On Thu, Mar 7, 2024 at 5:37 AM wodel youchi <wodel.youchi@gmail.com> wrote:
Hi,
I redid the configuration as mentioned and I used my nfs cluster ID. The share was created, the access right does not show the error status and df -h shows the nfs mount, but still the filesystem is read-only....
[root@controllera ~]# ceph nfs cluster create mynfs "3 controllera controllerb controllerc" --ingress --virtual_ip 20.1.0.201 --ingress-mode haproxy-protocol
[root@controllera ~]# ceph orch ls | grep nfs ingress.nfs.mynfs 20.1.0.201:2049,9049 6/6 5m ago 4d controllera;controllerb;controllerc;count:3 *nfs.mynfs ?:12049 3/3 5m ago 4d controllera;controllerb;controllerc;count:3*
cat *manila.conf*
..... [cephfsnfs1] driver_handles_share_servers = False share_backend_name = CEPHFSNFS1 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver cephfs_protocol_helper_type = NFS cephfs_conf_path = /etc/ceph/ceph.conf cephfs_auth_id = manila cephfs_cluster_name = ceph cephfs_filesystem_name = cephfs *cephfs_nfs_cluster_id = mynfs*
[root@rcdndeployer2 ~]# cat /etc/kolla2023dot2/config/manila/ceph.client.manila.keyring [client.manila] key = AQCra99lC3DTAhAA5Wk+trH9dc/1TIIv3SId1w== caps mgr = "allow rw" caps mon = "allow r"
(2023.2) [deployer@rcdndeployer2 ~]$ openstack share list
+--------------------------------------+------------------+------+-------------+-----------+-----------+------------------+----------------------------------+-------------------+ | ID | Name | Size | Share Proto | Status | Is Public | Share Type Name | Host | Availability Zone |
+--------------------------------------+------------------+------+-------------+-----------+-----------+------------------+----------------------------------+-------------------+ | 9b25edbb-4aa3-401e-89d1-6f1f130e62c3 | cephnativeshare1 | 3 | CEPHFS | available | False | cephfsnativetype | controllerb@cephfsnative1#cephfs | nova | |* 9aa19f2a-7b7e-4274-b22b-5a2a76e0f4a2 | cephnfsshare4 | 4 | NFS | available | False | cephfsnfstype | controllera@cephfsnfs1#cephfs | nova |*
+--------------------------------------+------------------+------+-------------+-----------+-----------+------------------+----------------------------------+-------
(2023.2) [deployer@rcdndeployer2 ~]$ openstack share export location list cephnfsshare4
+--------------------------------------+--------------------------------------------------------------------------------------------------------+-----------+ | ID | Path | Preferred |
+--------------------------------------+--------------------------------------------------------------------------------------------------------+-----------+ | 8c614f22-c221-45f9-960d-b85b8b3de94c | 20.1.0.201:/volumes/_nogroup/f7a9b751-f013-4a8b-8ee9-24da834c6da7/fba335fe-7122-4b2c-a955-c3884ce79e42 | False | <-------- my storage net 20.1.0.0/16 | 31ed7a75-0537-46d5-9b0b-1d2a1336b10b | 20.3.0.23:/volumes/_nogroup/f7a9b751-f013-4a8b-8ee9-24da834c6da7/fba335fe-7122-4b2c-a955-c3884ce79e42 | False | <-------- my api net (I don't know why the share was exported on this network ????)
+--------------------------------------+--------------------------------------------------------------------------------------------------------+-----------+
Hmm, this is strange; I don't know where this extra export path is coming from; your configuration looks fine. Could you please report a bug to https://bugs.launchpad.net/manila i'd like to see the manila-share manager log file; could you enable debug=True and please attach it to the bug?
(2023.2) [deployer@rcdndeployer2 ~]$ openstack share access list cephnfsshare4
+--------------------------------------+-------------+------------+--------------+--------+------------+----------------------------+----------------------------+ | ID | Access Type | Access To | Access Level | State | Access Key | Created At | Updated At |
+--------------------------------------+-------------+------------+--------------+--------+------------+----------------------------+----------------------------+ | ccdbfba5-691a-4591-93ee-cef30facc5d5 | ip | *20.1.11.29 | rw* | active | None | 2024-03-07T13:19:29.199046 | 2024-03-07T13:19:29.487724 |
+--------------------------------------+-------------+------------+--------------+--------+------------+----------------------------+----------------------------+
From the client machine [root@alicer9manila ~]# mount -t nfs4 20.1.0.201:/volumes/_nogroup/f7a9b751-f013-4a8b-8ee9-24da834c6da7/fba335fe-7122-4b2c-a955-c3884ce79e42 /mnt/nfscephfs/ [root@alicer9manila ~]# df -h | grep nfs 20.1.0.201:/volumes/_nogroup/f7a9b751-f013-4a8b-8ee9-24da834c6da7/fba335fe-7122-4b2c-a955-c3884ce79e42 4.0G 0 4.0G 0% /mnt/nfscephfs
[root@alicer9manila ~]# touch /mnt/nfscephfs/file *touch: cannot touch '/mnt/nfscephfs/file': Read-only file system*
What version of Ceph are you using? I ask because the ingress service needs to be setup with "haproxy_protocol" as the ingress mode; and this is only available in Reef. If you're using an older version of Ceph, you cannot use the ingress service; if you do, manila's access control rules will not work because the NFS service only sees the ingress's internal IP address instead of the eventual client IP address.
