Bug 2303196 - [NFS] [Dashboard] Export creation directly on cephFS fileysystem is working. It should not allow to create the export directly on cephFS filesystem via dashboard
Summary: [NFS] [Dashboard] Export creation directly on cephFS fileysystem is working. ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: Ceph-Dashboard
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 8.0
Assignee: dtalweka
QA Contact: Manisha Saini
Akash Raj
URL:
Whiteboard:
Depends On:
Blocks: 2298636 2317218
TreeView+ depends on / blocked
 
Reported: 2024-08-06 16:01 UTC by Manisha Saini
Modified: 2024-11-25 09:04 UTC (History)
7 users (show)

Fixed In Version: ceph-19.2.0-4.el9cp
Doc Type: Bug Fix
Doc Text:
.Users are now prompted to enter a path when creating an export Previously, creating an export was not prompting for a path and by default `/` was entered. With this fix, when attempting to create the export directly on the file system, it prompts for a path. If an invalid path is entered, creation is not permitted. Additionally, when entering the path of the CephFS file system directly, a warning appears stating "Export on CephFS volume '/' not allowed".
Clone Of:
Environment:
Last Closed: 2024-11-25 09:04:24 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCEPH-9511 0 None None None 2024-08-22 11:28:47 UTC
Red Hat Issue Tracker RHCSDASH-1550 0 None None None 2024-08-22 11:28:54 UTC
Red Hat Product Errata RHBA-2024:10216 0 None None None 2024-11-25 09:04:33 UTC

Description Manisha Saini 2024-08-06 16:01:55 UTC 
Description of problem:
===============

In version 8.0, the creation of NFS-Ganesha exports directly on the CephFS filesystem through the dashboard should be restricted (https://jsw.ibm.com/browse/ISCE-760). Users should not be permitted to create NFS exports directly on the CephFS filesystem.

Export created from Dashboard
=============

[ceph: root@ceph-auto-cluster-qwoqln-node1-installer /]# ceph nfs cluster ls
[
  "nfsganesha"
]
[ceph: root@ceph-auto-cluster-qwoqln-node1-installer /]# ceph nfs export ls nfsganesha
[
  "/ganesha"
]
[ceph: root@ceph-auto-cluster-qwoqln-node1-installer /]# ceph nfs export info nfsganesha /ganesha
{
  "access_type": "RW",
  "clients": [],
  "cluster_id": "nfsganesha",
  "export_id": 1,
  "fsal": {
    "fs_name": "cephfs",
    "name": "CEPH",
    "user_id": "nfs.nfsganesha.1"
  },
  "path": "/",
  "protocols": [
    3,
    4
  ],
  "pseudo": "/ganesha",
  "security_label": false,
  "squash": "no_root_squash",
  "transports": [
    "TCP",
    "UDP"
  ]
}

****Dashboard screenshot attached



Version-Release number of selected component (if applicable):
=============================================================
# ceph --version
ceph version 19.1.0-17.el9cp (c4a94422523bb32232df641cbb7125f05a5b49f2) squid (rc)


How reproducible:
==============
Always


Steps to Reproduce:
==================
1. Create NFS service via Dashboard
2. From Dashboard, Create export directly on cephFS filesystem  


Actual results:
=============
Export directly out of cephFS filesystem is created


Expected results:
============
Export creation should only be allowed over subvolume not on filesystem directly


Additional info:
Comment 8 errata-xmlrpc 2024-11-25 09:04:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:10216
Note You need to log in before you can comment on or make changes to this bug.