1610639 – NetApp CIFS (DHSS = True) driver fails to configure CIFS server if AD is in different subnet

Bug 1610639 - NetApp CIFS (DHSS = True) driver fails to configure CIFS server if AD is in different subnet

Summary: NetApp CIFS (DHSS = True) driver fails to configure CIFS server if AD is in d...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-manila
Sub Component:
Version:	10.0 (Newton)
Hardware:	All
OS:	All
Priority:	medium
Severity:	low
Target Milestone:	z9
Target Release:	10.0 (Newton)
Assignee:	Goutham Pacha Ravi
QA Contact:	Dustin Schoenbrun
Docs Contact:	mmurray
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-08-01 05:29 UTC by Goutham Pacha Ravi
Modified:	2018-09-17 17:01 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-manila-3.0.0-13.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, the NetApp driver operating in driver_handles_share_servers=True mode failed to configure Active Directory services when the Active Directory server was not in the same subnet as the ONTAP Vserver. As a result, users were unable to create CIFS shares on the NetApp back-end when the Active Directory server was not on the private tenant network. With this update, the NetApp driver creates the necessary static routes with the gateway specified on the tenant networks. Users can create CIFS shares on the NetApp back-end when the Active Directory service is on a different network, but a path exists with the tenant network gateway.
Clone Of:
Environment:
Last Closed:	2018-09-17 17:00:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1612655	None	None	None	2018-08-01 05:31:10 UTC
Launchpad	1698258	None	None	None	2018-08-01 05:29:01 UTC
OpenStack gerrit	478705	None	None	None	2018-08-01 05:39:41 UTC
Red Hat Product Errata	RHBA-2018:2671	None	None	None	2018-09-17 17:01:37 UTC

Description Goutham Pacha Ravi 2018-08-01 05:29:01 UTC

NetApp CIFS (DHSS = True) driver fails to configure CIFS server if the Active Directory service is deployed in a different subnet

Error in the share manager service:

2017-06-16 02:22:26.859 474262 DEBUG manila.share.drivers.netapp.dataontap.client.api [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Response: <results xmlns="http://www.netapp.com/filer/admin" status="passed"/>
 invoke_elem /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/api.py:248
2017-06-16 02:22:26.860 474262 DEBUG manila.share.drivers.netapp.utils [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Leaving method configure_dns trace_wrapper /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/utils.py:88
2017-06-16 02:22:26.862 474262 DEBUG manila.share.drivers.netapp.dataontap.client.client_cmode [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Trying to setup CIFS server with data: {'admin-username': u'XXXXX', 'force-account-overwrite': 'true', 'domain': u'cifs.netapp.com', 'cifs-server': 'XXXXXX', 'admin-password': u'XXXX'} configure_active_directory /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/client_cmode.py:1158
2017-06-16 02:22:26.863 474262 DEBUG manila.share.drivers.netapp.dataontap.client.api [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Request: <netapp xmlns="http://www.netapp.com/filer/admin" version="1.110" vfiler="os_de67de12-112a-4fe0-b2c6-1bd6b7f8223c">
  <cifs-server-create>
    <admin-username>XXXXXXX</admin-username>
    <force-account-overwrite>true</force-account-overwrite>
    <domain>cifs.netapp.com</domain>
    <cifs-server>XXXXXX</cifs-server>
    <admin-password>XXXXXXXX</admin-password>
  </cifs-server-create>
</netapp>
 invoke_elem /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/api.py:227
2017-06-16 02:22:31.941 474262 DEBUG manila.share.drivers.netapp.dataontap.client.api [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Response: <results xmlns="http://www.netapp.com/filer/admin" reason="Failed to create the Active Directory machine account &quot;OS_DE67..F8223C&quot;. Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to re-use machine account 'XXXXX' in domain 'CIFS.NETAPP.COM' for Vserver 'os_de67de12-112a-4fe0-b2c6-1bd6b7f8223c' [ 3] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable **[ 9] FAILURE: Unable to contact DNS to discover domain ** controllers. [ 9] Unable to connect to any (0) domain controllers. [ 9] 'NisDomain' configuration not available [ 9] NIS configuration not found for Vserver 143 [ 14] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable [ 14] Unable to contact DNS to discover domain controllers. [ 19] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable [ 19] Unable to contact DNS to discover domain controllers. [ 23] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable [ 23] Unable to contact DNS to discover domain controllers. [ 23] No servers available for MS_LDAP_AD, vserver: 143, domain: CIFS.NETAPP.COM. [ 23] Failed to find a domain controller . " status="failed" errno="13001"/>
 invoke_elem /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/api.py:248
2017-06-16 02:22:31.947 474262 ERROR manila.share.drivers.netapp.dataontap.cluster_mode.lib_multi_svm [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Failed to configure Vserver.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Setup NetApp DHSS=True driver with manila
2. Create an authentication service (ex: Microsoft Active Directory) in a different subnet that is reachable to the OpenStack controllers, but is not on the tenant network
3. Create a manila security service to match the authentication service
4. Create a share network N
5. Create a share A on share network N

Actual results:

Share creation fails, error in the manila-share log shows the CIFS server to complement the ONTAP Vserver (Manila share server) fails to be created.


Expected results:

Share creation must succeed.


Additional info: This bug fix is present in OSP 11, 12, 13 and beyond; and missing only in OSP 10 (Newton).

Comment 11 errata-xmlrpc 2018-09-17 17:00:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2671

Note You need to log in before you can comment on or make changes to this bug.