tripleo

Ganesha bound to wrong network address in Standalone deployments

Bug #1938639 reported by Tom Barron
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Tom Barron
tripleo xena-3

Bug Description

When Manila is deployed with CephFS through NFS, the Ganesha service is bound (via ganesha.conf) to a service address at the GaneshaInternal endpoint [1]. Normally this endpoint is on the storage_nfs isolated network, but when this network is not available, like Standalone deployments, it defaults to the ctlplane network [2]. While that default is appopriate for regular endpoints, the Ganesha service is consumed by guest VMs (compute instances) that cannot reach (and should not have access to) the ctlplane network.

We should default the Ganesha endpoint to the external network if the storage_nfs network is not deployed since this network will be reachable by guest VMs that should not be able to access networks used for control of the cloud infrastructure.

[1] https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/cephadm/ceph-nfs.yaml#L125

[2] https://github.com/openstack/tripleo-heat-templates/blob/master/overcloud-resource-registry-puppet.j2.yaml

Tom Barron (tpb)
Changed in tripleo:
status: New → Triaged
assignee: nobody → Tom Barron (tpb)
tags: added: train-backport-potential
tags: added: ussuri-backport-potential victoria-backport-potential wallaby-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803118

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803118
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/e104c6e623c32f7606eaaa40751c61c35c5780bb
Submitter: "Zuul (22348)"
Branch: master

commit e104c6e623c32f7606eaaa40751c61c35c5780bb
Author: Tom Barron <email address hidden>
Date: Sat Jul 31 16:09:15 2021 -0400

    Default ganesha-internal service endpoint to external network

    Closes-Bug: #1938639
    Change-Id: I1a400ed04bf59bac908b0506bf4bbcac457e512d

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803383

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803383
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/bde560231296ca313d57728ed54bb1b7a54a2f78
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit bde560231296ca313d57728ed54bb1b7a54a2f78
Author: Tom Barron <email address hidden>
Date: Tue Aug 3 12:52:07 2021 -0400

    Default ganesha-internal service endpoint to external network

    This is a clean cherry-pick except that the path to the relevant
    file changed in the master branch.

    Closes-Bug: #1938639

    (cherry picked from commit e104c6e623c32f7606eaaa40751c61c35c5780bb)
    Change-Id: I4c4cd976d9a997b39e7e3937e49193a10f872ae3

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803687

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803687
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/72ff3686e40da9aacb7ef9ed33c8dc49ec5fcb33
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 72ff3686e40da9aacb7ef9ed33c8dc49ec5fcb33
Author: Tom Barron <email address hidden>
Date: Tue Aug 3 12:52:07 2021 -0400

    Default ganesha-internal service endpoint to external network

    This is a clean cherry-pick except that the path to the relevant
    file changed in the master branch.

    Closes-Bug: #1938639

    (cherry picked from commit e104c6e623c32f7606eaaa40751c61c35c5780bb)
    Change-Id: I4c4cd976d9a997b39e7e3937e49193a10f872ae3
    (cherry picked from commit bde560231296ca313d57728ed54bb1b7a54a2f78)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803966

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/803966
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/7b219a42d6fe5a26842dbcad17cc8e5ff57513af
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 7b219a42d6fe5a26842dbcad17cc8e5ff57513af
Author: Tom Barron <email address hidden>
Date: Tue Aug 3 12:52:07 2021 -0400

    Default ganesha-internal service endpoint to external network

    This is a clean cherry-pick except that the path to the relevant
    file changed in the master branch.

    Closes-Bug: #1938639

    (cherry picked from commit e104c6e623c32f7606eaaa40751c61c35c5780bb)
    Change-Id: I4c4cd976d9a997b39e7e3937e49193a10f872ae3
    (cherry picked from commit bde560231296ca313d57728ed54bb1b7a54a2f78)
    (cherry picked from commit 72ff3686e40da9aacb7ef9ed33c8dc49ec5fcb33)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/804151

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/804151
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/98e837cd07ba448bff1745c0745448fa32e0cde4
Submitter: "Zuul (22348)"
Branch: stable/train

commit 98e837cd07ba448bff1745c0745448fa32e0cde4
Author: Tom Barron <email address hidden>
Date: Tue Aug 3 12:52:07 2021 -0400

    Default ganesha-internal service endpoint to external network

    This is a clean cherry-pick except that the path to the relevant
    file changed in the master branch.

    Closes-Bug: #1938639

    (cherry picked from commit e104c6e623c32f7606eaaa40751c61c35c5780bb)
    Change-Id: I4c4cd976d9a997b39e7e3937e49193a10f872ae3
    (cherry picked from commit bde560231296ca313d57728ed54bb1b7a54a2f78)
    (cherry picked from commit 72ff3686e40da9aacb7ef9ed33c8dc49ec5fcb33)
    (cherry picked from commit 7b219a42d6fe5a26842dbcad17cc8e5ff57513af)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 14.3.0

This issue was fixed in the openstack/tripleo-heat-templates 14.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 13.5.0

This issue was fixed in the openstack/tripleo-heat-templates 13.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 15.1.0

This issue was fixed in the openstack/tripleo-heat-templates 15.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 12.4.6

This issue was fixed in the openstack/tripleo-heat-templates 12.4.6 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates train-eol

This issue was fixed in the openstack/tripleo-heat-templates train-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.