Bug 1678308
| Summary: | [ceph-nfs-ganesha] Allow 'cephx' access to a NFS share type | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | lkuchlan <lkuchlan> |
| Component: | openstack-manila | Assignee: | Tom Barron <tbarron> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jason Grosso <jgrosso> |
| Severity: | medium | Docs Contact: | mmurray |
| Priority: | medium | ||
| Version: | 14.0 (Rocky) | CC: | apevec, gouthamr, jgrosso, lhh, pasik, vimartin |
| Target Milestone: | --- | Keywords: | TestOnly, Triaged, ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-manila-7.3.0-1.el7ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-16 10:45:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
According to our records, this should be resolved by openstack-manila-7.3.0-1.el7ost. This build is available now. |
Description of problem: Manila allows 'cephx' access to a NFS share type while only 'ip' access should be allowed. Version-Release number of selected component (if applicable): python2-manilaclient-1.24.1-0.20180809180957.316bd21.el7ost.noarch How reproducible: 100% Steps to Reproduce: (overcloud) [stack@undercloud-0 ~]$ manila create NFS 1 --name share1 --share-type default_share_type +---------------------------------------+--------------------------------------+ | Property | Value | +---------------------------------------+--------------------------------------+ | status | creating | | share_type_name | default_share_type | | description | None | | availability_zone | None | | share_network_id | None | | share_server_id | None | | share_group_id | None | | host | | | revert_to_snapshot_support | False | | access_rules_status | active | | snapshot_id | None | | create_share_from_snapshot_support | False | | is_public | False | | task_state | None | | snapshot_support | False | | id | bd86b90e-00fa-49e7-a8c4-b18dbd708250 | | size | 1 | | source_share_group_snapshot_member_id | None | | user_id | ceee86a910d54af1bc1a629022033da2 | | name | share1 | | share_type | 58a9f347-dd98-4db2-bb68-ece69ceef271 | | has_replicas | False | | replication_type | None | | created_at | 2019-02-18T12:39:55.000000 | | share_proto | NFS | | mount_snapshot_support | False | | project_id | fd808698c9c34580a92266ff52b11b0d | | metadata | {} | +---------------------------------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ manila list +--------------------------------------+--------+------+-------------+-----------+-----------+--------------------+-------------------------+-------------------+ | ID | Name | Size | Share Proto | Status | Is Public | Share Type Name | Host | Availability Zone | +--------------------------------------+--------+------+-------------+-----------+-----------+--------------------+-------------------------+-------------------+ | bd86b90e-00fa-49e7-a8c4-b18dbd708250 | share1 | 1 | NFS | available | False | default_share_type | hostgroup@cephfs#cephfs | nova | +--------------------------------------+--------+------+-------------+-----------+-----------+--------------------+-------------------------+-------------------+ (overcloud) [stack@undercloud-0 ~]$ manila access-allow share1 cephx eve +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | access_key | None | | share_id | bd86b90e-00fa-49e7-a8c4-b18dbd708250 | | created_at | 2019-02-18T12:41:59.000000 | | updated_at | None | | access_type | cephx | | access_to | eve | | access_level | rw | | state | queued_to_apply | | id | 3903a546-812b-430c-8977-bac2c59defa9 | | metadata | {} | +--------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ manila access-list share1 +--------------------------------------+-------------+-----------+--------------+--------+------------+----------------------------+------------+ | id | access_type | access_to | access_level | state | access_key | created_at | updated_at | +--------------------------------------+-------------+-----------+--------------+--------+------------+----------------------------+------------+ | 3903a546-812b-430c-8977-bac2c59defa9 | cephx | eve | rw | active | None | 2019-02-18T12:41:59.000000 | None | +--------------------------------------+-------------+-----------+--------------+--------+------------+----------------------------+------------+ (overcloud) [stack@undercloud-0 ~]$ manila access-show 3903a546-812b-430c-8977-bac2c59defa9 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | access_key | None | | share_id | bd86b90e-00fa-49e7-a8c4-b18dbd708250 | | created_at | 2019-02-18T12:41:59.000000 | | updated_at | None | | access_type | cephx | | access_to | eve | | access_level | rw | | state | active | | id | 3903a546-812b-430c-8977-bac2c59defa9 | | metadata | {} | +--------------+--------------------------------------+ Actual results: Allow 'cephx' access to a NFS share type. Expected results: 'cephx' access to a NFS share type is not allowed. Only 'ip' access to a NFS share type should be allowed.