Deploy nfs-ganesha

Registered by Jan Provaznik

Nfs-ganesha can be used as a proxy when mounting ceph file shares. Because nfs-ganesha backend will be supported in manila service soon, we would like to allow users deploy nfs-ganesha in Overcloud so they can use it as a backend in manila. Major benefit is that tenants (user instances) then don't need direct access to the ceph public network (storage network in Overcloud), but only to the nfs-ganesha servers.

In the first step (Pike release), nfs-ganesha service will be deployed on controller nodes together with manila-share service and it will use active/passive HA mode managed by Pacemaker. A new virtual IP on external network will be used. Nfs-ganesha will listen on this VIP, both virtual IP and nfs-ganesha service failover will be handled by pacemaker. User instances will use the VIP on a new isolated storage-nfs network to access nfs-ganesha when mounting shares (so there is no need to provide access to the ceph public network for them).

This is not a true scale out solution because it uses a shared ganesha server and a shared storage nfs-network for all tenants (and relies on neutron security groups to provide security between tenants). We plan to develop a scale-out solution as a follow-on step.

Related mail-thread:

Blueprint information

Jan Provaznik
Tom Barron
Series goal:
Accepted for rocky
Milestone target:
milestone icon rocky-1
Started by
Jan Provaznik
Completed by
Alex Schultz

Related branches



[2017-12-11] Moving out to Rocky. If necessary please request FFE to explain why this is needed for Queens.
[2018-04-09] Feature patches have been merged. <tbarron> mwhahaha: w.r.t. there'll be more work as bugs I'm sure but we landed the feature patches

Mostly implemented in the series of patches bellow

Gerrit topic:,topic:bp/nfs-ganesha,n,z

Addressed by:
    WIP add ganesha and ganesha VIP

Addressed by:
    Do not create fs and server side key from manila

Addressed by:
    Let mds create manila key and fs

Addressed by:
    Add a StorageNFS network for use by Manila/Ganesha

Addressed by:
    Add storage nfs network parameters

Addressed by:
    Pass storage nfs VIP to ceph-ansible

Addressed by:
    Add support for cephfs+ganesha backend in manila

Addressed by:
    Render NIC config templates with jinja2

Addressed by:
    Some net configs - Do Not Merge

Addressed by:
    Experimental - Do not merge

Addressed by:
    Experimental - DO NOT merge


Work Items

This blueprint contains Public information 
Everyone can see this information.