1392378 – [RBD:ISCSI]:- ACLs changed are not reflected on the RHEL initiator side hence we are able to mount the images which has been removed from client list

Bug 1392378 - [RBD:ISCSI]:- ACLs changed are not reflected on the RHEL initiator side hence we are able to mount the images which has been removed from client list

Summary: [RBD:ISCSI]:- ACLs changed are not reflected on the RHEL initiator side hence...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat
Component:	RBD
Sub Component:
Version:	2.1
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	2.2
Assignee:	Mike Christie
QA Contact:	ceph-qe-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-07 11:24 UTC by shylesh
Modified:	2017-07-30 15:34 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-07 21:14:13 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description shylesh 2016-11-07 11:24:51 UTC

Description of problem:
I removed couple of images from client image list and reran ceph-iscsi-ansible, but still able to see the image as LUN and able to mount it and perform IO.

Version-Release number of selected component (if applicable):

ceph-iscsi-ansible-1.5-1.el7test.noarch
ceph-iscsi-tools-1.1-1.el7cp.noarch
python-cephfs-10.2.3-12.el7cp.x86_64
iozone-3.424-2_ceph.el7.x86_64
ceph-osd-10.2.3-12.el7cp.x86_64
mod_fastcgi-2.4.7-1.ceph.el7.x86_64
libcephfs1-10.2.3-12.el7cp.x86_64
ceph-common-10.2.3-12.el7cp.x86_64
ceph-iscsi-config-1.5-1.el7test.noarch

How reproducible:


Steps to Reproduce:
1. created a cluster and configured iscsi gateway with 4 gateway nodes
2. created 20 images and mapped to a RHEL7.3 initiator
3. mounted 20 images and performed I/O
4. removed 2 images from ceph-iscsi config file from the image list of the client and re-ran ansible
5. on the initiator side unmounted the those 2 LUNs and rescanned and restarted the multipathd

Actual results:
Removed images are still visible on the initiator and can be mounted and can do successful I/O

Expected results:
Images should not be visible on the initiator once it has been removed from image_list of particular client in iscsi-config .

Additional info:

iscsi-gateway:- magna005,magna012,magna015,magna020
ceph-iscsi-ansible:- magna098
RHEL initiator:- magna048

More details:-
============

snippet from successful ansible run for removal 
==============================
TASK: [ceph-iscsi-gw | igw_client | Configure client connectivity] ************
changed: [magna020] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:479b6cfbcd', 'imag
e_list': 'rbd.ansible1,rbd.myimage1,rbd.myimage2,rbd.myimage3,rbd.myimage4,rbd.myimage5,rbd.myimage6,rbd.myimage8,rbd.myimage9,
rbd.myimage10,rbd.myimage11,rbd.myimage12,rbd.myimage13,rbd.myimage14,rbd.myimage15,rbd.myimage16,rbd.myimage17,rbd.myimage19,r
bd.myimage20'})
changed: [magna015] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:479b6cfbcd', 'imag
e_list': 'rbd.ansible1,rbd.myimage1,rbd.myimage2,rbd.myimage3,rbd.myimage4,rbd.myimage5,rbd.myimage6,rbd.myimage8,rbd.myimage9,
rbd.myimage10,rbd.myimage11,rbd.myimage12,rbd.myimage13,rbd.myimage14,rbd.myimage15,rbd.myimage16,rbd.myimage17,rbd.myimage19,r
bd.myimage20'})
changed: [magna005] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:479b6cfbcd', 'imag
e_list': 'rbd.ansible1,rbd.myimage1,rbd.myimage2,rbd.myimage3,rbd.myimage4,rbd.myimage5,rbd.myimage6,rbd.myimage8,rbd.myimage9,
rbd.myimage10,rbd.myimage11,rbd.myimage12,rbd.myimage13,rbd.myimage14,rbd.myimage15,rbd.myimage16,rbd.myimage17,rbd.myimage19,r
bd.myimage20'})
ok: [magna020] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:f3ca348ccc5b', 'image_l
ist': 'rbd.ansible6,rbd.ansible7,rbd.ansible8,rbd.ansible9,rbd.ansible10'})
ok: [magna015] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:f3ca348ccc5b', 'image_l
ist': 'rbd.ansible6,rbd.ansible7,rbd.ansible8,rbd.ansible9,rbd.ansible10'})
changed: [magna012] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:479b6cfbcd', 'imag
e_list': 'rbd.ansible1,rbd.myimage1,rbd.myimage2,rbd.myimage3,rbd.myimage4,rbd.myimage5,rbd.myimage6,rbd.myimage8,rbd.myimage9,
rbd.myimage10,rbd.myimage11,rbd.myimage12,rbd.myimage13,rbd.myimage14,rbd.myimage15,rbd.myimage16,rbd.myimage17,rbd.myimage19,r
bd.myimage20'})
ok: [magna005] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:f3ca348ccc5b', 'image_list': 'rbd.ansible6,rbd.ansible7,rbd.ansible8,rbd.ansible9,rbd.ansible10'})
ok: [magna012] => (item={'status': 'present', 'chap': 'admin/redhat', 'client': 'iqn.1994-05.com.redhat:f3ca348ccc5b', 'image_list': 'rbd.ansible6,rbd.ansible7,rbd.ansible8,rbd.ansible9,rbd.ansible10'})

