Comment 3 for bug 2007917

Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote : Re: [xena][cephfs] Manilla availability zone allow to use unauthorized share-type

Thanks for your response;

If you want to restrict a share type to specific backend, and prevent other share types from matching that backend, you need those instructions coded as extra-specs - otherwise there's no way for manila to tell these share types and backends apart.

In the scenario you provided, you have two share types and you want to isolate each to a specific backend. You can do that in several ways; a couple of them are:

1) Set "share_backend_name" as an extra-spec in each of the share types to match or exclude the exact backend you want (cephfs_az2, cephfs_nfs_az1)

  `` manila type-key st1 set share_backend_name='cephfs_nfs_az1' ``
  `` manila type-key st2 set share_backend_name='s!= cephfs_nfs_az1' ``

2) Set "availability_zones" extra spec to restrict what AZs users of the share type can work within, for example,

  `` manila type-key st1 set availability_zones=nova `` and
  `` manila type-key st2 set availability_zones=az2 ``

More details here:

Prior to creating share types, you can use "manila pool-list --detail" to see what each backend reports to the scheduler so you can figure out what extra specs are possible.