openstack的使用——7. 共享文件系统manila服务

OpenStack Manila 共享文件系统实战从部署到 NFS 挂载全指南在云环境中除了块存储Cinder和对象存储Swift共享文件系统Shared File System同样是关键基础设施。多个虚拟机需要同时读写同一份数据的场景如 Web 集群、日志聚合、开发协作中传统块设备无法满足需求。为此OpenStack 提供了Manila —— 一个支持多协议、多后端的共享文件系统服务。它抽象了底层存储细节通过统一 API 提供 NFS、CIFS/SMB、GlusterFS、CephFS 等协议的共享目录。本文将手把手带你完成Manila 控制节点与计算节点的完整部署基于 LVM 的 NFS 后端配置创建共享目录并授权访问在控制节点挂载验证实验环境说明控制节点controller (192.168.200.150)计算节点compute (192.168.200.151)存储设备/dev/sda6用于 LVM 卷组OpenStack 版本Train 或以上安全假设所有节点互通防火墙已放行相关端口如 2049/NFS一、Manila 核心概念1. 什么是 ManilaManila 是 OpenStack 的共享文件系统即服务FaaS组件具有以下特点✅多协议支持NFS v3/v4、CIFS/SMB、HDFS、GlusterFS、CephFS 等✅多后端驱动可对接 NetApp、EMC、华为、LVM、Generic 等✅租户隔离每个 Project 可独立管理自己的共享目录✅灵活授权基于 IP、用户、AD 域等控制访问权限典型应用场景多台 Web 服务器共享静态资源CI/CD 流水线中的构建缓存数据分析集群的输入/输出目录2. 架构组件组件作用manila-api接收 REST 请求处理认证与路由manila-scheduler调度共享请求到合适的后端manila-share实际创建/管理共享目录运行在存储节点Driver与具体存储系统交互如 LVM NFS 在本实验中manila-api和manila-scheduler运行在controllermanila-share运行在compute兼作存储节点二、Manila 服务部署1. 控制节点安装与配置1创建数据库与用户source/etc/keystone/admin-openrc.sh# 创建数据库mysql-uroot-p000000-e CREATE DATABASE IF NOT EXISTS manila; GRANT ALL PRIVILEGES ON manila.* TO manilalocalhost IDENTIFIED BY 000000; GRANT ALL PRIVILEGES ON manila.* TO manila% IDENTIFIED BY 000000; # 创建服务用户openstack user create--domaindefault--password000000 manila openstack roleadd--projectservice--usermanila admin# 注册服务与端点openstackservicecreate--namemanila--descriptionOpenStack Shared File Systemsshare openstackservicecreate--namemanilav2--descriptionOpenStack Shared File Systems V2sharev2 openstack endpoint create--regionRegionOne share public http://controller:8786/v1/%$tenant_id$sopenstack endpoint create--regionRegionOne share internal http://controller:8786/v1/%$tenant_id$sopenstack endpoint create--regionRegionOne share admin http://controller:8786/v1/%$tenant_id$sopenstack endpoint create--regionRegionOne sharev2 public http://controller:8786/v2/%$tenant_id$sopenstack endpoint create--regionRegionOne sharev2 internal http://controller:8786/v2/%$tenant_id$sopenstack endpoint create--regionRegionOne sharev2 admin http://controller:8786/v2/%$tenant_id$s2安装软件包yuminstall-yopenstack-manila python-manilaclient3配置/etc/manila/manila.conf[database] connection mysqlpymysql://manila:000000controller/manila [DEFAULT] transport_url rabbit://openstack:000000controller state_path /var/lib/manila default_share_type default_share_type share_name_template share-%s rootwrap_config /etc/manila/rootwrap.conf api_paste_config /etc/manila/api-paste.ini my_ip 192.168.200.150 auth_strategy keystone [keystone_authtoken] memcached_servers controller:11211 www_authenticate_uri http://controller:5000 auth_url http://controller:5000 auth_type password project_domain_name default user_domain_name default project_name service username manila password 000000 [oslo_concurrency] lock_path /var/lib/manila/manila4同步数据库并启动服务su-s/bin/sh-cmanila-manage db syncmanila systemctlenableopenstack-manila-api.service openstack-manila-scheduler.service systemctl restart openstack-manila-api.service openstack-manila-scheduler.service2. 计算节点安装与配置作为存储后端1安装依赖yuminstall-yopenstack-manila-share python2-PyMySQL libtalloc python-manilaclient MySQL-python yuminstall-ylvm2 nfs-utils nfs4-acl-tools targetcli2配置 Manila[database] connection mysqlpymysql://manila:000000controller/manila [DEFAULT] transport_url rabbit://openstack:000000controller my_ip 192.168.200.151 api_paste_config /etc/manila/api-paste.ini rootwrap_config /etc/manila/rootwrap.conf state_path /var/lib/manila auth_strategy keystone default_share_type default_share_type enabled_share_protocols NFS,CIFS [keystone_authtoken] # ...