yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2087541] [NEW] [REF] Add OVN Ganesha Agent to setup path for VM connectivity to NFS-Ganesha

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Amir Nikpour <2087541@xxxxxxxxxxxxxxxxxx>
Date: Fri, 08 Nov 2024 11:01:38 -0000
Reply-to: Bug 2087541 <2087541@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

In public cloud deployments using Manila with the CephFS driver and NFS-
Ganesha, establishing a network path between VMs and the Ganesha service
is necessary for mounting shares. Manila does not natively manage this
connectivity, which can lead to operational inefficiencies and security
concerns. This proposal enables Neutron to handle the required
connectivity, providing a simple, integrated approach within OpenStack.

The solution includes:
1. Creating a port in the user’s private network via API (a distributed localport, similar to the metadata port).
2. Provisioning the port on compute nodes where VMs in the private network reside — a task that would be managed by the new OVN Ganesha Agent.

This RFE specifically proposes the OVN Ganesha Agent to accomplish the second task. This approach is inspired by the existing solution in Neutron for establishing connectivity between VMs and the Nova metadata API. The OVN Ganesha Agent would be deployed on all compute nodes and would have the following responsibilities:
1. Detect ports for Ganesha connectivity in users' private networks.
2. Manage these ports dynamically by plugging them into designated namespaces on the compute nodes and configuring iptables rules to establish a secure path from these namespaces to the NFS-Ganesha service.

As a result, with Neutron and OVN functionalities, this solution enables
VMs to reach the NFS-Ganesha service using the IP of the port in their
private network. This approach provides a simpler, more secure, and
efficient connection that is also distributed and highly available,
offering a fully integrated and comprehensive solution within OpenStack
and Neutron.


[1] https://docs.openstack.org/manila/latest/configuration/shared-file-systems/drivers/cephfs_driver.html

** Affects: neutron
     Importance: Undecided
     Assignee: Amir Nikpour (amniik)
         Status: New


** Tags: rfe

** Changed in: neutron
     Assignee: (unassigned) => Amir Nikpour (amniik)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2087541

Title:
  [REF] Add OVN Ganesha Agent to setup path for VM connectivity to NFS-
  Ganesha

Status in neutron:
  New

Bug description:
  In public cloud deployments using Manila with the CephFS driver and
  NFS-Ganesha, establishing a network path between VMs and the Ganesha
  service is necessary for mounting shares. Manila does not natively
  manage this connectivity, which can lead to operational inefficiencies
  and security concerns. This proposal enables Neutron to handle the
  required connectivity, providing a simple, integrated approach within
  OpenStack.

  The solution includes:
  1. Creating a port in the user’s private network via API (a distributed localport, similar to the metadata port).
  2. Provisioning the port on compute nodes where VMs in the private network reside — a task that would be managed by the new OVN Ganesha Agent.

  This RFE specifically proposes the OVN Ganesha Agent to accomplish the second task. This approach is inspired by the existing solution in Neutron for establishing connectivity between VMs and the Nova metadata API. The OVN Ganesha Agent would be deployed on all compute nodes and would have the following responsibilities:
  1. Detect ports for Ganesha connectivity in users' private networks.
  2. Manage these ports dynamically by plugging them into designated namespaces on the compute nodes and configuring iptables rules to establish a secure path from these namespaces to the NFS-Ganesha service.

  As a result, with Neutron and OVN functionalities, this solution
  enables VMs to reach the NFS-Ganesha service using the IP of the port
  in their private network. This approach provides a simpler, more
  secure, and efficient connection that is also distributed and highly
  available, offering a fully integrated and comprehensive solution
  within OpenStack and Neutron.

  
  [1] https://docs.openstack.org/manila/latest/configuration/shared-file-systems/drivers/cephfs_driver.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2087541/+subscriptions