This is my manila.conf

[cephfsnfs1]
driver_handles_share_servers = False
share_backend_name = CEPHFSNFS1
share_driver = manila.share.drivers.cephfs.driver.CephFSDriver
cephfs_protocol_helper_type = NFS
cephfs_conf_path = /etc/ceph/ceph.conf
cephfs_auth_id = manila
cephfs_cluster_name = az1
cephfs_filesystem_name = cephfs
cephfs_nfs_cluster_id = foo

Nguyen Huu Khoi


On Wed, Jan 29, 2025 at 10:27 AM Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> wrote:
Hello.
This is because if I test with different IPs then I can access it with any IP. However, I cannot mount if I dont have any rule in this share.  I test with vxlan and vlan IP too.
Nguyen Huu Khoi


On Wed, Jan 29, 2025 at 12:25 AM Carlos Silva <ces.eduardo98@gmail.com> wrote:
Hello, thank you for sharing the output of the access list command.

The access should be limited. I just ran a few tests and access is being
denied properly on my env. I have noticed that the IP you mentioned in
the first email doesn't match what is in the access rule.

Are you attempting to mount this share on a VM that doesn't have
access allowed yet? Do you have any other access rules in place?

I'd suggest, as a test, to create two VMs, allow access to only one
of them and attempt to mount the share in the VM that doesn't have
access allowed. Please let me know how that goes if possible.

Thank you,
carloss

Em seg., 27 de jan. de 2025 às 20:36, Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> escreveu:
Hello, here it is
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+----------------------------+
| id                                   | access_type | access_to   | access_level | state  | access_key | created_at                 | updated_at                 |
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+----------------------------+
| 4f31edd7-4726-4ad0-9f10-95d6126a5233 | ip          | 10.10.11.75 | rw           | active | None       | 2025-01-26T07:42:44.499015 | 2025-01-26T07:42:44.985683 |
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+----------------------------+

Nguyen Huu Khoi


On Tue, Jan 28, 2025 at 12:32 AM Carlos Silva <ces.eduardo98@gmail.com> wrote:
Hello! Can you please share what the access rule looks for the share access list command?

Em seg., 27 de jan. de 2025 às 06:06, Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> escreveu:
Hello.

I setup Manila with Cephfs driver-CephFS NFS shares and I use NFS-Ganesha based “ceph nfs” service.

I can create a share and can mount after creating access rule:

openstack share access create cephnfsshare ip 10.10.11.76

But I can mount my share from any ip.

Is it a bug, or do I understand it wrong?  

My env:

Openstack 2024 with Kolla-Ansible deployment
Ceph Quincy

Thank you. Regards


Nguyen Huu Khoi