OpenStack Shared File Systems Service (Manila)

CephFS Native Manila Driver Delete Hangs when Using Manila Cephx ID for Mounting Share to Nova Instance

Bug #1608592 reported by Dustin Schoenbrun on 2016-08-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Shared File Systems Service (Manila)	Fix Released	Undecided	Dustin Schoenbrun

Bug Description

Description of problem:
When you use the same Cephx ID to mount the Manila share created by the CephFS Native Driver as what Manila uses to communicate with the underlying Ceph cluster the delete share operation will silently fail and the share will be put into a permanent "deleting" status. This is because the client fails to check if the Cephx ID being used is the same that the Manila services are using to communicate with the underlying Ceph cluster.

How reproducible:
100%

Steps to Reproduce:
1. Set up and configure Manila to use the CephFS Native driver.
2. Create a Manila share.
3. Grant access to the share using the same Cephx ID that the Manila service uses to communicate with the Ceph backend.
4. Delete the share that was created in step 2.
5. Observe that the share is now stuck in "deleting" status and that no entries were made in the scheduler or share logs.

Actual results:
When you attempt to delete the share that has an access rule that specifies the same Cephx ID as Manila uses to communicate with the Ceph backend the share becomes stuck in the "deleting" state.

Expected results:
The Manila Client should not allow access rules to be created using the same Cephx ID as what the Manila services use to communicate with the Ceph backend.

Additional info:
Note that cleaning up the share after being stuck in the deleting state involves deleting the access rule from the Manila database and then force-deleting the share.

Tags:

Dustin Schoenbrun (dschoenb) on 2016-08-01

Changed in python-manilaclient:
assignee:	nobody → Dustin Schoenbrun (dschoenb)

Ramana Raja (rraja) on 2016-08-02

Changed in python-manilaclient:
status:	New → In Progress

Revision history for this message

Ramana Raja (rraja) wrote on 2016-08-02:

Dustin, should we move this bug to manila's LP?

Changed in python-manilaclient:
status:	In Progress → Opinion

Dustin Schoenbrun (dschoenb) on 2016-08-02

affects:

python-manilaclient → manila

OpenStack Infra (hudson-openstack) on 2016-08-02

Changed in manila:
status:	Opinion → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-03: Fix merged to manila (master)

Reviewed: https://review.openstack.org/349718
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=bd21193decf596ffcc5e285c114eba122986e7cb
Submitter: Jenkins
Branch: master

commit bd21193decf596ffcc5e285c114eba122986e7cb
Author: Dustin Schoenbrun <email address hidden>
Date: Mon Aug 1 17:24:21 2016 -0400

Check for usage of same Cephx ID as manila service

    There is an issue that happens when access is granted to a manila share
    using the same Cephx ID that Manila uses when it is communicating with
    the Ceph backend (e.g. the identity specified by the cephfs_auth_id
    configuration option). When a request is made to revoke access to the
    share with that Cephx ID, the share will become stuck in the
    "deleting" state.

    This commit adds logic to the _allow_access method in the CephFS Native
    driver that checks to see if the Cephx ID given is the same that Manila
    is using for its communication with the Ceph backend. If that is the
    case, the creation of the access rule will fail with an error.

APIImpact
DocImpact

Change-Id: Ida89b0061db1c8780a19475510b830d013a5c154
Closes-Bug: #1608592

Changed in manila:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-30: Fix proposed to manila (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/363118

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-30: Change abandoned on manila (stable/mitaka)

Change abandoned by Tom Barron (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/363118
Reason: forgot to cherry-pick -x

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-30:

Change abandoned by Tom Barron (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/363118
Reason: We'll just backport it downstream then, thanks.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-01: Fix included in openstack/manila 3.0.0.0b3

This issue was fixed in the openstack/manila 3.0.0.0b3 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-12: Change abandoned on manila (stable/mitaka)

Change abandoned by Tom Barron (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/363118
Reason: stable/mitaka is eol

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.