Bug 1725254 - Ceph NFS container runs as a privileged container in TripleO
Summary: Ceph NFS container runs as a privileged container in TripleO
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: Ceph-Ansible
Version: 4.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: 4.1
Assignee: Guillaume Abrioux
QA Contact: Vasishta
URL:
Whiteboard:
Depends On:
Blocks: 1760354
TreeView+ depends on / blocked
 
Reported: 2019-06-28 20:43 UTC by Goutham Pacha Ravi
Modified: 2020-01-02 13:18 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1725251
Environment:
Last Closed: 2020-01-02 13:18:43 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github ceph ceph-ansible pull 4760 0 'None' closed nfs: do not run privileged nfs container 2020-12-14 23:45:30 UTC
Github ceph ceph-container pull 1517 0 'None' closed nfs: run a dedicated dbus daemon for nfs-ganesha 2020-12-14 23:45:30 UTC

Description Goutham Pacha Ravi 2019-06-28 20:43:27 UTC
Description of problem:

The ceph-nfs container runs nfs-ganesha to support the CephFS FSAL and provide NFS shared file systems through openstack-manila. It uses the host's dbus socket and accepts commands over this socket from the CephFS via NFS driver in openstack-manila. 

This container does not need to be run as a privileged process. Please see a discussion here https://github.com/ceph/ceph-ansible/blob/f49090df7ef82419c69dfd7a22250a79c17de42f/roles/ceph-nfs/templates/ceph-nfs.service.j2#L21


Note You need to log in before you can comment on or make changes to this bug.