NetApp driver does not support workgroup authentication

Bug #1784791 reported by Kim, Jinhak on 2018-08-01
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Manila
Undecided
Naresh Kumar Gunjalli

Bug Description

As far as I know, ONTAP supports workgroup authentication when running CIFS services since 9.0 release.

In my case, when I tried to create a share in an environment where DHSS=True without an AD join, Manila can create SVM and LIF first. But the next step, when Manila tried to run the CIFS service, it failed.
After the failure, I manually enabled CIFS service with workgroup auth style. And then, I can create a share.
Thus, I guess NetApp Manila driver always looks for AD server at this scenario.
In the conclusion, I think NetApp manila driver needs a source code change giving two options (AD use case and workgroup use case) on DHSS=True scenarios.

Tom Barron (tpb) on 2018-08-28
tags: added: cifs driver netapp
Changed in manila:
assignee: nobody → Erlon R. Cruz (sombrafam)

Could you please include the steps to reproduce?

It is unclear to me if you are creating the cifs service manually in the storage or you are using a share network with an associated security service.

Could you elaborate in more detail what are the steps you take to configure the workgroup to work in the storage and the respective parameters in manila to work with it?

Regards,

Ganso

Kim, Jinhak (jinhak) wrote :

In a nutshell, I think NetApp Manila drvier should support workgroup authentication without any other security services(LDAP, Active Directory or Kerberos

The steps to reproduce

1. Set manila.conf as below

[cdotMultipleSVM]
network_api_class = manila.network.standalone_network_plugin.StandaloneNetworkPlugin
standalone_network_plugin_allowed_ip_ranges=xxx.xxx.105.100-xxx.xxx.105.254
standalone_network_plugin_ip_version=4
standalone_network_plugin_mask=255.255.255.0
standalone_network_plugin_gateway=xxx.xxx.105.1
share_backend_name=cdotMultipleSVM
share_driver=manila.share.drivers.netapp.common.NetAppDriver
driver_handles_share_servers=True
netapp_storage_family=ontap_cluster
netapp_server_hostname=xxx.xxx.xxx.xxx
netapp_login=admin
netapp_password=Netapp123
netapp_transport_type=http
netapp_server_port=80
netapp_root_volume_aggregate=aggr1_node3
netapp_aggregate_name_search_pattern=^((?!aggr0).)*$

Note) I tried to setup both Standalone Network Plugin and Neutron Network Plugin as well. But, the behavior was same(Failed to create).

2. Create share network
 - share network wasn't specified any security services

3. Create share with CIFS protocol
 - The result was failed to creation. The status was pending

4. When I looked at the FAS management console(System Manager), ensured that SVM, LIFs were created automatically by Manila but CIFS service had not been started.
 - Since I manuallly started CIFS service on FAS in this state, I could create a new share on the same SVM.

Jason Grosso (jgrosso) wrote :

Hey Erlon I am wondering if you are still working on this issue?

Jason Grosso (jgrosso) on 2019-03-24
Changed in manila:
status: New → Triaged

Hello Kim,

I think I have reproduced the error..

DEBUG manila.share.drivers.netapp.dataontap.client.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Request: b'<netapp xmlns="http://www.netapp.com/filer/admin" version="1.140" vfiler="os_aef02c15-02b2-4d48-87e3-1275df68d6c0">\n <cifs-share-create>\n <path>/share_ea6cf45f_d4f8_4122_bd37_198cf113c471</path>\n <share-name>share_ea6cf45f_d4f8_4122_bd37_198cf113c471</share-name>\n </cifs-share-create>\n</netapp>\n' {{(pid=23912) invoke_elem /opt/stack/new/manila/manila/share/drivers/netapp/dataontap/client/api.py:242}}
DEBUG manila.share.drivers.netapp.dataontap.client.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Response: b'<results xmlns="http://www.netapp.com/filer/admin" reason="Failed to get CIFS server. Reason: CIFS server doesn\'t exist. " status="failed" errno="13001"/>\n' {{(pid=23912) invoke_elem /opt/stack/new/manila/manila/share/drivers/netapp/dataontap/client/api.py:263}}
ERROR manila.share.manager [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Share instance ea6cf45f-d4f8-4122-bd37-198cf113c471 failed on creation.: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.
WARNING manila.share.manager [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Share instance information in exception can not be written to db because it contains {} and it is not a dictionary.: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.
INFO manila.message.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Creating message record for request_id = req-5b8e5516-31af-4f1a-8964-26f9b80f0c02
ERROR oslo_messaging.rpc.server [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Exception during message handling: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.

Is this what you see when no security services is configured?

Thanks,
Naresh

Changed in manila:
assignee: Erlon R. Cruz (sombrafam) → Naresh Kumar Gunjalli (nareshkumarg)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers