Description of problem: ================= The default configuration of Ganesha deployed by the Cephadm orchestrator sets Rquota and NLM to "false" in the ganesha.conf file. Consequently, attempting to utilize locking functionality with NFSv3 using the default ganesha.conf file results in failure. To address this issue, either enabling Rquota and NLM by default in the ganesha.conf file is necessary, or steps should be provided in the documentation detailing how users can manually enable locking functionality with the NFSv3 protocol. Default ganesha.conf file ========= # {{ cephadm_managed }} NFS_CORE_PARAM { Enable_NLM = false; Enable_RQUOTA = false; Protocols = 3, 4; mount_path_pseudo = true; NFS_Port = {{ port }}; {% if bind_addr %} Bind_addr = {{ bind_addr }}; {% endif %} {% if haproxy_hosts %} HAProxy_Hosts = {{ haproxy_hosts|join(", ") }}; {% endif %} } To enable v3 locking NLM and Rquota needs to be set to true ========= # {{ cephadm_managed }} NFS_CORE_PARAM { Enable_NLM = true; Enable_RQUOTA = true; Protocols = 3, 4; mount_path_pseudo = true; NFS_Port = {{ port }}; {% if bind_addr %} Bind_addr = {{ bind_addr }}; {% endif %} {% if haproxy_hosts %} HAProxy_Hosts = {{ haproxy_hosts|join(", ") }}; {% endif %} } Version-Release number of selected component (if applicable): ============ # rpm -qa | grep nfs libnfsidmap-2.5.4-20.el9.x86_64 nfs-utils-2.5.4-20.el9.x86_64 nfs-ganesha-selinux-5.7-1.el9cp.noarch nfs-ganesha-5.7-1.el9cp.x86_64 nfs-ganesha-rgw-5.7-1.el9cp.x86_64 nfs-ganesha-ceph-5.7-1.el9cp.x86_64 nfs-ganesha-rados-grace-5.7-1.el9cp.x86_64 nfs-ganesha-rados-urls-5.7-1.el9cp.x86_64 # ceph --version ceph version 18.2.1-67.el9cp (e63e407e02b2616a7b4504a4f7c5a76f89aad3ce) reef (stable) How reproducible: ============== 2/2 Steps to Reproduce: ============ 1. Set up ganesha cluster 2. Create an export and mount the export on client via v3 protocol 3. Run locking test with default ganesha.conf file [root@argo021 /]# ./a.out /mnt/ganesha/1G opening /mnt/ganesha/1G opened; hit Enter to lock... locking fcntl failed (Input/output error) locked; hit Enter to write... Write succeeeded locked; hit Enter to unlock... unlocking [root@argo021 /]# Actual results: ======= Test failed as NLM and RQUOTA was set to false in ganesha.conf file Expected results: ======== Locking test should pass. Additional info: ======== When NLM and RQUOTA is set to "true", locking works as expected [root@argo021 /]# ./a.out /mnt/ganesha/1G opening /mnt/ganesha/1G opened; hit Enter to lock... locking locked; hit Enter to write... Write succeeeded locked; hit Enter to unlock... unlocking
config files are created by cephadm
RQUOTA is not necessary for V3 locking. I'm not sure how well RQUOTA works with Ceph so I would leave it disabled baring an explicit requirement from the planning process.
@ffilz Just being able to set Enable_NLM to "true" should be enough then?
(In reply to Teoman ONAY from comment #3) > @ffilz Just being able to set Enable_NLM to "true" should be > enough then? Yes, that should be enough.
In latest code base , the setting 'Enable_NLM' is not configured as 'True'. Consequently, the locking test case is unsuccessful. However, when we manually adjust this setting to 'true' (Enable_NLM = true), the test successfully passes." Default ganesha.conf fetched from cephadm shell =============================================== cat /usr/share/ceph/mgr/cephadm/templates/services/nfs/ganesha.conf.j2 # {{ cephadm_managed }} NFS_CORE_PARAM { Enable_NLM = {{ enable_nlm }}; Enable_RQUOTA = false; Protocols = 3, 4; mount_path_pseudo = true; NFS_Port = {{ port }}; {% if bind_addr %} Bind_addr = {{ bind_addr }}; {% endif %} {% if haproxy_hosts %} HAProxy_Hosts = {{ haproxy_hosts|join(", ") }}; {% endif %} } NFSv4 { Delegations = false; RecoveryBackend = 'rados_cluster'; Minor_Versions = 1, 2; {% if nfs_idmap_conf %} IdmapConf = "{{ nfs_idmap_conf }}"; {% endif %} } RADOS_KV { UserId = "{{ user }}"; nodeid = "{{ nodeid }}"; pool = "{{ pool }}"; namespace = "{{ namespace }}"; } RADOS_URLS { UserId = "{{ user }}"; watch_url = "{{ url }}"; } RGW { cluster = "ceph"; name = "client.