Shared File System in OpenStack on Destination Earth

What we are going to cover

Prerequisites

No. 1 Account

You need a DESP OpenID hosting account with access to the Horizon interface:

What are SFS/Shared File Systems?

A Shared File System (SFS) is a type of file storage solution that allows multiple users or computers to access, read, and write to the same files and directories over a network. This capability is crucial for collaborative environments where data needs to be shared across various teams or applications seamlessly.

Key features and benefits of a Shared File System include:

  • Concurrent Access: Multiple users or systems can access the same files simultaneously, facilitating real-time collaboration and data sharing.

  • Centralized Management: Data is stored and managed from a central location, making it easier to perform backups, implement security policies, and oversee access controls.

  • Scalability: Shared File Systems are designed to scale with the needs of an organization, accommodating growing amounts of data and an increasing number of users or applications.

  • Access Control: Advanced permissions and authentication mechanisms ensure that only authorized users can access or modify the files, enhancing security.

  • Compatibility: Shared File Systems often support multiple protocols, such as NFS (Network File System) and SMB (Server Message Block), allowing them to integrate with diverse operating systems and platforms.

  • Data Consistency: Mechanisms such as file locking and snapshots help maintain data consistency and integrity, even when files are accessed by multiple users at the same time.

The simplest parallel of SFS to other known solutions will be NAS (Network Attached Storage) device installed in a small office. By buying and connecting such a device to the office network you get shared storage without worrying about server hardware configuration or software administration. The only thing to do is to set the access rights.

Technology behind SFS

SFS in OpenStack is provided by a dedicated module known by its project name Manila. It allows users to provision and manage file shares (e.g., NFS or SMB) as a service.

Key features of OpenStack SFS/Manila include:

  • Provisioning: Ability to create, delete, and modify shared file systems on-demand.

  • Access Control: Manage which instances or users have access to the file shares.

  • Snapshots: Support for creating and managing snapshots of file systems.

  • Multi-tenancy: Ensures that different tenants can safely consume and isolate shared file systems.

  • Backend Support: Capability to work with various types of storage backends for flexibility and scalability.

Overall, Manila adds an important dimension to the storage capabilities within OpenStack, complementing block storage (Cinder) and object storage (Swift) to provide a comprehensive suite of storage services.

Details of SFS implementation at DEDL

  1. NVME storage in backend.

  2. Single sfs network for all tenants and projects.

  3. All instances using shares must be attached to this common sfs network.

  4. Access to share is defined by IP address of instance.

  5. NFS (Network File System) only protocol is currently available.

The important implication and feature

Since all shares and instances are in the same network, the SFS shares may be used to simply share data between OpenStack projects or even tenants. Thanks to this you may:

  • Build environments based on multiple projects in the same region.

  • Use share as a more elastic solution for migration between projects than transferring volumes.

  • Cooperate and share data with other organizations using CloudFerro Cloud / CREODIAS in the same region.

Permissions

To use the SFS solution, the user must have the appropriate permissions. The primary role that allows creating and managing shares is the manila_user role, which must be assigned to the user by administrator per project. Without this role, the Shares option will not be available in the Horizon menu, nor will any actions be executable via the API.

Here is how to verify whether you can use SFS:

  1. OpenStack GUI Horizon

  2. select the project and

  3. click on Network -> Networks.

  4. Review the list. Besides the other networks, you should see sfs network with sfs1-subnet.

  5. Additionally, in the left side menu you should see the section Share.

../../../../_images/sfs-network-present.png

Steps to create and access share:

  1. Select instances that should access the share.

  2. Go to the list of instances. In Horizon GUI Compute -> Instances

  3. For each of them select from the context menu Attach Interface

    ../../../../_images/image-2025-9-15_14-3-23.png

  4. Leave the way of specifying Interface as by Network (and IP address) and select sfs network

Leave Fixed IP Address empty. The address would automatically be assigned by DHCP.

Note IP addresses assigned to instances in sfs network.

../../../../_images/image-2025-9-15_14-7-44.png

Click on button Attach Interface and a note with green background will appear in the right upper corner of the Horizon windows, stating that the interface is created.

  1. Create a share.

Go to Horizon to Share -> Shares.

Click + Create Share button.

In window:

../../../../_images/image-2025-9-15_14-8-3.png

You must fill:

  • Share Name

  • Share Protocol (remember that default option NFS is only supported)

  • Size

  • Availability Zone

Then press button Create.

  1. When a new share appears on the list, click its name and note the path:

../../../../_images/image-2025-9-15_14-8-40.png

  1. Return to shares list and select from share context menu Manage Rules

../../../../_images/image-2025-9-15_14-9-5.png

Click + Add rule button

On popup window:

../../../../_images/image-2025-9-15_14-9-22.png

  • Leave Access type as ip

  • Select Access Level from read-only or read-write.

  • Insert IP address in sfs network noted before for instance with mask 32 with format xx.xx.xx.xx/32.

Repeat + Add Rule for all other addresses noted.

IMPORTANT NOTE:

As this is the only way of granting/restricting access, we strongly recommend to always use a single instance IP address with mask 32 meaning only single address, despite the fact that wider network class with lower mask may be entered here.

Mounting the share on an instance

Login on each instance and execute commands:

cd /mnt
sudo mkdir my-share
sudo mount -t nfs -o vers=4.2 <path noted in step 6> /mnt/my-share/

Example of last command

sudo mount -t nfs -o vers=4.2 10.84.80.17:/volumes/_nogroup/12345678-1234-1234-5679-123456789abcd/12345678-1234-5678-9abc-12345678 /mnt/my-share/

You can now use shared file system from many instances.