Bug 1879578 - [RFE] mgr/volumes: evict clients based on auth ID and subvolume mounted
Summary: [RFE] mgr/volumes: evict clients based on auth ID and subvolume mounted
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: CephFS
Version: 5.0
Hardware: All
OS: All
high
high
Target Milestone: ---
: 4.2z3
Assignee: Kotresh HR
QA Contact: Yogesh Mane
URL:
Whiteboard:
Depends On:
Blocks: 1760354
TreeView+ depends on / blocked
 
Reported: 2020-09-16 14:39 UTC by Victoria Martinez de la Cruz
Modified: 2021-08-23 22:27 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-23 22:27:36 UTC
Embargoed:
khiremat: needinfo-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Ceph Project Bug Tracker 44928 0 None None None 2020-09-16 14:39:38 UTC
Github ceph ceph pull 38786 0 None closed mgr/volumes: Evict clients based on auth-IDs and subvolume path 2021-02-15 21:49:09 UTC
Red Hat Issue Tracker RHCEPH-849 0 None None None 2021-08-22 04:40:35 UTC

Description Victoria Martinez de la Cruz 2020-09-16 14:39:39 UTC 
In some cephfs consumers, when an auth ID is denied access to a subvolume, the auth ID's caps are suitably removed and the clients that have mounted the subvolume using the auth ID are immediately evicted denying access to the subvolume. An example of this use case, is openstack manila.

See https://github.com/ceph/ceph/blob/octopus/src/pybind/ceph_volume_client.py#L405

The mgr-volumes CLI could look like,

`fs subvolume evict <volname> <subvolname> <auth name> [--group_name <group_name>]`

e.g.,
$ ceph fs subvolume evict cephfs manila-share-00 client.bob --group_name manila-share-group-00
Comment 2 Hemanth Kumar 2020-10-06 09:29:25 UTC 
Do we have any update on this? Can we expect the fix to be part of 4.2 ?
Comment 3 Yaniv Kaul 2020-11-10 20:41:36 UTC 
It's unclear to me if it's 4.2 or 5.0 material.
Comment 14 Patrick Donnelly 2021-08-23 22:27:36 UTC 
closed based on comment #13
Note You need to log in before you can comment on or make changes to this bug.