OpenStack Shared File Systems Service (Manila)

NetApp driver does not support workgroup authentication

Bug #1784791 reported by Kim, Jinhak on 2018-08-01

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Shared File Systems Service (Manila)	Expired	Low	Unassigned

Bug Description

As far as I know, ONTAP supports workgroup authentication when running CIFS services since 9.0 release.

In my case, when I tried to create a share in an environment where DHSS=True without an AD join, Manila can create SVM and LIF first. But the next step, when Manila tried to run the CIFS service, it failed.
After the failure, I manually enabled CIFS service with workgroup auth style. And then, I can create a share.
Thus, I guess NetApp Manila driver always looks for AD server at this scenario.
In the conclusion, I think NetApp manila driver needs a source code change giving two options (AD use case and workgroup use case) on DHSS=True scenarios.

Tags:

Tom Barron (tpb) on 2018-08-28

tags:

added: cifs driver netapp

Ben Swartzlander (bswartz) on 2018-08-28

Changed in manila:
assignee:	nobody → Erlon R. Cruz (sombrafam)

Revision history for this message

Rodrigo Barbieri (rodrigo-barbieri2010) wrote on 2018-08-28:

Could you please include the steps to reproduce?

It is unclear to me if you are creating the cifs service manually in the storage or you are using a share network with an associated security service.

Could you elaborate in more detail what are the steps you take to configure the workgroup to work in the storage and the respective parameters in manila to work with it?

Regards,

Ganso

Revision history for this message

Kim, Jinhak (jinhak) wrote on 2018-09-05:

In a nutshell, I think NetApp Manila drvier should support workgroup authentication without any other security services(LDAP, Active Directory or Kerberos

The steps to reproduce

1. Set manila.conf as below

[cdotMultipleSVM]
network_api_class = manila.network.standalone_network_plugin.StandaloneNetworkPlugin
standalone_network_plugin_allowed_ip_ranges=xxx.xxx.105.100-xxx.xxx.105.254
standalone_network_plugin_ip_version=4
standalone_network_plugin_mask=255.255.255.0
standalone_network_plugin_gateway=xxx.xxx.105.1
share_backend_name=cdotMultipleSVM
share_driver=manila.share.drivers.netapp.common.NetAppDriver
driver_handles_share_servers=True
netapp_storage_family=ontap_cluster
netapp_server_hostname=xxx.xxx.xxx.xxx
netapp_login=admin
netapp_password=Netapp123
netapp_transport_type=http
netapp_server_port=80
netapp_root_volume_aggregate=aggr1_node3
netapp_aggregate_name_search_pattern=^((?!aggr0).)*$

Note) I tried to setup both Standalone Network Plugin and Neutron Network Plugin as well. But, the behavior was same(Failed to create).

2. Create share network
- share network wasn't specified any security services

3. Create share with CIFS protocol
- The result was failed to creation. The status was pending

4. When I looked at the FAS management console(System Manager), ensured that SVM, LIFs were created automatically by Manila but CIFS service had not been started.
- Since I manuallly started CIFS service on FAS in this state, I could create a new share on the same SVM.

Revision history for this message

Jason Grosso (jgrosso) wrote on 2019-03-22:

Hey Erlon I am wondering if you are still working on this issue?

Jason Grosso (jgrosso) on 2019-03-24

Changed in manila:
status:	New → Triaged

Revision history for this message

Naresh Kumar Gunjalli (nareshkumarg) wrote on 2019-04-17:

Hello Kim,

I think I have reproduced the error..

DEBUG manila.share.drivers.netapp.dataontap.client.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Request: b'<netapp xmlns="http://www.netapp.com/filer/admin" version="1.140" vfiler="os_aef02c15-02b2-4d48-87e3-1275df68d6c0">\n <cifs-share-create>\n <path>/share_ea6cf45f_d4f8_4122_bd37_198cf113c471</path>\n <share-name>share_ea6cf45f_d4f8_4122_bd37_198cf113c471</share-name>\n </cifs-share-create>\n</netapp>\n' {{(pid=23912) invoke_elem /opt/stack/new/manila/manila/share/drivers/netapp/dataontap/client/api.py:242}}
DEBUG manila.share.drivers.netapp.dataontap.client.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Response: b'<results xmlns="http://www.netapp.com/filer/admin" reason="Failed to get CIFS server. Reason: CIFS server doesn\'t exist. " status="failed" errno="13001"/>\n' {{(pid=23912) invoke_elem /opt/stack/new/manila/manila/share/drivers/netapp/dataontap/client/api.py:263}}
ERROR manila.share.manager [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Share instance ea6cf45f-d4f8-4122-bd37-198cf113c471 failed on creation.: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.
WARNING manila.share.manager [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Share instance information in exception can not be written to db because it contains {} and it is not a dictionary.: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.
INFO manila.message.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Creating message record for request_id = req-5b8e5516-31af-4f1a-8964-26f9b80f0c02
ERROR oslo_messaging.rpc.server [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Exception during message handling: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.

