OpenStack Shared File Systems Service (Manila)

manila access-allow doesn't appear to properly handle 0.0.0.0

Bug #1552526 reported by Amrith Kumar
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
High
Thomas Bechtold
OpenStack Shared File Systems Service (Manila) mitaka-rc1 "RC1"

Bug Description

Manila setup with default driver, see here from manila.conf.

[generic1]
driver_handles_share_servers = True
service_instance_user = manila
service_image_name = manila-service-image
path_to_private_key = /home/amrith/.ssh/id_rsa
path_to_public_key = /home/amrith/.ssh/id_rsa.pub
share_backend_name = GENERIC1
share_driver = manila.share.drivers.generic.GenericShareDriver
service_instance_network_helper_type=nova

[generic2]
driver_handles_share_servers = True
service_instance_user = manila
service_image_name = manila-service-image
path_to_private_key = /home/amrith/.ssh/id_rsa
path_to_public_key = /home/amrith/.ssh/id_rsa.pub
share_backend_name = GENERIC2
share_driver = manila.share.drivers.generic.GenericShareDriver
service_instance_network_helper_type=nova

Look ma, no share.

amrith@amrith-work:~$ manila list
+----+------+------+-------------+--------+-----------+-----------------+------+-------------------+
| ID | Name | Size | Share Proto | Status | Is Public | Share Type Name | Host | Availability Zone |
+----+------+------+-------------+--------+-----------+-----------------+------+-------------------+
+----+------+------+-------------+--------+-----------+-----------------+------+-------------------+

=== Here's a share ===

amrith@amrith-work:~$ manila create nfs 3 --share-network manila-nova-network --name manila-share
+-----------------------------+--------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------+
| status | creating |
| share_type_name | default |
| description | None |
| availability_zone | None |
| share_network_id | 7a9c3dc6-9d00-43ed-b56f-f77384fcbd92 |
| share_server_id | None |
| host | |
| access_rules_status | active |
| snapshot_id | None |
| is_public | False |
| task_state | None |
| snapshot_support | True |
| id | 6d28ec08-c1c6-47ce-bdd9-67474a1aaf71 |
| size | 3 |
| name | manila-share |
| share_type | dfeba8fc-2046-41aa-a2a4-be191b04b38b |
| has_replicas | False |
| replication_type | None |
| created_at | 2016-03-03T03:27:21.000000 |
| share_proto | NFS |
| consistency_group_id | None |
| source_cgsnapshot_member_id | None |
| project_id | 391a288e0dff4df9ae0009248d1bbfaf |
| metadata | {} |
+-----------------------------+--------------------------------------+

=== Yup, it's there ===

amrith@amrith-work:~$ manila show manila-share
+-----------------------------+--------------------------------------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------------------------------------+
| status | available |
| share_type_name | default |
| description | None |
| availability_zone | nova |
| share_network_id | 7a9c3dc6-9d00-43ed-b56f-f77384fcbd92 |
| export_locations | |
| | uuid = ae256cfe-24e2-4259-a1e9-c74483724b69 |
| | created_at = 2016-03-03T03:27:30.000000 |
| | updated_at = 2016-03-03T03:27:30.000000 |
| | is_admin_only = False |
| | share_instance_id = bfe39581-948e-404a-8192-18b4b0dc198d |
| | path = 10.0.0.2:/shares/share-bfe39581-948e-404a-8192-18b4b0dc198d |
| share_server_id | 0027c61c-bbed-460a-bfe2-6be9c2d46dd6 |
| host | amrith-work@generic1#GENERIC1 |
| access_rules_status | active |
| snapshot_id | None |
| is_public | False |
| task_state | None |
| snapshot_support | True |
| id | 6d28ec08-c1c6-47ce-bdd9-67474a1aaf71 |
| size | 3 |
| name | manila-share |
| share_type | dfeba8fc-2046-41aa-a2a4-be191b04b38b |
| has_replicas | False |
| replication_type | None |
| created_at | 2016-03-03T03:27:21.000000 |
| share_proto | NFS |
| consistency_group_id | None |
| source_cgsnapshot_member_id | None |
| project_id | 391a288e0dff4df9ae0009248d1bbfaf |
| metadata | {} |
+-----------------------------+--------------------------------------------------------------------+

=== Let's grant access ===

amrith@amrith-work:~$ manila access-allow manila-share ip 0.0.0.0/0 --access-level rw
+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| share_id | 6d28ec08-c1c6-47ce-bdd9-67474a1aaf71 |
| access_type | ip |
| access_to | 0.0.0.0/0 |
| access_level | rw |
| state | new |
| id | ba63be56-d9f1-4806-a6ed-cc2fc13340a3 |
+--------------+--------------------------------------+
amrith@amrith-work:~$ sudo mount -t nfs -o vers=3 10.0.0.2:/shares/share-bfe39581-948e-404a-8192-18b4b0dc198d /tmp/mountpoint
mount.nfs: access denied by server while mounting 10.0.0.2:/shares/share-bfe39581-948e-404a-8192-18b4b0dc198d

==== But, can't mount it ... ====

==== Let's try this ====

amrith@amrith-work:~$ manila access-allow manila-share ip 10.0.0.0/24 --access-level rw +--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| share_id | 6d28ec08-c1c6-47ce-bdd9-67474a1aaf71 |
| access_type | ip |
| access_to | 10.0.0.0/24 |
| access_level | rw |
| state | new |
| id | 7837bca1-2907-4aea-ad07-0b29753555f1 |
+--------------+--------------------------------------+

==== Did that work? ====

amrith@amrith-work:~$ sudo mount -t nfs -o vers=3 10.0.0.2:/shares/share-bfe39581-948e-404a-8192-18b4b0dc198d /tmp/mountpoint
amrith@amrith-work:~$

==== Sure it did =====

I believe that 0.0.0.0/0 is a good enough wildcard ...

See original description
Amrith Kumar (amrith)
description: updated
Thomas Bechtold (toabctl)
tags: added: bugsmash-mitaka
Surya Ghatty (ghatty)
Changed in manila:
assignee: nobody → Surya Ghatty (ghatty)
Ben Swartzlander (bswartz)
Changed in manila:
milestone: none → mitaka-rc1
importance: Undecided → High
Ben Swartzlander (bswartz)
Changed in manila:
assignee: Surya Ghatty (ghatty) → Thomas Bechtold (toabctl)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (master)

Fix proposed to branch: master
Review: https://review.openstack.org/294140

Changed in manila:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (master)

Reviewed: https://review.openstack.org/294140
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=7bf936b9010cb7bbfe8412ea991be9bd6f8b0f80
Submitter: Jenkins
Branch: master

commit 7bf936b9010cb7bbfe8412ea991be9bd6f8b0f80
Author: Thomas Bechtold <email address hidden>
Date: Thu Mar 17 17:24:39 2016 +0100

    Fix generic and LVM driver access rules for CIDRs

    Linux 'exportfs' utility does not provide access when short forms of
    CIDRs are used, as following:

    1.2.3.0/24

    It provides access only using long forms as following:

    1.2.3.0/255.255.255.0

    So, parse short forms into long ones in NFSHelper to
    fix NFS exporting.

    Change-Id: Ib9432d8123c6be395d3c7bdda347ae676431802c
    Closes-Bug: #1552526

Changed in manila:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/manila 2.0.0.0rc1

This issue was fixed in the openstack/manila 2.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 2.0.0

This issue was fixed in the openstack/manila 2.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.