Bug 2342244 - Snapshots doesn't work when the caps for implicit namespace is set [NEEDINFO]
Summary: Snapshots doesn't work when the caps for implicit namespace is set
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RADOS
Version: 8.0
Hardware: Unspecified
OS: Unspecified
urgent
medium
Target Milestone: ---
: 8.1
Assignee: Radoslaw Zarzynski
QA Contact: Pawan
URL:
Whiteboard:
Depends On:
Blocks: 2342981
TreeView+ depends on / blocked
 
Reported: 2025-01-27 12:53 UTC by Leela Venkaiah Gangavarapu
Modified: 2025-06-26 12:24 UTC (History)
11 users (show)

Fixed In Version: ceph-19.2.1-84.el9cp
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 2342981 (view as bug list)
Environment:
Last Closed: 2025-06-26 12:24:20 UTC
Embargoed:
idryomov: needinfo? (rzarzyns)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Ceph Project Bug Tracker 69679 0 None None None 2025-01-27 13:08:55 UTC
Github ceph ceph pull 61540 0 None Merged mon/OSDMonitor: relax cap enforcement for unmanaged snapshots 2025-02-05 22:48:21 UTC
Red Hat Issue Tracker RHCEPH-10508 0 None None None 2025-01-27 12:56:46 UTC
Red Hat Product Errata RHSA-2025:9775 0 None None None 2025-06-26 12:24:29 UTC

Description Leela Venkaiah Gangavarapu 2025-01-27 12:53:46 UTC 
Description of problem:
When the osd caps are restricted to implicit namespace we are not able to create snapshots for RBD volume in ODF

Version-Release number of selected component (if applicable):
rhceph-container-8-208

How reproducible:
Always

Steps to Reproduce:
Perform RBD snapshot with below caps, basically [namespace ''] in [caps osd]

    	key = AQA4iZNnoMgpFBAATwl0wSN9ehCYoZeDl3zi1A==
    	caps mgr = "allow rw"
    	caps mon = "profile rbd, allow command 'osd blocklist'"
    	caps osd = "profile rbd namespace ''"

Actual results:
I0124 13:12:14.514092   	1 rbd_util.go:1485] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd rbd: snap create ocs-storagecluster-cephblockpool/csi-vol-818ad38a-30e8-4c15-8ce0-ddb82cf420c3@csi-vol-fed47bc1-9c1b-40a4-ad68-f2c0b0103aa6-temp using mon

E0124 13:12:14.557562   	1 snapshot.go:40] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd failed to create snapshot ocs-storagecluster-cephblockpool/csi-vol-818ad38a-30e8-4c15-8ce0-ddb82cf420c3@csi-vol-fed47bc1-9c1b-40a4-ad68-f2c0b0103aa6-temp: rbd: ret=-1, Operation not permitted

I0124 13:12:14.564763   	1 omap.go:126] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd removed omap keys (pool="ocs-storagecluster-cephblockpool", namespace="", name="csi.volumes.default"): [csi.volume.pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd]

E0124 13:12:14.564816   	1 utils.go:271] ID: 40 Req-ID: pvc-b684964c-0d4f-4a1b-8e3d-5836c80b56dd GRPC error: rbd: ret=-1, Operation not permitted

Expected results:
Snapshot should be successful

Additional info:
I found the issue during snapshot of rbd and Ilya root caused it to RADOS component.

what works is 

    	key = AQB3gJNngMEAExAAvaHITiiD/CInm7ptHx20OA==
    	caps mgr = "allow rw"
    	caps mon = "profile rbd, allow command 'osd blocklist'"
    	caps osd = "profile rbd"
Comment 1 Storage PM bot 2025-01-27 12:53:54 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 16 errata-xmlrpc 2025-06-26 12:24:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775
Note You need to log in before you can comment on or make changes to this bug.