Is this what you see when no security services is configured?

Thanks,
Naresh

Hello Kim,

I think I have reproduced the error..

DEBUG manila.share.drivers.netapp.dataontap.client.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Request: b'<netapp xmlns="http://www.netapp.com/filer/admin" version="1.140" vfiler="os_aef02c15-02b2-4d48-87e3-1275df68d6c0">\n  <cifs-share-create>\n    <path>/share_ea6cf45f_d4f8_4122_bd37_198cf113c471</path>\n    <share-name>share_ea6cf45f_d4f8_4122_bd37_198cf113c471</share-name>\n  </cifs-share-create>\n</netapp>\n' {{(pid=23912) invoke_elem /opt/stack/new/manila/manila/share/drivers/netapp/dataontap/client/api.py:242}}
DEBUG manila.share.drivers.netapp.dataontap.client.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Response: b'<results xmlns="http://www.netapp.com/filer/admin" reason="Failed to get CIFS server. Reason: CIFS server doesn\'t exist. " status="failed" errno="13001"/>\n' {{(pid=23912) invoke_elem /opt/stack/new/manila/manila/share/drivers/netapp/dataontap/client/api.py:263}}
ERROR manila.share.manager [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Share instance ea6cf45f-d4f8-4122-bd37-198cf113c471 failed on creation.: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.
WARNING manila.share.manager [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Share instance information in exception can not be written to db because it contains {} and it is not a dictionary.: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.
INFO manila.message.api [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Creating message record for request_id = req-5b8e5516-31af-4f1a-8964-26f9b80f0c02
ERROR oslo_messaging.rpc.server [None req-5b8e5516-31af-4f1a-8964-26f9b80f0c02 None None] Exception during message handling: manila.share.drivers.netapp.dataontap.client.api.NaApiError: NetApp API failed. Reason - 13001:Failed to get CIFS server. Reason: CIFS server doesn't exist.

Is this what you see when no security services is configured?

Thanks,
Naresh

Naresh Kumar Gunjalli (nareshkumarg) on 2019-04-26

Changed in manila:
assignee:	Erlon R. Cruz (sombrafam) → Naresh Kumar Gunjalli (nareshkumarg)

Douglas Viroel (dviroel) on 2020-01-21

Changed in manila:
importance:	Undecided → Low

Revision history for this message

Carlos Eduardo (silvacarlose) wrote on 2021-09-30:

I think this sounds more like a request for enhancement and NetApp should evaluate implementing it.

Changed in manila:
assignee:	Naresh Kumar Gunjalli (nareshkumarg) → Felipe Rodrigues (felipefutty)
milestone:	none → yoga-2

Carlos Eduardo (silvacarlose) on 2022-01-27

Changed in manila:
milestone:	yoga-2 → yoga-3

Carlos Eduardo (silvacarlose) on 2022-03-03

Changed in manila:
assignee:	Felipe Rodrigues (felipefutty) → Eduardo Santos (ecsantos)
milestone:	yoga-3 → yoga-rc1

Carlos Eduardo (silvacarlose) on 2022-03-10

Changed in manila:
milestone:	yoga-rc1 → zed-1

Revision history for this message

Carlos Eduardo (silvacarlose) wrote on 2022-05-02:

This is a feature request. NetApp will check if this issue is still in their road map and if so, they will open up a blueprint for this.

Carlos Eduardo (silvacarlose) on 2022-05-05

Changed in manila:
milestone:	zed-1 → none
assignee:	Eduardo Santos (ecsantos) → nobody
status:	Triaged → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-07-05:

[Expired for OpenStack Shared File Systems Service (Manila) because there has been no activity for 60 days.]

Changed in manila:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.