Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1610639

Summary: NetApp CIFS (DHSS = True) driver fails to configure CIFS server if AD is in different subnet
Product: Red Hat OpenStack Reporter: Goutham Pacha Ravi <gouthamr>
Component: openstack-manilaAssignee: Goutham Pacha Ravi <gouthamr>
Status: CLOSED ERRATA QA Contact: Dustin Schoenbrun <dschoenb>
Severity: low Docs Contact: mmurray
Priority: medium    
Version: 10.0 (Newton)CC: amcleod, gouthamr, knylande, sclewis, tbarron
Target Milestone: z9Keywords: Triaged, ZStream
Target Release: 10.0 (Newton)   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: openstack-manila-3.0.0-13.el7ost Doc Type: Bug Fix
Doc Text:
Previously, the NetApp driver operating in driver_handles_share_servers=True mode failed to configure Active Directory services when the Active Directory server was not in the same subnet as the ONTAP Vserver. As a result, users were unable to create CIFS shares on the NetApp back-end when the Active Directory server was not on the private tenant network. With this update, the NetApp driver creates the necessary static routes with the gateway specified on the tenant networks. Users can create CIFS shares on the NetApp back-end when the Active Directory service is on a different network, but a path exists with the tenant network gateway.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-17 17:00:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Goutham Pacha Ravi 2018-08-01 05:29:01 UTC 
NetApp CIFS (DHSS = True) driver fails to configure CIFS server if the Active Directory service is deployed in a different subnet

Error in the share manager service:

2017-06-16 02:22:26.859 474262 DEBUG manila.share.drivers.netapp.dataontap.client.api [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Response: <results xmlns="http://www.netapp.com/filer/admin" status="passed"/>
 invoke_elem /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/api.py:248
2017-06-16 02:22:26.860 474262 DEBUG manila.share.drivers.netapp.utils [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Leaving method configure_dns trace_wrapper /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/utils.py:88
2017-06-16 02:22:26.862 474262 DEBUG manila.share.drivers.netapp.dataontap.client.client_cmode [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Trying to setup CIFS server with data: {'admin-username': u'XXXXX', 'force-account-overwrite': 'true', 'domain': u'cifs.netapp.com', 'cifs-server': 'XXXXXX', 'admin-password': u'XXXX'} configure_active_directory /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/client_cmode.py:1158
2017-06-16 02:22:26.863 474262 DEBUG manila.share.drivers.netapp.dataontap.client.api [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Request: <netapp xmlns="http://www.netapp.com/filer/admin" version="1.110" vfiler="os_de67de12-112a-4fe0-b2c6-1bd6b7f8223c">
  <cifs-server-create>
    <admin-username>XXXXXXX</admin-username>
    <force-account-overwrite>true</force-account-overwrite>
    <domain>cifs.netapp.com</domain>
    <cifs-server>XXXXXX</cifs-server>
    <admin-password>XXXXXXXX</admin-password>
  </cifs-server-create>
</netapp>
 invoke_elem /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/api.py:227
2017-06-16 02:22:31.941 474262 DEBUG manila.share.drivers.netapp.dataontap.client.api [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Response: <results xmlns="http://www.netapp.com/filer/admin" reason="Failed to create the Active Directory machine account &quot;OS_DE67..F8223C&quot;. Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to re-use machine account 'XXXXX' in domain 'CIFS.NETAPP.COM' for Vserver 'os_de67de12-112a-4fe0-b2c6-1bd6b7f8223c' [ 3] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable **[ 9] FAILURE: Unable to contact DNS to discover domain ** controllers. [ 9] Unable to connect to any (0) domain controllers. [ 9] 'NisDomain' configuration not available [ 9] NIS configuration not found for Vserver 143 [ 14] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable [ 14] Unable to contact DNS to discover domain controllers. [ 19] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable [ 19] Unable to contact DNS to discover domain controllers. [ 23] Failed to connect to 10.63.XXX.XXX for DNS via Source Address 0.0.0.0: Network is unreachable [ 23] Unable to contact DNS to discover domain controllers. [ 23] No servers available for MS_LDAP_AD, vserver: 143, domain: CIFS.NETAPP.COM. [ 23] Failed to find a domain controller . " status="failed" errno="13001"/>
 invoke_elem /usr/lib/python2.7/site-packages/manila/share/drivers/netapp/dataontap/client/api.py:248
2017-06-16 02:22:31.947 474262 ERROR manila.share.drivers.netapp.dataontap.cluster_mode.lib_multi_svm [req-5dc68229-c4fc-48b1-aa59-65cf17af9a5c 580ad5d9dd1c4047aac4f210b1e85371 503d42ac680b431c89c3b50ccbb3106c - - -] Failed to configure Vserver.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Setup NetApp DHSS=True driver with manila
2. Create an authentication service (ex: Microsoft Active Directory) in a different subnet that is reachable to the OpenStack controllers, but is not on the tenant network
3. Create a manila security service to match the authentication service
4. Create a share network N
5. Create a share A on share network N

Actual results:

Share creation fails, error in the manila-share log shows the CIFS server to complement the ONTAP Vserver (Manila share server) fails to be created.


Expected results:

Share creation must succeed.


Additional info: This bug fix is present in OSP 11, 12, 13 and beyond; and missing only in OSP 10 (Newton).
Comment 11 errata-xmlrpc 2018-09-17 17:00:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2671