Bug 2303196

Summary: [NFS] [Dashboard] Export creation directly on cephFS fileysystem is working. It should not allow to create the export directly on cephFS filesystem via dashboard
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Manisha Saini <msaini>
Component: Ceph-DashboardAssignee: dtalweka
Status: CLOSED ERRATA QA Contact: Manisha Saini <msaini>
Severity: high Docs Contact: Akash Raj <akraj>
Priority: unspecified    
Version: 8.0CC: akraj, ceph-eng-bugs, cephqe-warriors, dtalweka, nia, rpollack, tserlin
Target Milestone: ---   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.2.0-4.el9cp Doc Type: Bug Fix
Doc Text:
.Users are now prompted to enter a path when creating an export Previously, creating an export was not prompting for a path and by default `/` was entered. With this fix, when attempting to create the export directly on the file system, it prompts for a path. If an invalid path is entered, creation is not permitted. Additionally, when entering the path of the CephFS file system directly, a warning appears stating "Export on CephFS volume '/' not allowed".
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-11-25 09:04:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2298636, 2317218    

Description Manisha Saini 2024-08-06 16:01:55 UTC 
Description of problem:
===============

In version 8.0, the creation of NFS-Ganesha exports directly on the CephFS filesystem through the dashboard should be restricted (https://jsw.ibm.com/browse/ISCE-760). Users should not be permitted to create NFS exports directly on the CephFS filesystem.

Export created from Dashboard
=============

[ceph: root@ceph-auto-cluster-qwoqln-node1-installer /]# ceph nfs cluster ls
[
  "nfsganesha"
]
[ceph: root@ceph-auto-cluster-qwoqln-node1-installer /]# ceph nfs export ls nfsganesha
[
  "/ganesha"
]
[ceph: root@ceph-auto-cluster-qwoqln-node1-installer /]# ceph nfs export info nfsganesha /ganesha
{
  "access_type": "RW",
  "clients": [],
  "cluster_id": "nfsganesha",
  "export_id": 1,
  "fsal": {
    "fs_name": "cephfs",
    "name": "CEPH",
    "user_id": "nfs.nfsganesha.1"
  },
  "path": "/",
  "protocols": [
    3,
    4
  ],
  "pseudo": "/ganesha",
  "security_label": false,
  "squash": "no_root_squash",
  "transports": [
    "TCP",
    "UDP"
  ]
}

****Dashboard screenshot attached



Version-Release number of selected component (if applicable):
=============================================================
# ceph --version
ceph version 19.1.0-17.el9cp (c4a94422523bb32232df641cbb7125f05a5b49f2) squid (rc)


How reproducible:
==============
Always


Steps to Reproduce:
==================
1. Create NFS service via Dashboard
2. From Dashboard, Create export directly on cephFS filesystem  


Actual results:
=============
Export directly out of cephFS filesystem is created


Expected results:
============
Export creation should only be allowed over subvolume not on filesystem directly


Additional info:
Comment 8 errata-xmlrpc 2024-11-25 09:04:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:10216