同控制节点略 [oslo_concurrency] lock_path /var/lib/manila/tmp3初始化 LVM 存储mkdir-p/var/lib/manilachownmanila: /var/lib/manila# 使用 /dev/sda6 创建卷组pvcreate /dev/sda6 vgcreate manila-volumes /dev/sda64配置 LVM 后端在manila.conf末尾添加[DEFAULT] enabled_share_backends lvm [lvm] share_backend_name LVM share_driver manila.share.drivers.lvm.LVMShareDriver driver_handles_share_servers False lvm_share_volume_group manila-volumes lvm_share_export_ips 192.168.200.151关键参数解释driver_handles_share_servers False表示不创建隔离的 Share Server简化模式适合测试lvm_share_export_ipsNFS 导出的 IP 地址即 compute 节点 IP5启动服务systemctlenablelvm2-lvmetad.target target.service nfs-server systemctl restart lvm2-lvmetad.service target.service openstack-manila-share三、使用 Manila 共享服务1. 创建共享类型Share Typesource/etc/keystone/admin-openrc.sh# 创建默认共享类型不使用 share networkmanila type-create default_share_type False输出------------------------------------------------------------ | Property | Value | ------------------------------------------------------------ | required_extra_specs | driver_handles_share_servers : False | | Name | default_share_type | | Visibility | public | | is_default | YES | | ID | 0b12fc7b-3745-4683-ae5c-4ac8ab86c3be | ------------------------------------------------------------查看类型列表manila type-list2. 创建共享目录# 创建 2GB 的 NFS 共享目录manila create NFS2--nameshare-test等待状态变为availablemanila list输出示例--------------------------------------------------------------------------------------------------------------------------------------------------------------- | ID | Name | Size | Share Proto | Status | Is Public | Share Type Name | Host | Availability Zone | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | 7abe166b-ea00-4a5e-b54d-0db4adda2cdc | share-test | 2 | NFS | available | False | default_share_type | computelvm#lvm-single-pool | nova | ---------------------------------------------------------------------------------------------------------------------------------------------------------------3. 授权访问允许192.168.200.0/24网段读写访问manila access-allow share-testip192.168.200.0/24 --access-level rw查看授权列表manila access-list share-test输出----------------------------------------------------------------------------------------------------------------------------------------------- | id | access_type | access_to | access_level | state | access_key | created_at | updated_at | ----------------------------------------------------------------------------------------------------------------------------------------------- | 5dc2d4de-9085-43f0-859b-d68ce2ad8f36 | ip | 192.168.200.0/24 | rw | active | None | 2023-04-10T13:29:11.000000 | None | -----------------------------------------------------------------------------------------------------------------------------------------------️删除授权manila access-deny share-test4. 挂载共享目录1获取挂载路径manila show share-test|greppath# 输出path 192.168.200.151:/var/lib/manila/mnt/share-67952ac5-8a18-4710-a324-8c2ed8254c6e2在控制节点挂载mkdir-p/mnt/share-testmount-tnfs192.168.200.151:/var/lib/manila/mnt/share-67952ac5-8a18-4710-a324-8c2ed8254c6e /mnt/share-test3验证挂载df-Th|grepnfs输出192.168.200.151:/var/lib/manila/mnt/share-... nfs4 2.0G 6.0M 1.8G 1% /mnt/share-test✅ 此时可在/mnt/share-test中读写文件多台虚拟机可同时挂载实现共享四、总结与对比服务类型协议多挂载典型用途Cinder块存储iSCSI, RBD❌通常单挂载数据库盘、系统盘Swift对象存储HTTP/REST✅只读镜像、备份、静态资源Manila文件存储NFS, CIFS✅读写Web 共享、日志、协作生产建议使用专用存储节点运行manila-share为不同性能需求创建多个 Share Type如 SSD-NFS、HDD-CIFS结合安全组/NFS export 限制访问源监控 LVM 卷组剩余空间Manila 填补了 OpenStack 在共享文件存储领域的空白使云平台真正具备企业级存储能力。掌握它你的私有云将更贴近真实业务需求欢迎在评论区分享你的 Manila 实践经验