Manila Support For VirtioFS
RHEL now supports the new virtioFS access mode allowing file storage to be attached to the VMs in a similar way block is currently managed.
The main driver for this integration is Ceph, the current Ganesha integration lacks performances & scale capability and the native CephFS integration bring serious security concerns. VirtioFS solves all this differents aspects in a unique performant, scalable and performant way.
This feature will greatly improve customer experience when using Manila shares specially for customers who are running OpenShift on OpenStack with RWX PVs provided by Manila (CSI).
Why
Security
- Protects cloud storage infrastructure from untrusted tenants since guests no longer require network access to storage
- Especially important with storage systems like Ceph which delegate work like quota enforcement to the client and which require that the client have network access to its service daemons
- No longer a need for Manila drivers to manage virtual file servers and special share networks (DHSS=True) to achieve strong separation of tenants from one another
Usability
- Consistent user experience and expectations across OpenStack block and file storage
- Common abstraction layer for guests to mount using "tags" so they do not have to know anything about the backend storage protocols (NFS, CIFS, native CephFS, Lustre, etc)
- No longer a need for access control or key/credential distribution to users so that they can mount and use shares
Scale and Performance
- multiple guests using the same share can use a common staged remote share, reducing the number of network mounts on the file server
- gateway services like ganesha that had to be centralized can be removed in favor of virtiofs services spread out over the totality of compute nodes