Project

General

Profile

Bug #37855

only first subuser can be exported to nfs

Added by min-sheng Lin about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Target version:
% Done:

0%

Source:
Tags:
Backport:
luminous, mimic
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I have a s3 user with two subusers:

[vagrant@admin ~]$ sudo radosgw-admin user info --uid fe707977-8225-4d56-8382-42dfaa397cfc
{
    "user_id": "fe707977-8225-4d56-8382-42dfaa397cfc",
    "display_name": "MST107300",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "auid": 0,
    "subusers": [
        {
            "id": "fe707977-8225-4d56-8382-42dfaa397cfc:admin",
            "permissions": "full-control" 
        },
        {
            "id": "fe707977-8225-4d56-8382-42dfaa397cfc:fychao68",
            "permissions": "full-control" 
        }
    ],
    "keys": [
        {
            "user": "fe707977-8225-4d56-8382-42dfaa397cfc:fychao68",
            "access_key": "2ILESNIW35DYIR8BRC8K",
            "secret_key": "v5WiTzCI0CKHnm6aVPTJbo22rmhy8r6hOyJ6mUog" 
        },
        {
            "user": "fe707977-8225-4d56-8382-42dfaa397cfc",
            "access_key": "AM4J6WUHYEASJBND6IGO",
            "secret_key": "KDMh5CMsrXgiEJNnc5pN1PWqk31esNXGDA4p3ORL" 
        },
        {
            "user": "fe707977-8225-4d56-8382-42dfaa397cfc:admin",
            "access_key": "KD2QF2LRSSJGAHTULF0D",
            "secret_key": "uUuIvo6AGSTPMCnmhLS2kJxdcE3VoVwQXUxUn5LD" 
        }
    ],

When use following config to export s3, I got a error "Authorization Failed for user fe707977-8225-4d56-8382-42dfaa397cfc":

Export {
        Export_ID = 55688;
        Path = "/";
        Pseudo = "/MST107300";
        Access_Type = RW;
        Protocols = 3,4;
        Transports = UDP,TCP;
        Squash = No_Root_Squash;
        FSAL {
                Name = RGW;
                User_Id = "fe707977-8225-4d56-8382-42dfaa397cfc";
                Access_Key_Id ="AM4J6WUHYEASJBND6IGO";
                Secret_Access_Key = "KDMh5CMsrXgiEJNnc5pN1PWqk31esNXGDA4p3ORL";
        }
}

RGW {
        ceph_conf = "/etc/ceph/ceph.conf";
        name = "client.admin";
        cluster = "ceph";
        init_args = "--keyring=/etc/ceph/ceph.client.admin.keyring";
#       init_args = "-d --debug-rgw=16";
}
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] create_export :FSAL :CRIT :Unable to mount RGW cluster for /.
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] create_export :FSAL :CRIT :Authorization Failed for user fe707977-8225-4d56-8382-42dfaa397cfc
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] mdcache_fsal_create_export :FSAL :MAJ :Failed to call create_export on underlying FSAL RGW
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] fsal_cfg_commit :CONFIG :CRIT :Could not create export for (/MST107300) to (/)
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] main :NFS STARTUP :WARN :No export entries found in configuration file !!!
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] config_errs_to_log :CONFIG :CRIT :Config File (/etc/ganesha/ganesha.conf:9): 1 validation errors in block FSAL
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] config_errs_to_log :CONFIG :CRIT :Config File (/etc/ganesha/ganesha.conf:9): Errors processing block (FSAL)
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] config_errs_to_log :CONFIG :CRIT :Config File (/etc/ganesha/ganesha.conf:1): 1 validation errors in block EXPORT
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] config_errs_to_log :CONFIG :CRIT :Config File (/etc/ganesha/ganesha.conf:1): Errors processing block (EXPORT)
26/12/2018 12:38:55 : epoch 5c23765f : admin : ganesha.nfsd-21680[main] lower_my_caps :NFS STARTUP :EVENT :CAP_SYS_RESOURCE was successfully removed for proper quota management in FSAL

