Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1489127 - Cinder backup uses os_brick to create a nfs share for backup and fails creating subdirectories
Summary: Cinder backup uses os_brick to create a nfs share for backup and fails creati...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: z9
: 10.0 (Newton)
Assignee: Eric Harney
QA Contact: Avi Avraham
URL:
Whiteboard:
Depends On: 1566071 1566091
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-06 18:13 UTC by David Vallee Delisle
Modified: 2021-03-11 15:44 UTC (History)
15 users (show)

Fixed In Version: openstack-cinder-9.1.4-34.el7ost
Doc Type: Bug Fix
Doc Text:
Previously, the Cinder Backup service NFS backend assumed that the NFS server has been configured to allow the Backup service to create files and directories on the server. The Backup service runs as a non-privileged 'cinder' user, requiring file permissions and ownership on the server to be set correctly. This caused backups to fail if the NFS server was not configured to allow the 'cinder' user to create files and directories. With this update, when initializing the NFS backend, the Backup service checks whether the server permissions and directory ownership are correct. The permissions and directory ownership are updated automatically to ensure the Backup service operates correctly.
Clone Of:
: 1566071 1566091 (view as bug list)
Environment:
Last Closed: 2018-09-17 16:57:43 UTC
Target Upstream Version:


Attachments (Terms of Use)
cinder.log (5.68 KB, text/plain)
2017-09-06 18:13 UTC, David Vallee Delisle
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1715456 0 None None None 2017-09-06 18:13:12 UTC
OpenStack gerrit 524728 0 'None' MERGED Solving permission errors due to directory ownership on NFS 2020-06-16 12:41:02 UTC
Red Hat Product Errata RHBA-2018:2717 0 None None None 2018-09-17 16:58:17 UTC

Description David Vallee Delisle 2017-09-06 18:13:13 UTC
Created attachment 1322773 [details]
cinder.log

Description of problem:
Cinder backup uses os_brick to create a nfs share mount point as root and fails creating subdirectories later on as cinder-backup is running as cinder and tries to create a sub directory as cinder.

Version-Release number of selected component (if applicable):


How reproducible:
All the time

Steps to Reproduce:
1. Take a volume backup with a NFS backend


Actual results:
We get a permission denied

Expected results:


Additional info:
     def _init_backup_repo_path(self):
         remotefsclient = remotefs_brick.RemoteFsClient(
             'nfs',
             utils.get_root_helper(),
             nfs_mount_point_base=self.backup_mount_point_base,
             nfs_mount_options=self.mount_options)
         remotefsclient.mount(self.backup_share)
         LOG.info("Mount point: %s",  remotefsclient.get_mount_point(self.backup_share))
         (out, err) = utils.execute('chown', 'cinder.cinder', remotefsclient.get_mount_point(self.backup_share), run_as_root=True)
         LOG.info("Result: %s %s", out, err)
         return remotefsclient.get_mount_point(self.backup_share

Comment 39 Alan Bishop 2018-03-19 18:30:49 UTC
Patch has been backported upstream to Pike, next effort is to propose the patch to driverfixes/ocata and driverfixes/newton. Then we can backport to OSP releases.

Comment 52 Tzach Shefi 2018-08-07 12:38:23 UTC
Verified on: 
openstack-cinder-9.1.4-40.el7ost.noarch

Created a volume, in my case from an image to add some data.
#cinder create 2 --image-id cad7c940-27e4-418c-83de-4490986eb59a --name cirrosvol

Configure Cinder backup with nfs, restart cinder backup service

Backup the new volume
cinder backup-create beebd668-2410-4602-9030-2a6f1937150f
+-----------+--------------------------------------+
| Property  | Value                                |
+-----------+--------------------------------------+
| id        | 489b141c-dcf6-4452-940e-07618849c4c5 |
| name      | None                                 |
| volume_id | beebd668-2410-4602-9030-2a6f1937150f |
+-----------+--------------------------------------+


Backup available -> 
cinder backup-list
+--------------------------------------+--------------------------------------+-----------+------+------+--------------+--------------------------------------------+
| ID                                   | Volume ID                            | Status    | Name | Size | Object Count | Container                                  |
+--------------------------------------+--------------------------------------+-----------+------+------+--------------+--------------------------------------------+
| 489b141c-dcf6-4452-940e-07618849c4c5 | beebd668-2410-4602-9030-2a6f1937150f | available | -    | 2    | 3            | 48/9b/489b141c-dcf6-4452-940e-07618849c4c5 |
+--------------------------------------+--------------------------------------+-----------+------+------+--------------+--------------------------------------------+


Check controller where backup service is running look for mount, or on nfs server itself, notice a new folder was created.
Before backup folder is empty -> 
[root@cougar11 ins_backup]# ll
total 0

After backup is imitated we see a new folder created with cinder:cinder
[root@cougar11 ins_backup]# ll
total 0
drwxr-xr-x. 3 cinder cinder 16 אוג  7 15:30 48

Works as expected.

Comment 54 errata-xmlrpc 2018-09-17 16:57:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2717


Note You need to log in before you can comment on or make changes to this bug.