[Rdo-list] Tripleo Liberty Cinder permission denied

Charles Short cems at ebi.ac.uk
Fri Apr 29 10:30:17 UTC 2016


Hi,

Deployed Tripleo Liberty stable on baremetal, but NetApp NFS Cinder 
backend is not working.

It is auto-mounting no problem, and I can write to it with sudo, but the 
'tripleo_netapp' backend is enabled with state 'down' as it cannot write 
to the mount point.

  cinder service-list | grep tripleo_netapp
|  cinder-volume   | hostgroup at tripleo_netapp | nova | enabled | down

[heat-admin at overcloud-controller-0 ~]$ mount | grep cinder
[ip addr]:/[mount] on 
/var/lib/cinder/mnt/3fb6f6744c383eacbe46593911aa4b0f type nfs4 
(rw,relatime,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=[ip 
addr],local_lock=none,addr=[ip addr])

I can write to it -

[heat-admin at overcloud-controller-0 ~]$ sudo touch 
/var/lib/cinder/mnt/3fb6f6744c383eacbe46593911aa4b0f/test
[heat-admin at overcloud-controller-0 ~]$

But Cinder cannot -

/var/log/cinder/volume.log:2016-04-29 09:43:49.870 56696 ERROR 
cinder.volume.drivers.remotefs [req-99928048-2446-4967-99ba-0e85c2ba5712 
- - - - -] Failed to created Cinder secure environment indicator file: 
[Errno 13] Permission denied: 
'/var/lib/cinder/mnt/3fb6f6744c383eacbe46593911aa4b0f/.cinderSecureEnvIndicator'

So this look like an issue with the user that Cinder is using to write 
to the export (cinder?)?

I have tried setting this option in cinder.conf, but it makes no difference

nas_secure_file_operations = False

"Allow network-attached storage systems to operate in a secure 
environment where root level access is not permitted. If set to False, 
access is as the root user and insecure. If set to True, access is not 
as root. If set to auto, a check is done to determine if this is a new 
installation: True is used if so, otherwise False. Default is auto"

Any help appreciated

Thanks

Charles

-- 
Charles Short
Cloud Engineer
Virtualization and Cloud Team
European Bioinformatics Institute (EMBL-EBI)
Tel: +44 (0)1223 494205




More information about the dev mailing list