Subscribe

cinder iscsi Ocata and cdot 9.1p1 - permission issues

I simply cant get the NetApp unified driver 1.0.0 to work with Openstack Ocata and cDot 9.1p1 - it keeps saying 13003 insufficient privileges.

Heres an except from cinder volume logs:

 

2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager   File "/usr/lib/python2.7/site-packages/cinder/volume/drivers/netapp/dataontap/client/c
lient_cmode.py", line 781, in _check_cluster_api
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager     'system-user-capability-get-iter', api_args, False)
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager   File "/usr/lib/python2.7/site-packages/cinder/utils.py", line 827, in trace_method_log
ging_wrapper
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager     return f(*args, **kwargs)
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager   File "/usr/lib/python2.7/site-packages/cinder/volume/drivers/netapp/dataontap/client/c
lient_base.py", line 90, in send_request
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager     return self.connection.invoke_successfully(request, enable_tunneling)
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager   File "/usr/lib/python2.7/site-packages/cinder/volume/drivers/netapp/dataontap/client/a
pi.py", line 222, in invoke_successfully
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager     raise NaApiError(code, msg)
2017-06-13 20:53:30.979 32006 ERROR cinder.volume.manager NaApiError: NetApp API failed. Reason - 13003:Insufficient privileges: user 'openstack'
does not have read access to this resource

 

I have followed the guide at: http://netapp.github.io/openstack-deploy-ops-guide/ocata/content/cinder.fas.configuration.html#cinder.cdot.account_permissions

 

I have no idea what permissions I am missing!!

Here is my role on my vserver:

 

site2-svm-openstack01
           openstack     DEFAULT                                       none
                         lun                                           all
                         lun create                                    all
                         lun delete                                    all
                         lun igroup                                    readonly
                         lun igroup add                                all
                         lun igroup create                             all
                         lun igroup modify                             all
                         lun igroup show                               all
                         lun mapped                                    all
                         lun mapping create                            all
                         lun mapping delete                            all
                         lun mapping show                              all
                         lun modify                                    all
                         lun move                                      all
                         lun resize                                    all
                         lun show                                      all
                         network interface                             readonly
                         snapmirror                                    readonly
                         statistics                                    readonly
                         version                                       all
                         volume                                        readonly
                         volume efficiency                             readonly
                         volume file clone create                      all
                         vserver iscsi                                 readonly
                         vserver iscsi interface                       readonly

 

I also tried simply with the built-in vsadmin user, but that also fails on volume-get-iter...

 

Any suggestions?

 

Brgds. Martin