{{ rgw_user }}"; } ------------------------------------------ Ganesha.conf fetched from the Node on which ganesha Daemon is running ---> Here still Enable_NLM = false ========================================== # podman exec 82f726a1c1de cat /etc/ganesha/ganesha.conf # This file is generated by cephadm. NFS_CORE_PARAM { Enable_NLM = false; Enable_RQUOTA = false; Protocols = 3, 4; mount_path_pseudo = true; NFS_Port = 2049; } NFSv4 { Delegations = false; RecoveryBackend = 'rados_cluster'; Minor_Versions = 1, 2; IdmapConf = "/etc/ganesha/idmap.conf"; } RADOS_KV { UserId = "nfs.nfsganesha.0.0.ceph-mani-y9blcd-node1-installer.kkvass"; nodeid = "nfs.nfsganesha.0"; pool = ".nfs"; namespace = "nfsganesha"; } RADOS_URLS { UserId = "nfs.nfsganesha.0.0.ceph-mani-y9blcd-node1-installer.kkvass"; watch_url = "rados://.nfs/nfsganesha/conf-nfs.nfsganesha"; } RGW { cluster = "ceph"; name = "client.nfs.nfsganesha.0.0.ceph-mani-y9blcd-node1-installer.kkvass-rgw"; } %url rados://.nfs/nfsganesha/conf-nfs.nfsganesha[root@ceph-mani-y9blcd-node1-installer ~]# ------------------------ Set the value of Enable_NLM = true manually in ganesha.conf file and mount and apply the changes in cephadm shell ======================================== [root@ceph-mani-y9blcd-node1-installer ~]# cephadm shell --mount ganesha.conf:/var/lib/ceph/ganesha.conf Inferring fsid e93b1004-0008-11ef-bc2f-fa163e19b11a Inferring config /var/lib/ceph/e93b1004-0008-11ef-bc2f-fa163e19b11a/mon.ceph-mani-y9blcd-node1-installer/config Using ceph image with id 'c30213d74332' and tag 'ceph-7.1-rhel-9-containers-candidate-81191-20240419110624' created on 2024-04-19 11:08:57 +0000 UTC registry-proxy.engineering.redhat.com/rh-osbs/rhceph@sha256:54cb5bf177f7a03fdc27a7c1e9ef252ff93843842b0593470c7be2ba85856c4a [ceph: root@ceph-mani-y9blcd-node1-installer /]# ceph config-key set mgr/cephadm/services/nfs/ganesha.conf -i /var/lib/ceph/ganesha.conf set mgr/cephadm/services/nfs/ganesha.conf [ceph: root@ceph-mani-y9blcd-node1-installer /]# ceph config-key get mgr/cephadm/services/nfs/ganesha.conf # {{ cephadm_managed }} NFS_CORE_PARAM { Enable_NLM = true; Enable_RQUOTA = false; Protocols = 3, 4; mount_path_pseudo = true; NFS_Port = {{ port }}; {% if bind_addr %} Bind_addr = {{ bind_addr }}; {% endif %} {% if haproxy_hosts %} HAProxy_Hosts = {{ haproxy_hosts|join(", ") }}; {% endif %} } NFSv4 { Delegations = false; RecoveryBackend = 'rados_cluster'; Minor_Versions = 1, 2; {% if nfs_idmap_conf %} IdmapConf = "{{ nfs_idmap_conf }}"; {% endif %} } RADOS_KV { UserId = "{{ user }}"; nodeid = "{{ nodeid }}"; pool = "{{ pool }}"; namespace = "{{ namespace }}"; } RADOS_URLS { UserId = "{{ user }}"; watch_url = "{{ url }}"; } RGW { cluster = "ceph"; name = "client.{{ rgw_user }}"; } %url {{ url }} ---------------------------------- [ceph: root@ceph-mani-y9blcd-node1-installer /]# ceph orch ls NAME PORTS RUNNING REFRESHED AGE PLACEMENT alertmanager ?:9093,9094 1/1 2m ago 2d count:1 ceph-exporter 3/3 6m ago 2d * crash 3/3 6m ago 2d * grafana ?:3000 1/1 2m ago 2d count:1 mds.cephfs 2/2 6m ago 2d label:mds mgr 2/2 6m ago 2d count:2 mon 3/5 6m ago 2d count:5 nfs.nfsganesha ?:2049 2/2 2m ago 2d ceph-mani-y9blcd-node1-installer;ceph-mani-y9blcd-node2 node-exporter ?:9100 3/3 6m ago 2d * node-proxy 0/0 - 2d * osd.all-available-devices 18 6m ago 2d * prometheus ?:9095 1/1 2m ago 2d count:1 rgw.rgw.1 ?:80 2/2 6m ago 2d label:rgw [ceph: root@ceph-mani-y9blcd-node1-installer /]# ceph orch redeploy nfs.nfsganesha Scheduled to redeploy nfs.nfsganesha.0.0.ceph-mani-y9blcd-node1-installer.kkvass on host 'ceph-mani-y9blcd-node1-installer' Scheduled to redeploy nfs.nfsganesha.1.0.ceph-mani-y9blcd-node2.syywjl on host 'ceph-mani-y9blcd-node2' # ceph nfs cluster info nfsganesha { "nfsganesha": { "backend": [ { "hostname": "ceph-mani-y9blcd-node1-installer", "ip": "10.0.211.232", "port": 2049 }, { "hostname": "ceph-mani-y9blcd-node2", "ip": "10.0.209.223", "port": 2049 } ], "virtual_ip": null } } # ./a.out /mnt/ganesha/1G opening /mnt/ganesha/1G opened; hit Enter to lock... locking locked; hit Enter to write... Write succeeeded locked; hit Enter to unlock... unlocking
