From 93ddac3dea02f84ca16dafc5e7cf02f176d3efa5 Mon Sep 17 00:00:00 2001 From: Rodrigo Barbieri Date: Mon, 29 Feb 2016 18:35:23 -0300 Subject: [PATCH] Fix NFS helper root squashing in RW access level Root squashing should be disabled in NFS helper when adding RW access rules to fix permission denied issues while different users are creating files and folders in the same share. Change-Id: I36d1cab62fcc1a2279454096f9d0ad65c96e7b9b Closes-bug: #1551422 --- manila/share/drivers/helpers.py | 11 +++++++++-- manila/tests/share/drivers/test_helpers.py | 12 ++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/manila/share/drivers/helpers.py b/manila/share/drivers/helpers.py index 819988cfa1..f62783d080 100644 --- a/manila/share/drivers/helpers.py +++ b/manila/share/drivers/helpers.py @@ -177,10 +177,13 @@ class NFSHelper(NASHelperBase): ':'.join((host, local_path))]) self._sync_nfs_temp_and_perm_files(server) for access in access_rules: + rules_options = '%s,no_subtree_check' + if access['access_level'] == const.ACCESS_LEVEL_RW: + rules_options = ','.join((rules_options, 'no_root_squash')) self._ssh_exec( server, ['sudo', 'exportfs', '-o', - '%s,no_subtree_check' % access['access_level'], + rules_options % access['access_level'], ':'.join((access['access_to'], local_path))]) self._sync_nfs_temp_and_perm_files(server) # Adding/Deleting specific rules @@ -222,10 +225,14 @@ class NFSHelper(NASHelperBase): 'name': share_name }) else: + rules_options = '%s,no_subtree_check' + if access['access_level'] == const.ACCESS_LEVEL_RW: + rules_options = ','.join((rules_options, + 'no_root_squash')) self._ssh_exec( server, ['sudo', 'exportfs', '-o', - '%s,no_subtree_check' % access['access_level'], + rules_options % access['access_level'], ':'.join((access['access_to'], local_path))]) if add_rules: self._sync_nfs_temp_and_perm_files(server) diff --git a/manila/tests/share/drivers/test_helpers.py b/manila/tests/share/drivers/test_helpers.py index 92f2802e3f..b2ea0130ba 100644 --- a/manila/tests/share/drivers/test_helpers.py +++ b/manila/tests/share/drivers/test_helpers.py @@ -89,6 +89,10 @@ class NFSHelperTestCase(test.TestCase): @ddt.data(const.ACCESS_LEVEL_RW, const.ACCESS_LEVEL_RO) def test_update_access(self, access_level): + expected_mount_options = '%s,no_subtree_check' + if access_level == const.ACCESS_LEVEL_RW: + expected_mount_options = ','.join((expected_mount_options, + 'no_root_squash')) self.mock_object(self._helper, '_sync_nfs_temp_and_perm_files') local_path = os.path.join(CONF.share_mount_path, self.share_name) exec_result = ' '.join([local_path, '2.2.2.3']) @@ -113,7 +117,7 @@ class NFSHelperTestCase(test.TestCase): mock.call(self.server, ['sudo', 'exportfs', '-u', ':'.join(['3.3.3.3', local_path])]), mock.call(self.server, ['sudo', 'exportfs', '-o', - '%s,no_subtree_check' % access_level, + expected_mount_options % access_level, ':'.join(['2.2.2.2', local_path])]), ]) self._helper._sync_nfs_temp_and_perm_files.assert_has_calls([ @@ -152,6 +156,10 @@ class NFSHelperTestCase(test.TestCase): @ddt.data(const.ACCESS_LEVEL_RW, const.ACCESS_LEVEL_RO) def test_update_access_recovery_mode(self, access_level): + expected_mount_options = '%s,no_subtree_check' + if access_level == const.ACCESS_LEVEL_RW: + expected_mount_options = ','.join((expected_mount_options, + 'no_root_squash')) access_rules = [test_generic.get_fake_access_rule( '1.1.1.1', access_level), ] self.mock_object(self._helper, '_sync_nfs_temp_and_perm_files') @@ -166,7 +174,7 @@ class NFSHelperTestCase(test.TestCase): ':'.join([access_rules[0]['access_to'], local_path])]), mock.call(self.server, ['sudo', 'exportfs', '-o', - '%s,no_subtree_check' % access_level, + expected_mount_options % access_level, ':'.join(['1.1.1.1', local_path])]), ]) self._helper._sync_nfs_temp_and_perm_files.assert_called_with(