at gmail.com
Mon Jun 13 18:12:28 UTC 2022
On Mon, Jun 13, 2022 at 6:20 PM CHANU ROMAIN <romain.chanu at univ-lyon1.fr> wrote:
> I added Manila service with CephFS NFS driver to my openstack cluster.
> Everything works fine but I would like to add 2 nfs-ganesha servers to
> ensure high availability to the service.
> I configured haproxy to forward 2049 to ganesha backend but Manila
> cephFS NFS provides only IP restriction and see only haproxy's IP
> address. To make it work you have to add haproxy to allowed ip but it
> means everyone can access the share.
True; HAProxy terminates client connections and NFS Ganesha sees the
HAProxy's IP address instead of the client's IP address. This causes
the client's mount operations to be denied since manila explicitly
requests client restrictions to exports according to the share's
access rules. Presumably, setting up haproxy in "transparent" mode may
allow the client source IP to be preserved. We have found that this is
infeasible in deployments such as the Red Hat OpenStack Platform.
We're discussing with the nfs-ganesha community if they would support
the PROXY protocol .
How are you orchestrating your nfs-ganesha solution with haproxy? Via
a custom script? Or are you using cephadm? . I ask also because the
CephFS-NFS driver in manila currently communicates with NFS-Ganesha
via dbus, and we're looking to support the use of new Ceph Manager
APIs to setup, update and teardown exports in the Zed release - this
should make configuring multiple NFS-Ganesha servers much more
efficient and easy.
> So currently the only way I found out is to use pacemaker to set public
> vip to a running nfs-ganesha node. Could you confirm that is not
> possible to provide an active/active nfs-ganesha cluster with manila
> cephfs NFS driver?
> Best regards,
More information about the openstack-discuss