OpenStack Shared File Systems Service (Manila)

RHOSP16(Train) Unity manila NFS access-allow does not work for a specific IP, but it works for a subnet.

Bug #1890537 reported by Sam Wan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Invalid
Medium
DellEMC Unity OpenStack
OpenStack Shared File Systems Service (Manila) wallaby-3

Bug Description

Scenario 1, access-allow to a specific IP, not work.

===========================================================
1.Create a NFS share
(overcloud) [heat-admin@elabdir89ctl0 ~]$ manila show nfs1
+---------------------------------------+----------------------------------------------------------+
| Property | Value |
+---------------------------------------+----------------------------------------------------------+

| export_locations | |
| | id = 8f8304cf-b93d-42e0-9842-dbb876fde2da |
| | path = 20.0.0.253:/c623d434-f39e-450a-9749-7db3cc20fe8d |
| | preferred = False |
| | share_instance_id = c623d434-f39e-450a-9749-7db3cc20fe8d |
| | is_admin_only = False |
+---------------------------------------+----------------------------------------------------------+

2.Allow access to a instance server ip
(overcloud) [heat-admin@elabdir89ctl0 ~]$ openstack server list
+--------------------------------------+---------+--------+---------------------------------+--------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+---------+--------+---------------------------------+--------+--------+
| 1a7460dd-f5b4-4571-a0f2-bb843735bb21 | server2 | ACTIVE | default=172.17.0.111, 20.0.0.92 | manila | |
| f5513b17-73ad-412c-ba1a-32236bb85260 | server1 | ACTIVE | default=172.17.0.127, 20.0.0.58 | manila | |
+--------------------------------------+---------+--------+---------------------------------+--------+--------+

(overcloud) [heat-admin@elabdir89ctl0 ~]$ manila access-list nfs1
+--------------------------------------+-------------+--------------+--------------+--------+------------+----------------------------+------------+
| id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+--------------------------------------+-------------+--------------+--------------+--------+------------+----------------------------+------------+
| 2f2a5db6-0f10-4ea0-92a1-a410d6f7a9bd | ip | 20.0.0.58/32 | rw | active | None | 2020-08-04T12:17:28.000000 | None |
+--------------------------------------+-------------+--------------+--------------+--------+------------+----------------------------+------------+

3. Try to mount the NFS share in instance but failed.
(overcloud) [heat-admin@elabdir89ctl0 ~]$ ssh manila@20.0.0.58
manila@20.0.0.58's password:

(overcloud) [heat-admin@elabdir89ctl0 ~]$ cd
(overcloud) [heat-admin@elabdir89ctl0 ~]$ ssh -imykey.pem manila@20.0.0.58
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-112-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

Last login: Tue Aug 4 12:12:09 2020 from 20.0.0.117
manila@ubuntu:~$ sudo mount 20.0.0.253:/c623d434-f39e-450a-9749-7db3cc20fe8d /mnt
mount.nfs: access denied by server while mounting 20.0.0.253:/c623d434-f39e-450a-9749-7db3cc20fe8d
manila@ubuntu:~$
===========================================================

###

Scenario 2, access-allow to a subnet, work.
===========================================================
1.Create a NFS share
(overcloud) [heat-admin@elabdir89ctl0 ~]$ manila show nfs2
+---------------------------------------+----------------------------------------------------------+
| Property | Value |
+---------------------------------------+----------------------------------------------------------+

| export_locations | |
| | id = c2ff8b6b-434f-4a82-aaff-becb9f962007 |
| | path = 20.0.0.253:/76bbd58b-a05c-42cc-ade4-53cb319385ee |
| | preferred = False |
| | share_instance_id = 76bbd58b-a05c-42cc-ade4-53cb319385ee |
| | is_admin_only = False |
+---------------------------------------+----------------------------------------------------------+

2.Allow access to instance subnet
(overcloud) [heat-admin@elabdir89ctl0 ~]$ manila access-list nfs2
+----+-------------+-----------+--------------+-------+------------+------------+------------+
| id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+----+-------------+-----------+--------------+-------+------------+------------+------------+
+----+-------------+-----------+--------------+-------+------------+------------+------------+