After deleting subuser fe707977-8225-4d56-8382-42dfaa397cfc:fychao68, I can export s3 successfully:

[vagrant@admin ~]$ sudo radosgw-admin subuser rm --subuser fe707977-8225-4d56-8382-42dfaa397cfc:fychao68
{
    "user_id": "fe707977-8225-4d56-8382-42dfaa397cfc",
    "display_name": "MST107300",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "auid": 0,
    "subusers": [
        {
            "id": "fe707977-8225-4d56-8382-42dfaa397cfc:admin",
            "permissions": "full-control" 
        }
    ],
    "keys": [
        {
            "user": "fe707977-8225-4d56-8382-42dfaa397cfc",
            "access_key": "AM4J6WUHYEASJBND6IGO",
            "secret_key": "KDMh5CMsrXgiEJNnc5pN1PWqk31esNXGDA4p3ORL" 
        },
        {
            "user": "fe707977-8225-4d56-8382-42dfaa397cfc:admin",
            "access_key": "KD2QF2LRSSJGAHTULF0D",
            "secret_key": "uUuIvo6AGSTPMCnmhLS2kJxdcE3VoVwQXUxUn5LD" 
        }
    ],
26/12/2018 12:44:55 : epoch 5c2377c7 : admin : ganesha.nfsd-22268[main] main :MAIN :EVENT :ganesha.nfsd Starting: Ganesha Version 2.5.5
26/12/2018 12:44:55 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_set_param_from_conf :NFS STARTUP :EVENT :Configuration file successfully parsed
26/12/2018 12:44:55 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] init_server_pkgs :NFS STARTUP :EVENT :Initializing ID Mapper.
26/12/2018 12:44:55 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] init_server_pkgs :NFS STARTUP :EVENT :ID Mapper successfully initialized.
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] lower_my_caps :NFS STARTUP :EVENT :CAP_SYS_RESOURCE was successfully removed for proper quota management in FSAL
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] lower_my_caps :NFS STARTUP :EVENT :currenty set capabilities are: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap+ep
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Init_svc :DISP :CRIT :Cannot acquire credentials for principal nfs
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Init_admin_thread :NFS CB :EVENT :Admin thread initialized
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs4_start_grace :STATE :EVENT :NFS Server Now IN GRACE, duration 90
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_rpc_cb_init_ccache :NFS STARTUP :EVENT :Callback creds directory (/var/run/ganesha) already exists
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_rpc_cb_init_ccache :NFS STARTUP :WARN :gssd_refresh_krb5_machine_credential failed (-1765328160:0)
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Start_threads :THREAD :EVENT :Starting delayed executor.
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Start_threads :THREAD :EVENT :9P/TCP dispatcher thread was started successfully
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Start_threads :THREAD :EVENT :gsh_dbusthread was started successfully
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Start_threads :THREAD :EVENT :admin thread was started successfully
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Start_threads :THREAD :EVENT :reaper thread was started successfully
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_Start_threads :THREAD :EVENT :General fridge was started successfully
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_start :NFS STARTUP :EVENT :-------------------------------------------------
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_start :NFS STARTUP :EVENT :             NFS SERVER INITIALIZED
26/12/2018 12:44:56 : epoch 5c2377c7 : admin : ganesha.nfsd-22269[main] nfs_start :NFS STARTUP :EVENT :-------------------------------------------------

Related issues

Copied to rgw - Backport #38501: luminous: only first subuser can be exported to nfs Resolved
Copied to rgw - Backport #38502: mimic: only first subuser can be exported to nfs Resolved

History

#2 Updated by Nathan Cutler about 5 years ago

  • Status changed from New to Pending Backport
  • Backport set to luminous, mimic

#3 Updated by Nathan Cutler about 5 years ago

  • Assignee set to Abhishek Lekshmanan

#4 Updated by Nathan Cutler about 5 years ago

  • Copied to Backport #38501: luminous: only first subuser can be exported to nfs added

#5 Updated by Nathan Cutler about 5 years ago

  • Copied to Backport #38502: mimic: only first subuser can be exported to nfs added

#6 Updated by Nathan Cutler about 5 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF