hpe-storage / python-hpedockerplugin

HPE Native Docker Plugin
Apache License 2.0
36 stars 64 forks source link

Docker 3.2: ACL: Share mount fails with -o fsMode="U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy" #663

Closed sonawane-shashikant closed 5 years ago

sonawane-shashikant commented 5 years ago

Unable to mount the share which is created by the below command docker volume create -d hpe --name share98 -o filePersona -o fsOwner="1000:1000" -o fsMode="U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy"

Whereas, able to mount the share which are created by the below command (Tc-100495807_FS_206) docker volume create -d hpe --name Default_Share04 -o filePersona -o fsOwner="1000:1000" -o fsMode="U:fdiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy"

The only difference in both commands is 'p is removed from the flag parameter in the second command'.

Test-Bed Details: CSSOSBE03-B01:~ # cat /etc/os-release NAME="SLES" VERSION="12-SP3" VERSION_ID="12.3" PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3" ID="sles" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:12:sp3" CSSOSBE03-B01:~ # docker version Client: Docker Enterprise Edition (EE) 2.0 Version: 17.06.2-ee-21 API version: 1.30 Go version: go1.10.8 Git commit: 85d680a Built: Thu Apr 11 06:17:03 2019 OS/Arch: linux/amd64

Server: Docker Enterprise Edition (EE) 2.0 Engine: Version: 17.06.2-ee-21 API version: 1.30 (minimum version 1.12) Go version: go1.10.8 Git commit: 85d680a Built: Thu Apr 11 06:17:43 2019 OS/Arch: linux/amd64 Experimental: false CSSOSBE03-B01:~ # docker ps | grep plugin bbe3605c476e hpestorage/legacyvolumeplugin:3.2-prerelease "/bin/sh -c ./plug..." 28 hours ago Up 37 minutes plugin_container

Steps to Reproduce:

1.Create a share by providing the fsOwner and fsMode docker volume create -d hpe --name share98 -o filePersona -o fsOwner="1000:1000" -o fsMode="U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy" 2.Inspect the Share. 3.Now mount the Share. docker run -it --rm --mount src=share98,dst=/DATA,volume-driver=hpe --name MOUNT-3 busybox /bin/sh Expected Result: Mount should be done successfully. Actual Result: Mount Failed with an error.

CSSOSBE03-B01:~ # docker volume create -d hpe --name share98 -o filePersona -o fsOwner="1000:1000" -o fsMode="U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy" share98 CSSOSBE03-B01:~ # docker volume inspect share98 [ { "Driver": "hpe", "Labels": {}, "Mountpoint": "/opt/hpe/data/hpedocker-share98", "Name": "share98", "Options": { "filePersona": "", "fsMode": "U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy", "fsOwner": "1000:1000" }, "Scope": "global", "Status": { "backend": "DEFAULT_FILE", "clientIPs": [], "cpg": "SHASHI-CPG", "fpg": null, "fsMode": "U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy", "fsOwner": "1000:1000", "name": "share98", "protocol": "nfs", "sharePath": null, "size": "1024 GiB", "status": "CREATING", "vfs": null } } ] CSSOSBE03-B01:~ # docker volume inspect share98 [ { "Driver": "hpe", "Labels": {}, "Mountpoint": "/opt/hpe/data/hpedocker-share98", "Name": "share98", "Options": { "filePersona": "", "fsMode": "U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy", "fsOwner": "1000:1000" }, "Scope": "global", "Status": { "backend": "DEFAULT_FILE", "clientIPs": [], "cpg": "SHASHI-CPG", "fpg": "DockerFpg_9", "fsMode": "U:fdpiS:rwxTCy,U:fdiSg:rwxTCy,U:fdiS:DtnNcy", "fsOwner": "1000:1000", "name": "share98", "protocol": "nfs", "sharePath": "192.168.70.20:/DockerFpg_9/DockerVfs_9/share98", "size": "1024 GiB", "status": "AVAILABLE", "vfs": "DockerVfs_9", "vfsIPs": [ [ "192.168.70.20", "255.255.192.0" ] ] } } ]