(overcloud) [heat-admin@elabdir89ctl0 ~]$ manila access-allow nfs2 ip 20.0.0.0/24

(overcloud) [heat-admin@elabdir89ctl0 ~]$ manila access-list nfs2
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
| id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
| fae58040-5eb7-42b4-8835-136317b1a6ff | ip | 20.0.0.0/24 | rw | active | None | 2020-08-05T01:18:54.000000 | None |
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+

3.Try to mount in 2 instances.
(overcloud) [heat-admin@elabdir89ctl0 ~]$ nova list
+--------------------------------------+---------+--------+------------+-------------+---------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------+--------+------------+-------------+---------------------------------+
| f5513b17-73ad-412c-ba1a-32236bb85260 | server1 | ACTIVE | - | Running | default=172.17.0.127, 20.0.0.58 |
| 1a7460dd-f5b4-4571-a0f2-bb843735bb21 | server2 | ACTIVE | - | Running | default=172.17.0.111, 20.0.0.92 |
+--------------------------------------+---------+--------+------------+-------------+---------------------------------+

(overcloud) [heat-admin@elabdir89ctl0 ~]$ ssh -imykey.pem manila@20.0.0.58
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-112-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

Last login: Wed Aug 5 01:22:11 2020 from 20.0.0.117
manila@ubuntu:~$ sudo mount 20.0.0.253:/76bbd58b-a05c-42cc-ade4-53cb319385ee /mnt
manila@ubuntu:~$ sudo touch /mnt/58
manila@ubuntu:~$ ls /mnt/58
/mnt/58
manila@ubuntu:~$ exit
logout
Connection to 20.0.0.58 closed.

(overcloud) [heat-admin@elabdir89ctl0 ~]$ ssh ubuntu@20.0.0.92
ubuntu@20.0.0.92's password:

(overcloud) [heat-admin@elabdir89ctl0 ~]$ ssh -imykey.pem manila@20.0.0.92
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-112-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

Last login: Tue Aug 4 12:04:35 2020 from 20.0.0.117
manila@ubuntu:~$ sudo mount 20.0.0.253:/76bbd58b-a05c-42cc-ade4-53cb319385ee /mnt
manila@ubuntu:~$ sudo touch /mnt/92
manila@ubuntu:~$
manila@ubuntu:~$ ls /mnt/92
/mnt/92
manila@ubuntu:~$

Revision history for this message
Sam Wan (sam-wan) wrote :

VERSION = "7.0.1"

Goutham Pacha Ravi (gouthamr)
Changed in manila:
milestone: none → victoria-3
importance: Undecided → Medium
Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Hi Sam,

Thanks for reporting this bug - will one of the Unity engineers pick this one up?

If you didn't use the slash notation ("/32") for your single IP address, do things work?

Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Additional comments http://eavesdrop.openstack.org/meetings/manila/2020/manila.2020-08-13-15.01.log.html#l-113

Ryan Liang (ryan-liang)
Changed in manila:
assignee: nobody → DellEMC Unity OpenStack (dellemc-unity-openstack)
Revision history for this message
Sam Wan (sam-wan) wrote :

Hi Goutham,

It's the same with/or without the slash notation.

thanks and regards
Sam

Goutham Pacha Ravi (gouthamr)
Changed in manila:
milestone: victoria-3 → victoria-rc1
Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Sam / Dell-EMC Engineers: Has this issue been confirmed? If yes, can we have an update on this?

Revision history for this message
Sam Wan (sam-wan) wrote :

Hi Goutham,

not yet.
our developer is still evaluating it.
thanks and regards
Sam

Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Thanks Sam, pushed to wallaby-1.

Changed in manila:
milestone: victoria-rc1 → wallaby-1
Goutham Pacha Ravi (gouthamr)
Changed in manila:
milestone: wallaby-1 → wallaby-3
Revision history for this message
Yong Huang (yonghuang) wrote :

Hi,

We didn't reproduce this issue in our lab, so close this ticket now.
If we meet the issue again, will reopen this ticket.

Changed in manila:
status: New → Invalid
Goutham Pacha Ravi (gouthamr)
tags: added: wallaby-rc-bugsquash
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.