PLAY RECAP ********************************************************************
magna005                   : ok=18   changed=5    unreachable=0    failed=0
magna012                   : ok=18   changed=5    unreachable=0    failed=0
magna015                   : ok=18   changed=5    unreachable=0    failed=0
magna020                   : ok=18   changed=5    unreachable=0    failed=0



Entry from ceph-iscsi-gw
========================
  - { pool: 'rbd', image: 'myimage1', size: '250G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage2', size: '251G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage3', size: '252G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage4', size: '253G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage5', size: '254G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage6', size: '255G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage7', size: '256G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage8', size: '257G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage9', size: '258G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage10', size: '259G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage11', size: '260G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage12', size: '261G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage13', size: '262G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage14', size: '263G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage15', size: '264G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage16', size: '265G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage17', size: '266G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage18', size: '267G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage19', size: '268G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage20', size: '269G', host: 'magna012', state: 'present' }
  - { pool: 'rbd', image: 'myimage21', size: '270G', host: 'magna012', state: 'present' }




# client_connections defines the client ACL's to restrict client access to specific LUNs
# The settings are as follows;
# - image_list is a comma separated list of rbd images of the form <pool name>.<rbd_image_name>
# - chap supplies the user and password the client will use for authentication of the
#   form <user>/<password>
# - status shows the intended state of this client definition - 'present' or 'absent'
#
# NB. this definition can be commented out to skip client (nodeACL) management
client_connections:
  - { client: 'iqn.1994-05.com.redhat:479b6cfbcd', image_list: 'rbd.ansible1,rbd.myimage1,rbd.myimage2,rbd.myimage3,rbd.myimage4,rbd.myimage5,rbd.myimage6,rbd.myimage8,rbd.myimage9,rbd.myimage10,rbd.myimage11,rbd.myimage12,rbd.myimage13,rbd.myimage14,rbd.myimage15,rbd.myimage16,rbd.myimage17,rbd.myimage19,rbd.myimage20',  chap:  'admin/redhat', status: 'present' }


Images which are removed are:- myimage7, myimage18
====================================================


From Initiator
===============

following are the images which were removed from the config but still visible on the initiator even after rescan and multipathd restart


[ubuntu@magna048 mpathr]$ sudo multipath -ll | grep -E10 mpathr
mpathr (36001405ff083970d03749c4a5a3128e4) dm-22 LIO-ORG ,IBLOCK          
size=257G features='0' hwhandler='1 alua' wp=rw
|-+- policy='queue-length 0' prio=50 status=active
| `- 24:0:0:8  sdaf 65:240 active ready  running
|-+- policy='queue-length 0' prio=10 status=enabled
| `- 23:0:0:8  sdap 66:144 active ready  running
|-+- policy='queue-length 0' prio=10 status=enabled
| `- 25:0:0:8  sdan 66:112 active ready  running
`-+- policy='queue-length 0' prio=10 status=enabled
  `- 26:0:0:8  sdam 66:96  active ready  running


mpathw (360014055abed8fb4896436faf1c30bcb) dm-13 LIO-ORG ,IBLOCK          
size=262G features='0' hwhandler='1 alua' wp=rw
|-+- policy='queue-length 0' prio=50 status=active
| `- 25:0:0:13 sdbe 67:128 active ready  running
|-+- policy='queue-length 0' prio=10 status=enabled
| `- 23:0:0:13 sdbk 67:224 active ready  running




attaching the saveconfig.json

Comment 3 Harish NV Rao 2016-11-07 13:50:56 UTC

Looks like 'unmap' functionality failure. Could dev triage this BZ and let us know if this is a code issue or an issue because of missing/incorrect step?

Note You need to log in before you can comment on or make changes to this bug.