[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Rdo-list] Tripleo Liberty Cinder permission denied

Hi Charles,

I had similar problems with a netapp deployment. Three possibilities to

1. Security on the export shipped by default with a missing netmask on
the export so should be or whatever you want to
restrict to. Though as you can write with sudo probably not the issue.

2. SELinux - I wonder if you try temporarily running setenforce 0 and
re-mounting if it has the same problem?

3. Cinder and Glance exports should be created with their respective
UIDs as owner. I blogged about it here:


Hope some of this is helpful but if not would be glad to hear of


On Fri, 2016-04-29 at 11:30 +0100, Charles Short wrote:
> Hi,
> Deployed Tripleo Liberty stable on baremetal, but NetApp NFS Cinder
> backend is not working.
> It is auto-mounting no problem, and I can write to it with sudo, but
> the
> 'tripleo_netapp' backend is enabled with state 'down' as it cannot
> write
> to the mount point.
>   cinder service-list | grep tripleo_netapp
> >
> >  cinder-volume   | hostgroup tripleo_netapp | nova | enabled | down
> [heat-admin overcloud-controller-0 ~]$ mount | grep cinder
> [ip addr]:/[mount] on
> /var/lib/cinder/mnt/3fb6f6744c383eacbe46593911aa4b0f type nfs4
> (rw,relatime,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=t
> cp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=[ip
> addr],local_lock=none,addr=[ip addr])
> I can write to it -
> [heat-admin overcloud-controller-0 ~]$ sudo touch
> /var/lib/cinder/mnt/3fb6f6744c383eacbe46593911aa4b0f/test
> [heat-admin overcloud-controller-0 ~]$
> But Cinder cannot -
> /var/log/cinder/volume.log:2016-04-29 09:43:49.870 56696 ERROR
> cinder.volume.drivers.remotefs [req-99928048-2446-4967-99ba-
> 0e85c2ba5712
> - - - - -] Failed to created Cinder secure environment indicator
> file:
> [Errno 13] Permission denied:
> '/var/lib/cinder/mnt/3fb6f6744c383eacbe46593911aa4b0f/.cinderSecureEn
> vIndicator'
> So this look like an issue with the user that Cinder is using to
> write
> to the export (cinder?)?
> I have tried setting this option in cinder.conf, but it makes no
> difference
> nas_secure_file_operations = False
> "Allow network-attached storage systems to operate in a secure
> environment where root level access is not permitted. If set to
> False,
> access is as the root user and insecure. If set to True, access is
> not
> as root. If set to auto, a check is done to determine if this is a
> new
> installation: True is used if so, otherwise False. Default is auto"
> Any help appreciated
> Thanks
> Charles
> --
> Charles Short
> Cloud Engineer
> Virtualization and Cloud Team
> European Bioinformatics Institute (EMBL-EBI)
> Tel: +44 (0)1223 494205
> _______________________________________________
> Rdo-list mailing list
> Rdo-list redhat com
> https://www.redhat.com/mailman/listinfo/rdo-list
> To unsubscribe: rdo-list-unsubscribe redhat com

Christopher Brown
OpenStack Engineer
OCF plc

Tel: +44 (0)114 257 2200
Web: www.ocf.co.uk
Blog: blog.ocf.co.uk
Twitter: @ocfplc

Please note, any emails relating to an OCF Support request must always
be sent to support ocf co uk for a ticket number to be generated or
existing support ticket to be updated. Should this not be done then OCF

cannot be held responsible for requests not dealt with in a timely

OCF plc is a company registered in England and Wales. Registered number

4132533, VAT number GB 780 6803 14. Registered office address: OCF plc,

5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield S35

If you have received this message in error, please notify us
immediately and remove it from your system.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]