CephFS Native Manila Driver Delete Hangs when Using Manila Cephx ID for Mounting Share to Nova Instance

Bug #1608592 reported by Dustin Schoenbrun
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
Undecided
Dustin Schoenbrun

Bug Description

Description of problem:
When you use the same Cephx ID to mount the Manila share created by the CephFS Native Driver as what Manila uses to communicate with the underlying Ceph cluster the delete share operation will silently fail and the share will be put into a permanent "deleting" status. This is because the client fails to check if the Cephx ID being used is the same that the Manila services are using to communicate with the underlying Ceph cluster.

How reproducible:
100%

Steps to Reproduce:
1. Set up and configure Manila to use the CephFS Native driver.
2. Create a Manila share.
3. Grant access to the share using the same Cephx ID that the Manila service uses to communicate with the Ceph backend.
4. Delete the share that was created in step 2.
5. Observe that the share is now stuck in "deleting" status and that no entries were made in the scheduler or share logs.

Actual results:
When you attempt to delete the share that has an access rule that specifies the same Cephx ID as Manila uses to communicate with the Ceph backend the share becomes stuck in the "deleting" state.

Expected results:
The Manila Client should not allow access rules to be created using the same Cephx ID as what the Manila services use to communicate with the Ceph backend.

Additional info:
Note that cleaning up the share after being stuck in the deleting state involves deleting the access rule from the Manila database and then force-deleting the share.

Changed in python-manilaclient:
assignee: nobody → Dustin Schoenbrun (dschoenb)
Ramana Raja (rraja)
Changed in python-manilaclient:
status: New → In Progress
Revision history for this message
Ramana Raja (rraja) wrote :

Dustin, should we move this bug to manila's LP?

Changed in python-manilaclient:
status: In Progress → Opinion
affects: python-manilaclient → manila
Changed in manila:
status: Opinion → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (master)

Reviewed: https://review.openstack.org/349718
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=bd21193decf596ffcc5e285c114eba122986e7cb
Submitter: Jenkins
Branch: master

commit bd21193decf596ffcc5e285c114eba122986e7cb
Author: Dustin Schoenbrun <email address hidden>
Date: Mon Aug 1 17:24:21 2016 -0400

    Check for usage of same Cephx ID as manila service

    There is an issue that happens when access is granted to a manila share
    using the same Cephx ID that Manila uses when it is communicating with
    the Ceph backend (e.g. the identity specified by the cephfs_auth_id
    configuration option). When a request is made to revoke access to the
    share with that Cephx ID, the share will become stuck in the
    "deleting" state.

    This commit adds logic to the _allow_access method in the CephFS Native
    driver that checks to see if the Cephx ID given is the same that Manila
    is using for its communication with the Ceph backend. If that is the
    case, the creation of the access rule will fail with an error.

    APIImpact
    DocImpact

    Change-Id: Ida89b0061db1c8780a19475510b830d013a5c154
    Closes-Bug: #1608592

Changed in manila:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/363118

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on manila (stable/mitaka)

Change abandoned by Tom Barron (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/363118
Reason: forgot to cherry-pick -x

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Tom Barron (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/363118
Reason: We'll just backport it downstream then, thanks.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 3.0.0.0b3

This issue was fixed in the openstack/manila 3.0.0.0b3 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on manila (stable/mitaka)

Change abandoned by Tom Barron (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/363118
Reason: stable/mitaka is eol

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.