[SRU] Manila driver error with ONTAP SVM-scoped user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Shared File Systems Service (Manila) |
Fix Released
|
High
|
Gireesh Awasthi | ||
Ubuntu Cloud Archive |
New
|
Undecided
|
Unassigned | ||
Antelope |
New
|
Undecided
|
Unassigned | ||
Bobcat |
New
|
Undecided
|
Unassigned | ||
Caracal |
New
|
Undecided
|
Unassigned | ||
Yoga |
New
|
Undecided
|
Unassigned | ||
Zed |
Won't Fix
|
Undecided
|
Unassigned | ||
manila (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Jammy |
New
|
Undecided
|
Unassigned | ||
Mantic |
New
|
Undecided
|
Unassigned | ||
Noble |
New
|
Undecided
|
Unassigned |
Bug Description
************** SRU DESCRIPTION AT THE BOTTOM *************
With the same NetApp stanza in the manila.conf file which was used without any issue in the Zed release was used in the Bobcat release. In the Bobcat release, the share creation worked normally, but adding access rule was not worked and couldn't delete the share. Below is the error log that occurs when adding a rule.
I set all the roles indicated in NetApp's OpenStack operation guide in storage side(https:/
########### manila-share.log ############
2024-05-27 15:43:14.708 19 INFO oslo.messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:43:57.077 19 ERROR oslo_messaging.
2024-05-27 15:44:08.487 19 INFO manila.
===============
SRU DESCRIPTION
===============
[Impact]
The NetApp driver kerberos-config-get fails when using a SVM-scoped user because it does have not enough privileges to perform that check. This failure causes the entire stack to fail, thus preventing access rules from being added to shares. The fix addresses this by capturing the exception and not reraising it, allowing the operation to continue.
[Test case]
Testing around this is limited because:
1) The NetApp CI upstream is broken at this time. The fix was validated internally by contributors and NetApp driver maintainers.
2) We do not have a NetApp box in our lab to verify the SRU for this scenario.
3) Running the Manila tempest suite is useless because the change is limited in scope to the NetApp driver, that is only operational when using NetApp storage.
[Regression Potential]
Given that the change is limited to the NetApp driver, it is small and was peer-validated, we consider the regression potential minimal.
[Other Info]
None.
affects: | tempest → manila |
Changed in manila: | |
assignee: | nobody → Gireesh Awasthi (agireesh) |
tags: | added: netapp |
Changed in manila: | |
importance: | Undecided → Critical |
importance: | Critical → High |
Changed in manila: | |
status: | New → In Progress |
Changed in manila: | |
milestone: | none → dalmatian-2 |
description: | updated |
summary: |
- Manila driver error with ONTAP SVM-scoped user + [SRU] Manila driver error with ONTAP SVM-scoped user |
tags: | added: sts sts-sru-needed |
kerberos-config-get ZAPI works only when you have LIF configured with Kerberos
When We are NOT hitting this issue
- When ALL LIF of vserver is configure with Kerberos, either it disabled or enabled
- When Kerberos is configured and disable for few LIF and validation first done for disabled Kerberos LIF.
When we are going to hit this issue
- When Kerberose is not configure to any LIF
- When Kerberos is not configured for one LIF but rest of the LIFs it is configured and enabled
- When Kerberos is not configured for one LIF but rest of the LIFs it is configure and disable but first validation is done for the LIF for which Kerberos is not configured.
Propose Fix
----------------
1. Need to add one try/except block to make sure we will not hit the issue for those LIF which are not configured to Kerberos.