CSSOS-SSA06 cli% showfshare nfs -dirperm -fstore share98 -vfs DockerVfs_9 share 98 Share Name : share98 Sharepath : /DockerFpg_9/DockerVfs_9/share98 Owner : root Group : Administrators@B-LOCAL_CLUSTER Modebits : 770 ---------------ACL---------------- Type Flags Principal Permissions A g GROUP@ rwaDxtTnNcy A EVERYONE@ tcy A OWNER@ rwaDxtTnNcCoy

CSSOSBE03-B01:~ # docker run -it --rm --mount src=share98,dst=/DATA,volume-driver=hpe --name MOUNT-3 busybox /bin/sh docker: Error response from daemon: error while mounting volume '/opt/hpe/data/hpedocker-share98': Exception raised for ACL setting, but proceed. User is adviced to correct the passed fsMode to suit its owner and group requirement. Delete the share and create new with correct fsMode value. Please also refer the logs for same. Exception is Share backend exception: File share permission change failed. Exception Bad request (HTTP 400) 29 - Invalid Flags: fdpiS on ACE: U:fdpiS:OWNER@:rwxTCy Warning: Setting ACL permissions will break cross protocol functionality and may cause loss of modebits information. :.

log_BUG 1.txt

imran-ansari commented 5 years ago

@sonawane-shashikant - could you please check the behavior at the backend by executing 3PAR CLI?

sonawane-shashikant commented 5 years ago

Closing this issue as same behavior is seen on 3PAR as well. Please see below output for details.

CSSOS-SSA06 cli% setfshare nfs -acl +U:fdipS:OWNER@:rwax,U:fdiSg:GROUP@:rwxTC,U :fdiS:EVERYONE@:DtnNcy -fstore SHARE12 DockerVfs_5 SHARE12 Warning: Setting ACL permissions will break cross protocol functionality and may cause loss of modebits information. Do you wish to continue? select q=quit y=yes n=no: y Invalid Flags: fdipS on ACE: U:fdipS:OWNER@:rwax CSSOS-SSA06 cli%

Moreover 3PAR clihelp too shows attribute "p". Please see the 3PAR help below.

    The values for <permlist> fields type:flag:principal:permissions will be
    as follows. The "type" field can take only one of the following
    values:
        A - allow
        D - deny
        U - audit
        L - alarm

    The "flags" is optional and can take one or more of the following
    values:
        f - file-inherit
        d - directory-inherit
        p - no-propagate-inherit
        i - inherit-only
        S - successful-access
        F - failed-access
        g - group (denotes that <principal> is a group) 

    The "principal" field can be any named user or group or one of the
    following values:
        OWNER@
        GROUP@
        EVERYONE@

    The "permissions" field can take one or more of the following
    values:
        r - read-data | list-directory
        w - write-data | create-file
        a - append-data | create-subdirectory
        x - execute
        d - delete
        D - delete-child (directories only)
        t - read-attrs
        T - write-attrs
        n - read-named-attrs
        N - write-named-attrs
        c - read-ACL
        C - write-ACL
        o - write-owner
        y - synchronize
sonawane-shashikant commented 5 years ago

With the latest build ie. hpestorage/legacyvolumeplugin:3.2, we observe Share delete issue which was not reproducing with 3.2 pre-release build.

Hence reopening this issue.

Steps to be followed -

  1. Create share as shown in bug using 3.2 build.
  2. Try to delete the share.
  3. Observe the error as shown below.

CSSOSBE03-B01:~ # docker volume rm share98 Error response from daemon: unable to remove volume: remove share98:

RAN: /bin/umount /opt/hpe/data/hpedocker-share98

STDOUT:

STDERR: umount: /opt/hpe/data/hpedocker-share98: no mount point specified. CSSOSBE03-B01:~ #

Attaching relevant logs and output.

Bug-663-Regression.docx Bug-663-Error_Logs.txt

sonawane-shashikant commented 5 years ago

With Private tag, this issue ie VERIFIED as FIXED. Fix can be merged. Bug will be closed after verification with formal build.

Bug-663-Verification.docx

sandesh-desai commented 5 years ago

Verified with the latest build and its working fine. Atatching the logs Docker output.txt Messages file.txt 3PAR output.txt

@sonawane-shashikant : Please close bug.

prablr79 commented 5 years ago

Based on the comments from Sandesh, closing this bug