Description of problem: Since upgrading the environment, Adding access rule for Manila with NetApp backend fails Version-Release number of selected component (if applicable): RHOSP 17.1.3 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Adding access rules to Manila shares no longer works in OSP 17.1.3. We have the following: manila type-list +--------------------------------------+--------+------------+------------+--------------------------------------+-----------------------------+-------------+ | ID | Name | visibility | is_default | required_extra_specs | optional_extra_specs | Description | +--------------------------------------+--------+------------+------------+--------------------------------------+-----------------------------+-------------+ | 75e7bb99-5efd-414b-ba93-c146afb530a4 | netapp | public | - | driver_handles_share_servers : False | snapshot_support : True | None | | f6b11e95-1072-44a6-8d89-b660993a505e | ceph | public | - | driver_handles_share_servers : False | share_backend_name : cephfs | None | | | | | | | snapshot_support : True | | +--------------------------------------+--------+------------+------------+--------------------------------------+-----------------------------+-------------+ manila create --share-type netapp --name manila-test nfs 1 +---------------------------------------+--------------------------------------+ | Property | Value | +---------------------------------------+--------------------------------------+ | id | a3d4a554-8cf8-4753-a90e-d20e2ff61a6e | | size | 1 | | availability_zone | None | | created_at | 2024-06-21T12:10:15.202986 | | status | creating | | name | manila-test | | description | None | | project_id | fe0579143bba47ae8501b5c6c7e80804 | | snapshot_id | None | | share_network_id | None | | share_proto | NFS | | metadata | {} | | share_type | 75e7bb99-5efd-414b-ba93-c146afb530a4 | | is_public | False | | snapshot_support | True | | task_state | None | | share_type_name | netapp | | access_rules_status | active | | replication_type | None | | has_replicas | False | | user_id | efa2bf786215464e94f7dc5ceb077252 | | create_share_from_snapshot_support | False | | revert_to_snapshot_support | False | | share_group_id | None | | source_share_group_snapshot_member_id | None | | mount_snapshot_support | False | | progress | None | | share_server_id | None | | host | | +---------------------------------------+--------------------------------------+ manila show a3d4a554-8cf8-4753-a90e-d20e2ff61a6e +---------------------------------------+----------------------------------------------------------------+ | Property | Value | +---------------------------------------+----------------------------------------------------------------+ | id | a3d4a554-8cf8-4753-a90e-d20e2ff61a6e | | size | 1 | | availability_zone | nova | | created_at | 2024-06-21T12:10:15.202986 | | status | available | | name | manila-test | | description | None | | project_id | fe0579143bba47ae8501b5c6c7e80804 | | snapshot_id | None | | share_network_id | None | | share_proto | NFS | | metadata | {} | | share_type | 75e7bb99-5efd-414b-ba93-c146afb530a4 | | is_public | False | | snapshot_support | True | | task_state | None | | share_type_name | netapp | | access_rules_status | error | | replication_type | None | | has_replicas | False | | user_id | efa2bf786215464e94f7dc5ceb077252 | | create_share_from_snapshot_support | False | | revert_to_snapshot_support | False | | share_group_id | None | | source_share_group_snapshot_member_id | None | | mount_snapshot_support | False | | progress | 100% | | share_server_id | None | | host | hostgroup@tripleo_netapp_single_svm#aggr01_nvme_76T_01a | | export_locations | | | | id = e2140e71-8b4f-4c86-ab68-620cead6394a | | | path = 172.17.48.1:/share_5d1b5a08_efb7_4c39_9a20_ae7278ba887b | | | preferred = False | | | share_instance_id = 5d1b5a08-efb7-4c39-9a20-ae7278ba887b | | | is_admin_only = False | +---------------------------------------+----------------------------------------------------------------+ manila access-allow a3d4a554-8cf8-4753-a90e-d20e2ff61a6e ip 172.17.50.132 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | id | 8ee48ee3-4ef0-4c0e-8d50-67bce14aea38 | | share_id | a3d4a554-8cf8-4753-a90e-d20e2ff61a6e | | access_level | rw | | access_to | 172.17.50.132 | | access_type | ip | | state | queued_to_apply | | access_key | None | | created_at | 2024-06-21T12:11:17.869177 | | updated_at | None | | metadata | {} | +--------------+--------------------------------------+ manila access-show 8ee48ee3-4ef0-4c0e-8d50-67bce14aea38 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | id | 8ee48ee3-4ef0-4c0e-8d50-67bce14aea38 | | share_id | a3d4a554-8cf8-4753-a90e-d20e2ff61a6e | | access_level | rw | | access_to | 172.17.50.132 | | access_type | ip | | state | error | | access_key | None | | created_at | 2024-06-21T12:11:17.869177 | | updated_at | None | | metadata | {} | +--------------+--------------------------------------+
Hi, We confirmed this issue.
(Saved before the prior comment was complete) We confirmed this issue with NetApp engineers upstream and they've posted a patch on upstream's master branch. The workaround for this issue is to use a higher privileged "cluster" scoped user as described in NetApp's OpenStack documentation [1]. A Vserver-scoped user, also documented in [1] no longer works until this bug is fixed. [1] https://netapp-openstack-dev.github.io/openstack-docs/antelope/manila/configuration/ontap_configuration/section_ontap-config.html#creating-role-for-cluster-scoped-account
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (RHOSP 17.1.4 bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:9974