OpenStack Shared File Systems Service (Manila)

ganesha library: NFSv3 mount fails when access is allowed for more than one IP

Bug #1513061 reported by karthick
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Won't Fix
Low
Csaba Henk
OpenStack Shared File Systems Service (Manila) newton-1 "N1"

Bug Description

While using glusterfs (NFS) driver that makes use of ganesha library, allowing access to more than one Manila client/nova VM fails.

# manila access-list 8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e
+--------------------------------------+-------------+-------------+--------------+--------+
| id | access type | access to | access level | state |
+--------------------------------------+-------------+-------------+--------------+--------+
| 4491e2a5-1567-4496-ac65-0f0644f4ca8f | ip | 10.xx.xx.86 | rw | active |
| 87e52d44-fe53-4d38-9307-aa94e396ace6 | ip | 10.xx.xx.85 | rw | active |
+--------------------------------------+-------------+-------------+--------------+--------+

[root@centos-vm-01 centos]# showmount -e 10.xx.xx.42
Export list for 10.xx.xx.42:
/share-8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e 10.xx.xx.86
/share-8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e 10.xx.xx.85

NFS mount of the share 8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e succeeds in client with IP 10.xx.xx.86, but fails in client with IP 10.xx.xx.85 as follows,
root@centos-vm-01 centos]# mount 10.xx.xx.42:/share-8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e /ganesha2/
mount.nfs: access denied by server while mounting 10.xx.xx.42:/share-8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e

Allowing access to more than one VM should update the IPs within the same export list, however a new export list is created for each allow access request as seen in the above "showmount" output. So the first export list might override any subsequent access requests.

Revision history for this message
karthick (kramdoss) wrote :

This bug will restrict nfsv3 mounts when access is allowed on a 'per IP basis'. However, when access is allowed with CIDR notation(as shown below) nfsv3 mounts can be done.

manila access-list 8b5fc0ea-0413-4b9b-be81-e5ca74d24b4e
+--------------------------------------+-------------+---------------+--------------+--------+
| id | access type | access to | access level | state |
 +--------------------------------------+-------------+---------------+--------------+--------+
| 1faafbb5-1260-4495-a890-8fad927e1068 | ip | 10.xx.xx.0/23 | rw | active |
 +--------------------------------------+-------------+---------------+--------------+--------+

Also, please note that this bug doesn't affect nfsv4 mounts.

karthick (kramdoss)
summary: - ganesha library: cannot allow access to a share for more than one IP
+ ganesha library: NFSv3 mount fails when access is allowed on per IP
+ basis
karthick (kramdoss)
summary: - ganesha library: NFSv3 mount fails when access is allowed on per IP
- basis
+ ganesha library: NFSv3 mount fails when access is allowed for more than
+ one IP
Csaba Henk (chenk)
Changed in manila:
assignee: nobody → Csaba Henk (chenk)
Ben Swartzlander (bswartz)
Changed in manila:
status: New → Triaged
importance: Undecided → Low
milestone: none → newton-1
Tom Barron (tpb)
tags: added: driver gluster nfs
Revision history for this message
Jason Grosso (jgrosso) wrote :

Csaba you still working this defect?

Revision history for this message
Jason Grosso (jgrosso) wrote :

Csaba please re-open this if it is still an issue thanks jason

Changed in manila:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.