2017-02-07 06:55 AM - edited 2017-02-07 06:56 AM
Cinder and Glance are working ok with Netapp FAS8020 ontap 8.3 (NFS). We have a copy offload license and this is also working fine.
However the volume log in Cinder contains permissions errors as follows -
ERROR cinder.volume.drivers.netapp.dataontap.performance.perf_cmode NaApiError: NetApp API failed. Reason - 13003:Insufficient privileges: user 'openstack' does not have read access to this resource
and on the netapp command log -
[kern_command-history:info:909] ontapi :: [ip address] :: openstack :: <netapp xmlns="http://www.netapp.com/filer/admin" version="1.31"><qos-policy-group-delete-iter><max-records>3500</max-records><query><qos-policy-group-info><policy-group>deleted_cinder_*</policy-group><vserver>[vserver_name]</vserver></qos-policy-group-info></query><return-success-list>false</return-success-list><return-failure-list>false</return-failure-list><continue-on-failure>true</continue-on-failure></qos-policy-group-delete-iter></netapp> :: Pending
[kern_command-history:info:909] ontapi :: [ip address] :: openstack :: Insufficient privileges: user 'openstack' does not have write access to this resource :: ONTAPI :: Error
Any ideas what may be causing this error.?
The NetApp role was set up as per NetApp documentation here -
The user is a cluster level user
Solved! SEE THE SOLUTION
2017-02-08 06:32 AM
Might be handy to post a trial of creating/deleteing QOS from Clustershell using this user on involved vols and Vserver and then we dig deeper into this.
2017-02-08 04:26 PM
In your cinder.conf, do you have the value of netapp_server_hostname set as the IP address of the cluster management LIF? You're on the right track with respect to using the Cluster-scoped account.
Just to reiterate, the "qos policy-group" command requires a Cluster-scoped account, and you need to ensure that you have netapp_server_hostname in your cinder.conf set as the IP address of the cluster management LIF.
2017-02-09 05:14 AM - edited 2017-02-09 05:17 AM
Yes the cinder.conf correctly has the cluster management LIF ip address.
A ticket has been opened with NetApp support. I will report back on any progress