Open Stack

Hi,

On Wed, Apr 26, 2023 at 4:42 PM wodel youchi <wodel.youchi at gmail.com> wrote:

> Hi,
>
> The examples I could find on the internet using LVM as backend for Cinder,
> they expose a local disk using lvm via Cinder.
>
> I did this configuration and I am wondering if it's correct, especially
> from a "simultaneous access" point of view.
>
> I have an iSCSI target backed by targetcli that exposes a LUN to my
> compute nodes. I did configure the iscsi connexion manually on each one of
> them and they all see the LUN, then on one of them I created the
> cinder-volumes VG (the other nodes can see the modifications), then I
> configured Cinder with lvm backend using this VG and it worked. I created
> some volumes on it without issues using my account. But what about when
> there are multiple tenants that try to create multiple volumes on it, is
> this configuration safe?
>
>
I might not be 100% correct but I don't think it should affect anything.
The backend, here LVM, doesn't have any information of the LUN association
with the project and OpenStack does the management
of associating volumes (OpenStack terminology of LUNs) with a particular
project also managing the access via keystone roles and scopes.
The backend shouldn't worry about the access of a LUN from a different
project since "project" is an OpenStack concept which is handled in the
OpenStack layer itself.
Unless a LUN export/map request is coming from outside of OpenStack, proper
authorization and authentication should be maintained.

Thanks
Rajat Dhasmana


> Regards.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230530/2a920b89/attachment.htm>