Any ideas?
Regards.
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free.www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#m_-27697966543086671_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Le jeu. 7 mars 2024 à 02:02, Goutham Pacha Ravi <gouthampravi@gmail.com> a écrit :
Hello again,
Documentation for this is being added here: https://review.opendev.org/c/openstack/manila/+/911632 Would welcome your feedback!
Thanks!
On Wed, Mar 6, 2024 at 3:15 PM Goutham Pacha Ravi <gouthampravi@gmail.com> wrote:
On Wed, Mar 6, 2024 at 2:32 PM wodel youchi <wodel.youchi@gmail.com>
Hi,
Thanks for your help.
I've created an NFS service on my ceph cluster with haproxy and
keepalived, the VIP is 20.1.0.201
I've created this keyring for the Manila client : [client.manila] key = AQCra99lC3DT*************88Iv3SId1w== caps mgr = "allow rw" caps mon = "allow r" caps osd = "allow rw pool=.nfs" <------------------------ Should I keep this line
No, it isn't necessary. the CephFS/NFS driver (using this user/keyring) doesn't directly manipulate anything in the ".nfs" pool. So you can remove this osd capability
Should I keep the last line about the .nfs pool?
I added the NFS driver to manila service using the documentation cat /etc/kolla/manila-api/manila.conf ... [cephfsnfs1] driver_handles_share_servers = False share_backend_name = CEPHFSNFS1 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver cephfs_protocol_helper_type = NFS cephfs_conf_path = /etc/ceph/ceph.conf cephfs_auth_id = manila cephfs_cluster_name = ceph cephfs_filesystem_name = cephfs cephfs_ganesha_server_is_remote = False cephfs_ganesha_server_ip = 20.1.0.201 ganesha_rados_store_enable = True ganesha_rados_store_pool_name = .nfs
<----------------------------------- Is this line correct, should I keep it?
No, remove "cephfs_ganesha_server_is_remote", "cephfs_ganesha_server_ip", "ganesha_rados_store_enable", "ganesha_rados_store_pool_name" options and replace them with this option
"cephfs_nfs_cluster_id=<name/id of the NFS service created via cephadm>"
for example, if you created a cluster like this: "ceph nfs cluster create mycephfsnfscluster ...", the ID would be "mycephfsnfscluster"
I've created an NFS share and it seems it has been created Openstack (2023.2) [deployer@rcdndeployer2 ~]$ openstack share export location
wrote: list cephnfsshare4
+--------------------------------------+--------------------------------------------------------------------------------------------------------+-----------+
| ID | Path
+--------------------------------------+--------------------------------------------------------------------------------------------------------+-----------+
| 4c5f5c4b-8308-40e5-9ee9-afed9f99a257 | 20.1.0.201:/volumes/_nogroup/bf98708e-69a4-4544-902b-fe8bd18d0d99/909330f4-9287-4af7-95eb-44f66e6e14dc | False |
+--------------------------------------+--------------------------------------------------------------------------------------------------------+-----------+
Ceph [root@controllera ~]# ceph fs subvolume ls cephfs [ { "name": "2bc1651d-a52b-44cc-b50d-7eab9fab35ed" }, { "name": "bf98708e-69a4-4544-902b-fe8bd18d0d99" } ] [root@controllera ~]# ceph fs subvolume getpath cephfs
bf98708e-69a4-4544-902b-fe8bd18d0d99
/volumes/_nogroup/bf98708e-69a4-4544-902b-fe8bd18d0d99/909330f4-9287-4af7-95eb-44f66e6e14dc
I gave it an access right, but I got an error Openstack (2023.2) [deployer@rcdndeployer2 ~]$ openstack share access list
cephnfsshare4
+--------------------------------------+-------------+------------+--------------+-------+------------+----------------------------+----------------------------+
| ID | Access Type | Access To | Access Level | State | Access Key | Created At | Updated At |
+--------------------------------------+-------------+------------+--------------+-------+------------+----------------------------+----------------------------+
| 8472c761-1d8f-4730-91a6-864f2c9cf85d | ip | 20.1.11.29 | rw | error | None | 2024-03-05T17:23:57.186732 | 2024-03-05T17:23:59.261406 |
+--------------------------------------+-------------+------------+--------------+-------+------------+----------------------------+----------------------------+
After you've made the configuration changes above, restart your manila-share manager service, delete and re-apply this rule and try your mount commands again
When I tried to mount the share I got several problems
From the client VM (IP 20.1.11.26 /16)
