Bug 1643167 - CephFS is creating exportable directories with 755 permission and causes containers not able to write on them using Manila
Summary: CephFS is creating exportable directories with 755 permission and causes cont...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-manila
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z5
: 13.0 (Queens)
Assignee: Tom Barron
QA Contact: Jason Grosso
mmurray
URL:
Whiteboard:
Depends On: 1644421
Blocks: 1571739 1679273
TreeView+ depends on / blocked
 
Reported: 2018-10-25 16:01 UTC by Alberto Gonzalez
Modified: 2019-03-14 13:34 UTC (History)
8 users (show)

Fixed In Version: openstack-manila-6.0.2-5.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1679273 (view as bug list)
Environment:
Last Closed: 2019-03-14 13:34:19 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github ceph ceph pull 24839 0 None closed ceph-volume-client: allow setting mode of CephFS volumes 2020-06-18 18:06:38 UTC
OpenStack gerrit 614332 0 None MERGED Set mode for CephFS volumes and snapshots 2020-06-18 18:06:37 UTC
OpenStack gerrit 633904 0 None MERGED Set mode for CephFS volumes and snapshots 2020-06-18 18:06:37 UTC
OpenStack gerrit 636773 0 None MERGED Set mode for CephFS volumes and snapshots 2020-06-18 18:06:37 UTC
Red Hat Bugzilla 1644421 0 medium CLOSED CephFS is creating exportable directories with 755 permission and causes containers not able to write on them using Mani... 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2019:0564 0 None None None 2019-03-14 13:34:43 UTC

Internal Links: 1644421

Description Alberto Gonzalez 2018-10-25 16:01:09 UTC 
Description of problem:

Using manila-provisioner in OpenShift creates a manila share on OpenStack. When is mounted on the POD:

172.20.2.21:/volumes/_nogroup/0840a9cc-8936-4b25-8a45-3ff92d7a5f55   2097152       0   2097152   0% /test-manila

The permissions are the following

sh-4.2$ ls -ld /test-manila/
drwxr-xr-x. 1 nobody nobody 0 Oct 25 15:34 /test-manila/

The user executing the pod is the following:
sh-4.2$ id
uid=1000180000 gid=0(root) groups=0(root),1000180000


Version-Release number of selected component (if applicable):
rhceph-3-rhel7:3-11


How reproducible:


Steps to Reproduce:
1. Create a PVC on Openshift
2. Wait till PV is created
3. Add volume for the pod in the deployment config 

Actual results:
Pod is not able to write in the NFS share due to 755

Expected results:
Able to write in the share, a 775 or 2775


Additional info:
Another option it would be create the directory with nfsnobody and run the containers following OCP instructions for NFS: 
https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/persistent_storage_nfs.html#nfs-user-ids
Comment 6 errata-xmlrpc 2019-03-14 13:34:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0564
Note You need to log in before you can comment on or make changes to this bug.