Hi Teoman Onay, I utilized a spec file to deploy the Ganesha cluster, which resulted in setting the NLM to True. However, there are alternative methods for deploying the Ganesha cluster. What if the customer opts to deploy the cluster via Ceph Orchestrator? In such a scenario, the default ganesha.conf file would have the NLM disabled, requiring additional documentation for enabling the NLM? The solution works well if the cluster is deployed using spec file. Below is the recorded observation - -------------- 1. Create the spec file with "enable_nlm: true" # cat ganesha.yaml service_type: nfs service_id: foo placement: hosts: - ceph-mani-2navak-node1-installer - ceph-mani-2navak-node2 spec: enable_nlm: true 2. Mount the file inside container and apply the changes to configure ganesha cluster [root@ceph-mani-2navak-node1-installer ~]# cephadm shell --mount ganesha.yaml:/var/lib/ceph/ganesha.yaml Inferring fsid 6dbec7b8-021a-11ef-9f06-fa163eb07dc1 Inferring config /var/lib/ceph/6dbec7b8-021a-11ef-9f06-fa163eb07dc1/mon.ceph-mani-2navak-node1-installer/config Using ceph image with id '3542a79bc4f2' and tag 'ceph-7.1-rhel-9-containers-candidate-89181-20240424002529' created on 2024-04-24 00:27:47 +0000 UTC registry-proxy.engineering.redhat.com/rh-osbs/rhceph@sha256:3e7ad7f965664e56e33894610c9a0231eb1be7626b5cfb1fde950f90dbfd8839 [ceph: root@ceph-mani-2navak-node1-installer /]# ceph orch apply -i /var/lib/ceph/ganesha.yaml Scheduled nfs.foo update... [ceph: root@ceph-mani-2navak-node1-installer /]# ceph orch ps | grep nfs nfs.foo.0.0.ceph-mani-2navak-node1-installer.ksafhz ceph-mani-2navak-node1-installer *:2049 running (6s) 1s ago 6s 48.8M - 5.7 3542a79bc4f2 2fcf60cc544e nfs.foo.1.0.ceph-mani-2navak-node2.nwxczb ceph-mani-2navak-node2 *:2049 running (5s) 3s ago 4s 52.8M - 5.7 3542a79bc4f2 4f8112909098 [ceph: root@ceph-mani-2navak-node1-installer /]# ceph nfs cluster ls [ "foo" ] [ceph: root@ceph-mani-2navak-node1-installer /]# ceph nfs cluster info foo { "foo": { "backend": [ { "hostname": "ceph-mani-2navak-node1-installer", "ip": "10.0.208.224", "port": 2049 }, { "hostname": "ceph-mani-2navak-node2", "ip": "10.0.211.32", "port": 2049 } ], "virtual_ip": null } } 3. Check the Value of NLM inside the ganesha container. It is set to "True" as expected [root@ceph-mani-2navak-node1-installer ~]# podman ps | grep nfs 2fcf60cc544e registry-proxy.engineering.redhat.com/rh-osbs/rhceph@sha256:0b76d5c0178f3c22f462cd2d866b7b33ac0a53fe330a966918c81b0aabaa6f3e -F -L STDERR -N N... 58 seconds ago Up 58 seconds ceph-6dbec7b8-021a-11ef-9f06-fa163eb07dc1-nfs-foo-0-0-ceph-mani-2navak-node1-installer-ksafhz [root@ceph-mani-2navak-node1-installer ~]# podman exec 2fcf60cc544e cat /etc/ganesha/ganesha.conf # This file is generated by cephadm. NFS_CORE_PARAM { Enable_NLM = true; Enable_RQUOTA = false; Protocols = 3, 4; mount_path_pseudo = true; NFS_Port = 2049; } NFSv4 { Delegations = false; RecoveryBackend = 'rados_cluster'; Minor_Versions = 1, 2; IdmapConf = "/etc/ganesha/idmap.conf"; } RADOS_KV { UserId = "nfs.foo.0.0.ceph-mani-2navak-node1-installer.ksafhz"; nodeid = "nfs.foo.0"; pool = ".nfs"; namespace = "foo"; } RADOS_URLS { UserId = "nfs.foo.0.0.ceph-mani-2navak-node1-installer.ksafhz"; watch_url = "rados://.nfs/foo/conf-nfs.foo"; } RGW { cluster = "ceph"; name = "client.nfs.foo.0.0.ceph-mani-2navak-node1-installer.ksafhz-rgw"; } %url rados://.nfs/foo/conf-nfs.foo[root@ceph-mani-2navak-node1-installer ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:3925
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days