OpenStack Shared File Systems Service (Manila)

Manila - Manage rule for CIFS share updates status from "error" to "active" for invalid users

Bug #1550258 reported by Naval Gupta on 2016-02-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Shared File Systems Service (Manila)	Invalid	Low	Unassigned
	manila-ui	Invalid	Undecided	Unassigned

Bug Description

Pre-conditions:
Devstack with manila plugin is up and running.
HP 3PAR file services backend details are present in /etc/manila/manila.conf and all manila services working.

Steps:
1. Login to Horizon with admin credentials
2. Create a Share type with extra specs as below
snapshot_support=True
share_backend_name=UNITY
thin_provisioning=True
driver_handles_share_servers=False

*UNITY is HPE 3PAR file services backend.

3. Create a share with above share type and CIFS share protocol.
4. Go to project > share > actions from dropdown and select manage rules for created share.
5. Add a IP access rule for share access.
6. Add a user access rule for a HPE 3PAR user but not from users in file store group. (invalid user)
7. Observe that status for all share access rules changes from 'active' to 'error'.
8. Add a user access rule for user from file store group on HPE 3PAR.(valid user)
9. Observe that status for all share access rules remains as "error".
10. Delete the user access rule for valid user added in step7.
11. Observe that status for all share access rules changes from 'error' to 'active' including for rule for invalid user.

Expected Behavior:
1. After adding a user access rule for invalid user (not from file store group), status for all access rules should not change to 'error'.
2. When there are share access rules for both valid and invalid users, after deleting rule for valid user, rule for invalid user changes from "error" to "active".

Note - Please find screenshot and m-shr.log as attached.

Revision history for this message

Naval Gupta (naval-gupta) wrote on 2016-02-26:

m-shr.log Edit (7.8 KiB, text/plain)

Revision history for this message

Naval Gupta (naval-gupta) wrote on 2016-02-26:

Horizon Screenshot Edit (71.9 KiB, image/png)

Attached screenshot for UI.

Naval Gupta (naval-gupta) on 2016-02-26

information type:

Private Security → Public

Ben Swartzlander (bswartz) on 2016-03-10

affects:

manila → manila-ui

Revision history for this message

Valeriy Ponomaryov (vponomaryov) wrote on 2016-04-29:

It looks like "Manila" bug, not "Manila UI".

Changed in manila-ui:
status:	New → Invalid

Valeriy Ponomaryov (vponomaryov) on 2016-06-08

Changed in manila:
importance:	Undecided → Low

Revision history for this message

Ravichandran Nudurumati (ravichandrann) wrote on 2016-09-14:

I am unable to delete user access rule for valid user if access rule for invalid user is present.
I am sharing the error message below.

oslo_messaging.rpc.server ShareBackendException: Share backend error: Failed to change (+) access to FPG/share ###_FPG/#### for user invalidUserName rw: ['Failure on Modify Share: osf-####: ERROR_NO_SUCH_USER during Modify SMB share osf-####.\r', 'Review current share permissions and remove any unresolved users.\r']

Revision history for this message

Shashi (sonawane-shashikant) wrote on 2016-09-16:

m-shr.log Edit (64.0 KiB, text/plain)

Download full text (3.4 KiB)

Tried reproducing using command line and below are the findings.

Created CIFS share.
Added access rule which added valid user.
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-allow myCIFS_Share2 user Guest
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-list myCIFS_Share2 +--------------------------------------+-------------+-----------+--------------+--------+------------+
| id | access_type | access_to | access_level | state | access_key |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
| 77a7d557-cfc1-43dd-9142-4d7940bcdfcf | user | Guest | rw | active | None |
+--------------------------------------+-------------+-----------+--------------+--------+------------+

Then I added a rule which added a invalid user to see state as error for both the access rules.

Next I removed the access rule for invalid user.

Tried reproducing using command line and below are the findings.

Created CIFS share.
Added access rule which added valid user.
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-allow myCIFS_Share2 user Guest
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-list myCIFS_Share2                                 +--------------------------------------+-------------+-----------+--------------+--------+------------+
| id                                   | access_type | access_to | access_level | state  | access_key |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
| 77a7d557-cfc1-43dd-9142-4d7940bcdfcf | user        | Guest     | rw           | active | None       |
+--------------------------------------+-------------+-----------+--------------+--------+------------+

Then I added a rule which added a invalid user to see state as error for both the access rules.

Next I removed the access rule for invalid user.

stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-deny myCIFS_Share2 bb0f69a4-6643-4d65-865e-cefd2d7d267c
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-list myCIFS_Share2                                 +--------------------------------------+-------------+-----------+--------------+--------+------------+
| id                                   | access_type | access_to | access_level | state  | access_key |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
| 77a7d557-cfc1-43dd-9142-4d7940bcdfcf | user        | Guest     | rw           | active | None       |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$

Just to summarize, adding access for invalid user changes the state for all the access rules.
Removing access rule for invalid user changes state back active.

Ben Swartzlander (bswartz) on 2018-01-25

Changed in manila:
status:	New → Triaged
summary:	- Manila UI - Manage rule for CIFS share updates status from "error" to + Manila - Manage rule for CIFS share updates status from "error" to "active" for invalid users

Revision history for this message

Goutham Pacha Ravi (gouthamr) wrote on 2019-03-20:

This behavior with access rules was fixed in the ocata release of openstack [1]. The changes were not back ported to newton or prior releases since it changes the API and the database schema in significant backwards-incompatible ways.

Sadly, the user experience with access rules prior to [1] was that if any incorrect rules are added, the whole rule set will be set to "error" state, and the only way to recover is to remove the incorrect rule. If a bulk operation was made or if access rules were added in quick succession, it's hard to pin point which specific rule caused the access rules to all be set to "error". This was acknowledged as bad user experience. Please upgrade and use newer versions of manila.

[1] https://review.openstack.org/#/c/369668/

Changed in manila:
status:	Triaged → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.