OpenStack Discussions

Cinder Mitaka RH OSP9 insufficient privileges qos-policy-group

openstack1

Hi,

 

Cinder and Glance are working ok with Netapp FAS8020 ontap 8.3 (NFS). We have a copy offload license and this is also working fine.

 

However the volume log in Cinder contains permissions errors  as follows -

 

 ERROR cinder.volume.drivers.netapp.dataontap.performance.perf_cmode NaApiError: NetApp API failed. Reason - 13003:Insufficient privileges: user 'openstack' does not have read access to this resource

 

and on the netapp command log -

 

 [kern_command-history:info:909] ontapi :: [ip address] :: openstack :: <netapp xmlns="http://www.netapp.com/filer/admin" version="1.31"><qos-policy-group-delete-iter><max-records>3500</max-records><query><qos-policy-group-info><policy-group>deleted_cinder_*</policy-group><vserver>[vserver_name]</vserver></qos-policy-group-info></query><return-success-list>false</return-success-list><return-failure-list>false</return-failure-list><continue-on-failure>true</continue-on-failure></qos-policy-group-delete-iter></netapp> :: Pending
 [kern_command-history:info:909] ontapi :: [ip address] :: openstack :: Insufficient privileges: user 'openstack' does not have write access to this resource :: ONTAPI :: Error

 

Any ideas what may be causing this error.?

The NetApp role was set up as per NetApp documentation here -

 

http://netapp.github.io/openstack-deploy-ops-guide/mitaka/content/cinder.fas.configuration.html#cinder.cdot.account_permissions

 

The user is a cluster level user

1 ACCEPTED SOLUTION

Bishoy
4 REPLIES 4

SumitK

In your cinder.conf, do you have the value of netapp_server_hostname set as the IP address of the cluster management LIFYou're on the right track with respect to using the Cluster-scoped account.

 

Just to reiterate, the "qos policy-group" command requires a Cluster-scoped account, and you need to ensure that you have netapp_server_hostname in your cinder.conf set as the IP address of the cluster management LIF.

openstack1

Yes the cinder.conf correctly has the cluster management LIF ip address.

 

A ticket has been opened with NetApp support. I will report back on any progress

Bishoy

Bishoy

Might be handy to post a trial of creating/deleteing QOS from Clustershell using this user on involved vols and Vserver and then we dig deeper into this.

 

Best Regards,

Bishoy

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

Public