ECS: Change of bucket owner for FS enabled bucket may lead to applications/users unable to access NFS files

           

   Article Number:     534530                                   Article Version: 3     Article Type:    Break Fix 
   

 


Product:

 

ECS Appliance

 

Issue:

 

 

This issue applies to NFS enabled buckets and a change of the bucket owner via the GUI. This may cause applications/users connected to loss access to the bucket on the Linux file system. Even if we revert the change back to the original owner again access will still not be possible leading to DU.   
   
    For example:   
    Customer changed the bucket owner to "sham2" via the GUI but due to a limitation in ECS even after changing the bucket owner name back to "sham1", the ECS will not revert the bucket owner back to "sham1" via the GUI. This can only be done for now via the CLI using an API with payload to resetowner flag to true.   
   
    Ways to identify the issue, on the Linux machine ask user to touch a file for example:   

touch filetouch: setting times of `file': Remote I/O error    
    Use svc_log with the string  "method updateObjectInternal "    
svc_log -a -sr dataheadsvc | grep "method updateObjectInternal"svc_log v1.0.22 (svc_tools v1.5.3)                 Started 2019-06-06 10:45:04Running on nodes:              <All nodes>Time range:                    2019-06-05 10:45:04 - 2019-06-06 10:45:04Filter string(s):              <All messages>Show nodename(s):              TrueSearch reclaim logs (if any):  Falsecom.emc.storageos.data.object.exception.ObjectControllerException: method updateObjectInternal not allowed for previous bucket owner sham1Caused by: com.emc.storageos.data.object.exception.ObjectControllerException: method updateObjectInternal not allowed for previous bucket owner sham1    
                                                             

 

 

Cause:

 

 

   

      Issue caused by change of the bucket owner but due to a limitation in ECS even after changing the bucket owner name back to the original name, the issue persists.   

                                                             

 

 

Change:

 

 

Change made by user to the bucket owner page on the GUI:   
    Bucket owner
                                                           

 

 

Resolution:

 

 

The workaround is to change the bucket owner via the API through CLI with payload to resetowner flag to true.   
   
    1. Determine the current bucket owner.   

      Require the GUI root password to generate the TOKEN. For example:   
   
admin@ecsnode1:~> tok=$(curl -iks https://XX.XX.XX.XX:4443/login -u 'root:ChangeMe' | grep X-SDS-AUTH-TOKEN)    
   
      Verify the current bucket owner (substitute bucket and namespace in your situation):   
   
admin@ecsnode1:~> curl -s -k -X GET -H "$tok" https://XX.XX.XX.XX:4443/object/bucket/sham_bk_nfs/info?namespace=degreat_nfs | xmllint --format - | grep '<owner>'  <owner>sham2</owner>    
   
      This confirms parameter reset_previous_owners is required to be set to true. Please note the reverted bucket owner is on the GUI but the API through CLI confirms the ECS is still seeing the bucket owner as "sham2"   
   
    2. Create a simple xml file using the vi editor. In the example below it is called  /tmp/bucket-owner.xml   
      Confirm the output:   
   
admin@ecsnode1:~ # vi /tmp/bucket-owner.xmladmin@ecsnode1:~ # cat /tmp/bucket-owner.xml<object_bucket_update_owner>   <namespace>degreat_nfs</namespace>   <new_owner>sham1</new_owner>   <reset_previous_owners>true</reset_previous_owners></object_bucket_update_owner>    
    3. Change the bucket owner back to the original.    
      The API syntax required to change the bucket owner back to "sham1" through the xml file is as follows:   
   
admin@ecsnode1:~> curl -v -k -X "POST" "https://xx.xx.xx.xx:4443/object/bucket/sham_bk_nfs/owner" -H "$tok" -H "Content-Type: application/xml" -H "ACCEPT:application/xml" -d @/tmp/bucket-owner.xml -v* Hostname was NOT found in DNS cache*   Trying xx.xx.xx.xx...* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 4443 (#0)* successfully set certificate verify locations:*   CAfile: none  CApath: /etc/ssl/certs/* SSLv3, TLS unknown, Certificate Status (22):* SSLv3, TLS handshake, Client hello (1):* SSLv3, TLS handshake, Server hello (2):* SSLv3, TLS handshake, Certificate (11):* SSLv3, TLS handshake, Server key exchange (12):* SSLv3, TLS handshake, Server finished (14):* SSLv3, TLS handshake, Client key exchange (16):* SSLv3, TLS change cipher, Client hello (1):* SSLv3, TLS handshake, Finished (20):* SSLv3, TLS change cipher, Client hello (1):* SSLv3, TLS handshake, Finished (20):* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384* Server certificate:*        subject: CN=localhost*        start date: 2019-03-25 09:53:41 GMT*        expire date: 2029-03-22 09:53:41 GMT*        issuer: CN=localhost*        SSL certificate verify result: self signed certificate (18), continuing anyway.> POST /object/bucket/sham_bk_nfs/owner HTTP/1.1> User-Agent: curl/7.37.0> Host: xx.xx.xx.xx:4443> X-SDS-AUTH-TOKEN: BAAcUy9KYlhxTlVYb2M0bnF3bTNscEsvSEdDeWhJPQMAjAQASHVybjpzdG9yYWdlb3M6VmlydHVhbERhdGFDZW50ZXJEYXRhOmJhOGQ3ZTkzLTMyMGYtNDNmNy05Y2FkLWM4YWQzMWFiMzY1MAIADTE1NTk3Mzk3OTA2MDgDAC51cm46VG9rZW46YjQ4NGNiZjEtNTkwNy00YWI3LTgzYTctM2Y3OGRhM2RiY2NiAgAC0A8=> Content-Type: application/xml> ACCEPT:application/xml> Content-Length: 179>* upload completely sent off: 179 out of 179 bytes< HTTP/1.1 200 OK< Date: Thu, 06 Jun 2019 10:56:08 GMT< Content-Length: 0< Connection: keep-alive<* Connection #0 to host xx.xx.xx.xx left intact    
    4. Confirm the bucket owner change is reflected.    
      Confirm the change of bucket owner is now "sham1"   
   
admin@ecsnode1:~> curl -s -k -X GET -H "$tok" https://XX.XX.XX.XX:4443/object/bucket/sham_bk_nfs/info?namespace=degreat_nfs | xmllint --format - | grep '<owner>'<owner>sham1</owner>    
   
      Once the bucket owner is reverted on the API, confirm the host can now access the bucket on the Linux file system.   
   
   
    Dell EMC is aware of this issue and are working on a fix in a future release.                                                           

 

 

Notes:

 

 

Subscribe to product updates   
    You can subscribe to updates by following the instructions in the Knowledge Article below:   
    DELL EMC: How to subscribe to Product Pages - Dell EMC Support?