Documentation #12642
closedsnap_unprotect() requires access to all pools
0%
Description
Hi,
we have a setup with multiple users and pools which prevents the users from unprotecting their snapshots.
Steps to reproduce:
Create two users A and B and two pools A and B. User A can only access pool A, user B only pool B.
User A creates a RBD image in pool A and snapshots it and then protects the snapshot.
User A will never be able to unprotect (e.g. in order to delete it) this snapshot.
The problem is in snap_unprotect() in librbd/internal.cc: it loops over all existing pools to look for children and it fails once it encounters a pool that it doesn't have read access to - something that is certain to happen in any multi-tenant scenario.
This problem seems to be present in all versions.
One way to fix this would be saving to children of an image in its metadata instead of searching all pools.
But issue #4868 tells me that you probably aren't a fan of this solution.
The following mailing list post also describes this problem, but I couldn't find a bug report for it here.
https://www.mail-archive.com/ceph-users@lists.ceph.com/msg16670.html
Paul