Bug 1849843

Summary: Manage API allows an existing share to be managed
Product: Red Hat OpenStack Reporter: Goutham Pacha Ravi <gouthamr>
Component: openstack-manilaAssignee: Goutham Pacha Ravi <gouthamr>
Status: CLOSED ERRATA QA Contact: vhariria
Severity: medium Docs Contact: RHOS Documentation Team <rhos-docs>
Priority: medium    
Version: 16.2 (Train)CC: astillma, gouthamr, gregraka, lkuchlan, lmarsh, shrjoshi, tbarron, vhariria, vimartin
Target Milestone: AlphaKeywords: Bugfix, Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: openstack-manila-9.1.5-2.20210121124925.ab3f41b.el8ost.1 Doc Type: Bug Fix
Doc Text:
Previously, the Shared File Systems service (manila) API that brings external shares into service management did not check for duplicated export locations. An existing share brought into the service multiple times results in an inconsistent state. + With this release, the API evaluates the export locations of known or existing shares before allowing external shares to be managed, and prevents existing shares from being erroneously brought into the Shared File Systems service again.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-15 07:08:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Goutham Pacha Ravi 2020-06-23 00:09:29 UTC 
Description of problem:

manila's Manage API [1] does not prevent re-managing an already managed share under certain circumstances. The API performs a check by comparing the export location provided against all known shares in the manila database. However, that check does not work currently when a share has multiple export locations.

The retrieval logic for search options looks suspicious:

https://opendev.org/openstack/manila/src/commit/b6b2eb5cf3a32e506af8734acecb4a34ceafc982/manila/share/api.py#L1709-L1718

There's an attempt to retrieve the export location with the key "export_location" on the Share model (https://opendev.org/openstack/manila/src/commit/b6b2eb5cf3a32e506af8734acecb4a34ceafc982/manila/share/api.py#L671), but in reality, there is no such key on the database schema.

There's a meta property on the share model, which just fetches a share's instance's first export location:

- https://opendev.org/openstack/manila/src/commit/b6b2eb5cf3a32e506af8734acecb4a34ceafc982/manila/db/sqlalchemy/models.py#L206-L208

- https://opendev.org/openstack/manila/src/commit/b6b2eb5cf3a32e506af8734acecb4a34ceafc982/manila/db/sqlalchemy/models.py#L353-L355


Version-Release number of selected component (if applicable): 13 - 16+


How reproducible: Sporadically


Steps to Reproduce:
1. Configure manila with a backend that can present multiple export paths - for example, a NetApp vServer that can expose two or more NICs
2. Create a share, note its export locations
3. Use the manage API with the export locations, one at a time

Actual results:
Step 3 sometimes passes, resulting in a share getting managed twice - this could be disruptive to existing clients, and in some cases disastrous, because it requires some special handling for doubly managed shares to remove the duplicates, without causing data loss.

Expected results:
Step 3 must be disallowed always



Additional info:


[1] https://docs.openstack.org/api-ref/shared-file-system/#manage-share-since-api-v2-7
Comment 12 errata-xmlrpc 2021-09-15 07:08:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform (RHOSP) 16.2 enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:3483