- Mounting using the volume path didnt't work I got : root@alicer9manila ~]# mount -v -t nfs4 20.1.0.201:/volumes/_nogroup/bf98708e-69a4-4544-902b-fe8bd18d0d99/909330f4-9287-4af7-95eb-44f66e6e14dc
/mnt/nfscephfs/
mount.nfs4: timeout set for Wed Mar 6 22:21:12 2024 mount.nfs4: trying text-based options 'vers=4.2,addr=20.1.0.201,clientaddr=20.1.11.29' mount.nfs4: mount(2): No such file or directory mount.nfs4: mounting 20.1.0.201:/volumes/_nogroup/bf98708e-69a4-4544-902b-fe8bd18d0d99/909330f4-9287-4af7-95eb-44f66e6e14dc failed, reason given by server: No such file or directory
So I used the root directory [root@alicer9manila ~]# mount -v -t nfs4 20.1.0.201:/ /mnt/nfscephfs/ mount.nfs4: timeout set for Wed Mar 6 22:22:13 2024 mount.nfs4: trying text-based options 'vers=4.2,addr=20.1.0.201,clientaddr=20.1.11.29'
- df -h : don't show the share [root@alicer9manila ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 882M 0 882M 0% /dev/shm tmpfs 353M 5.0M 348M 2% /run /dev/vda5 19G 1.5G 18G 8% / /dev/vda2 994M 271M 724M 28% /boot /dev/vda1 100M 7.0M 93M 7% /boot/efi tmpfs 177M 0 177M 0% /run/user/1000
- mount shows that there is a mounted share [root@alicer9manila ~]# mount | grep nfs rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) 20.1.0.201:/ on /mnt/nfscephfs type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=20.1.11.29,local_lock=none,addr=20.1.0.201)
- When trying to create a file on the mount-point I got : FS Read Only [root@alicer9manila ~]# cd /mnt/nfscephfs/ [root@alicer9manila nfscephfs]# touch file touch: cannot touch 'file': Read-only file system
How can I debug this?
Regards.
Le mer. 6 mars 2024 à 16:36, Carlos Silva <ces.eduardo98@gmail.com> a écrit :
Em dom., 3 de mar. de 2024 às 08:49, wodel youchi <
wodel.youchi@gmail.com> escreveu:
Hi,
I am having trouble understanding the documentation.
Kolla-ansible documentation about manila and cephfs-nfs say this : Prerequisites
3.0 or later versions of NFS-Ganesha. NFS client installed in the guest. Network connectivity between your Ceph cluster’s public network and
NFS-Ganesha server. <-------------------------- NFS Ganesha is an external service.
Yes, it is an external service. We introduced the ability to use the cephadm deployed ganesha a couple of releases ago, and started recommending it, but some docs still have to be updated, which is the case for this doc. Some of the steps are not necessary anymore and the amount of things you'd need to do in the setup is smaller.
Network connectivity between your NFS-Ganesha server and the manila
guest.
Ceph documentation says, that ceph can create an NFS-Ganesha
cluster, which simplifies the deployment, but...there are some things that are clear :
- When ceph create the NFS cluster, it create a new pool, in my deployment it is called ".nfs" - Manila using cephfs-nfs needs a pool to save the export configuration, which is called for reference : <ganesha_rados_store_pool_name> Is it the same pool???
You don't need to set this option using a ganesha deployed by cephadm, or even create the pool as suggested. That will be already done.
- The Ganesha configuration says : For a fresh setup, make sure to
create the Ganesha export index object as an empty object before starting
| Preferred | the Ganesha server.
echo | sudo rados -p ${GANESHA_RADOS_STORE_POOL_NAME} put ganesha-export-index - - If its the .nfs pool, did ceph put the ganesha-export-index in it already or should I do it?
No need for this ganesha export index part either, it will already be figured out in this case.
Thanks.
Le ven. 1 mars 2024 à 22:04, Carlos Silva <ces.eduardo98@gmail.com>
a écrit :
> > Hello, > > Em sex., 1 de mar. de 2024 às 14:09, wodel youchi < wodel.youchi@gmail.com> escreveu: >> >> Hi, >> >> I am trying to configure Manila with cephsfs NFS as backend. >> My first problem is with installing and configuring nfs ganesha : >> - Do I have to deploy nfs ganesha from ceph? > > Yeah, I think the most viable option at this point would be to deploy ganesha using cephadm. > The Manila Ceph NFS driver supports it and you'll get good benefits using this approach. > You can find some guidance on how to deploy NFS Ganesha with cephadm this doc [0]. >> >> - What about the /etc/ganesha/ganesha.conf config file? > > This Manila documentation [1] can be useful for understanding the config files. >> >> >> Could someone give me some steps to follow... >> >> Regards. > > > [0] https://docs.ceph.com/en/latest/cephadm/services/nfs/ > [1] https://docs.openstack.org/manila/latest/contributor/ganesha.html#nfs-ganesh...