Bug 2342244

Summary: Snapshots doesn't work when the caps for implicit namespace is set
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Leela Venkaiah Gangavarapu <lgangava>
Component: RADOSAssignee: Radoslaw Zarzynski <rzarzyns>
Status: CLOSED ERRATA QA Contact: Pawan <pdhiran>
Severity: medium Docs Contact:
Priority: urgent    
Version: 8.0CC: bhubbard, ceph-eng-bugs, cephqe-warriors, idryomov, linuxkidd, muagarwa, ngangadh, nojha, rzarzyns, tserlin, vumrao
Target Milestone: ---Flags: idryomov: needinfo? (rzarzyns)
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.2.1-84.el9cp Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2342981 (view as bug list) Environment:
Last Closed: 2025-06-26 12:24:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2342981    

Description Leela Venkaiah Gangavarapu 2025-01-27 12:53:46 UTC 
Description of problem:
When the osd caps are restricted to implicit namespace we are not able to create snapshots for RBD volume in ODF

Version-Release number of selected component (if applicable):
rhceph-container-8-208

How reproducible:
Always

Steps to Reproduce:
Perform RBD snapshot with below caps, basically [namespace ''] in [caps osd]

    	key = AQA4iZNnoMgpFBAATwl0wSN9ehCYoZeDl3zi1A==
    	caps mgr = "allow rw"
    	caps mon = "profile rbd, allow command 'osd blocklist'"
    	caps osd = "profile rbd namespace ''"

Actual results:
I0124 13:12:14.514092   	1 rbd_util.go:1485] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd rbd: snap create ocs-storagecluster-cephblockpool/csi-vol-818ad38a-30e8-4c15-8ce0-ddb82cf420c3@csi-vol-fed47bc1-9c1b-40a4-ad68-f2c0b0103aa6-temp using mon

E0124 13:12:14.557562   	1 snapshot.go:40] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd failed to create snapshot ocs-storagecluster-cephblockpool/csi-vol-818ad38a-30e8-4c15-8ce0-ddb82cf420c3@csi-vol-fed47bc1-9c1b-40a4-ad68-f2c0b0103aa6-temp: rbd: ret=-1, Operation not permitted

I0124 13:12:14.564763   	1 omap.go:126] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd removed omap keys (pool="ocs-storagecluster-cephblockpool", namespace="", name="csi.volumes.default"): [csi.volume.pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd]

E0124 13:12:14.564816   	1 utils.go:271] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd GRPC error: rbd: ret=-1, Operation not permitted

Expected results:
Snapshot should be successful

Additional info:
I found the issue during snapshot of rbd and Ilya root caused it to RADOS component.

what works is 

    	key = AQB3gJNngMEAExAAvaHITiiD/CInm7ptHx20OA==
    	caps mgr = "allow rw"
    	caps mon = "profile rbd, allow command 'osd blocklist'"
    	caps osd = "profile rbd"
Comment 1 Storage PM bot 2025-01-27 12:53:54 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 16 errata-xmlrpc 2025-06-26 12:24:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775