Ganesha bound to wrong network address in Standalone deployments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Tom Barron |
Bug Description
When Manila is deployed with CephFS through NFS, the Ganesha service is bound (via ganesha.conf) to a service address at the GaneshaInternal endpoint [1]. Normally this endpoint is on the storage_nfs isolated network, but when this network is not available, like Standalone deployments, it defaults to the ctlplane network [2]. While that default is appopriate for regular endpoints, the Ganesha service is consumed by guest VMs (compute instances) that cannot reach (and should not have access to) the ctlplane network.
We should default the Ganesha endpoint to the external network if the storage_nfs network is not deployed since this network will be reachable by guest VMs that should not be able to access networks used for control of the cloud infrastructure.
Changed in tripleo: | |
status: | New → Triaged |
assignee: | nobody → Tom Barron (tpb) |
tags: | added: train-backport-potential |
tags: | added: ussuri-backport-potential victoria-backport-potential wallaby-backport-potential |
Fix proposed to branch: master /review. opendev. org/c/openstack /tripleo- heat-templates/ +/803118
Review: https:/