Bug 2034975

Summary: cephfs volume continues to be writeable when blocklisted by just IP
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Raghavendra Talur <rtalur>
Component: CephFSAssignee: Greg Farnum <gfarnum>
Status: CLOSED WORKSFORME QA Contact: Hemanth Kumar <hyelloji>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 5.1CC: ceph-eng-bugs, gfarnum, hyelloji, kseeger, mrajanna, muagarwa, owasserm, rabhat, srangana
Target Milestone: ---   
Target Release: 5.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-12 13:18:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Raghavendra Talur 2021-12-22 15:56:26 UTC 
Description of problem:
Create and mount a cephfs volume. Blocklist the client IP using the osd blocklist command, without providing the nonce. The client is able to write to the volume even after blocklisting the IP.



How reproducible:
Always


Steps to Reproduce:
1. Mount a cephfs volume
2. osd blocklist the IP of the client node
3. write to the cephfs volume and sync.

Actual results:
The write is successful and can be seen on a different mount.

Expected results:
The write should not go through as the IP is blocklisted.
Comment 1 RHEL Program Management 2021-12-22 15:56:33 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 2 Mudit Agarwal 2021-12-22 16:21:20 UTC 
Proposing it for 5.1 as it is needed by ODF 4.10, please re-target if required.
Comment 3 Greg Farnum 2022-01-06 02:17:52 UTC 
IP-based blocklisting is working when I try it on my dev box — in fact it blocks IOs from the MDS since they're all running locally!

Can you provide more complete details about what you did to set up this test? Exactly what commands did you run? Are you *sure* the client IP address was the one blocklisted, and that the client node didn't have multiple IPs it was using? Please run "ceph daemon <mds> session ls" before and after the blocklisting commands to be certain.
Comment 4 Greg Farnum 2022-01-11 14:51:24 UTC 
Really need to hear from QA about this or it's going to get bumped.