dell
[BUG]: FS module returns wrong username if UID is equal to other UID in System zone
Describe the bug When you have local users in System zone with the same UID as users in the custom zone, and you add custom zone's users to ACL permissions to a directory in the custom zone, then get this directory details with FS module - FS module returns System zone usernames.
To Reproduce Steps to reproduce the behavior:
- Step 1 create a zone:
--------------------------------------------------------------------------------
Name: zoneinsidezoneinsidezone
Path: /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone
Groupnet: groupnet0
Map Untrusted:
Auth Providers: lsa-file-provider:System, lsa-local-provider:zoneinsidezoneinsidezone
NetBIOS Name:
User Mapping Rules: -
Home Directory Umask: 0077
Skeleton Directory: /usr/share/skel
Cache Entry Expiry: 4H
Negative Cache Entry Expiry: 1m
Zone ID: 4
--------------------------------------------------------------------------------
- Step 2 Create a user (in my case two of them) in System zone:
--------------------------------------------------------------------------------
Name: ansible_user
DN: CN=ansible_user,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:System
Sam Account Name: ansible_user
UID: 2000
SID: S-1-5-21-1442644921-1582277087-1925991597-1001
Enabled: Yes
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:2000
Name: ansible
Home Directory: /ifs/home/ansible_user
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-22T12:20:30
Password Last Set: 2021-10-05T17:22:20
Password Expires: No
Shell: /bin/zsh
UPN: ansible_user@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
Name: winscp_user
DN: CN=winscp_user,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:System
Sam Account Name: winscp_user
UID: 2001
SID: S-1-5-21-1442644921-1582277087-1925991597-1002
Enabled: Yes
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/home/winscp_user
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-22T12:20:30
Password Last Set: 2021-10-28T14:00:34
Password Expires: No
Shell: /bin/zsh
UPN: winscp_user@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
- Step 3 Create a user with the same UID (again I have two) in the custom zone:
--------------------------------------------------------------------------------
Name: lvl3user
DN: CN=lvl3user,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:zoneinsidezoneinsidezone
Sam Account Name: lvl3user
UID: 2000
SID: S-1-5-21-1932411878-2135597842-4260751763-1000
Enabled: Yes
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone/home/lvl3user
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-22T12:22:48
Password Last Set: 2021-10-07T12:11:55
Password Expires: No
Shell: /bin/zsh
UPN: lvl3user@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
Name: anotheruser3
DN: CN=anotheruser3,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:zoneinsidezoneinsidezone
Sam Account Name: anotheruser3
UID: 2001
SID: S-1-5-21-1932411878-2135597842-4260751763-1001
Enabled: No
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone/home/anotheruser3
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-22T12:22:48
Password Last Set: 2022-08-03T16:33:34
Password Expires: No
Shell: /bin/zsh
UPN: anotheruser3@DBISILONSIMULATOR
User Can Change Password: Yes
- Step 4 Add the custom zone's users to ACL permissions of a folder in the custom zone:
DBISILONSIMULATOR-1# ls -led /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone/sharelvl3
drwxrw---- + 2 root wheel 0 Sep 22 12:00 /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone/sharelvl3
OWNER: user:root
GROUP: group:wheel
0: user:anotheruser3 allow dir_gen_write,std_delete
1: user:Guest allow dir_gen_read,dir_gen_write,std_delete
2: user:lvl3user allow dir_gen_write,std_delete
3: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
4: group:wheel allow std_read_dac,std_synchronize,dir_read_attr
- Step 5 Get FS details from that directory using FS module:
- name: Get filesystem details
dellemc.powerscale.filesystem:
onefs_host: "{{onefs_host}}"
verify_ssl: "{{verify_ssl}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
access_zone: "zoneinsidezoneinsidezone"
path: "/sharelvl3"
state: present
register: ACL_permissions
- Step 6 The output has System zone users instead of the custom zone's ones:
ok: [DBISILONSIMULATOR] => {
"add_quota": "",
"changed": false,
"create_filesystem": "",
"delete_filesystem": "",
"delete_quota": "",
"filesystem_details": {
"attrs": [
...
"namespace_acl": {
"acl": [
{
"accessrights": [
"dir_gen_write",
"std_delete"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
**"id": "UID:2001",
"name": "winscp_user",**
"type": "user"
}
},
{
"accessrights": [
"dir_gen_read",
"dir_gen_write",
"std_delete"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "UID:1501",
"name": "Guest",
"type": "user"
}
},
{
"accessrights": [
"dir_gen_write",
"std_delete"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
**"id": "UID:2000",
"name": "ansible_user",**
"type": "user"
}
},
{
"accessrights": [
"dir_gen_read",
"dir_gen_write",
"dir_gen_execute",
"std_write_dac",
"delete_child"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "UID:0",
"name": "root",
"type": "user"
}
},
{
"accessrights": [
"std_read_dac",
"std_synchronize",
"dir_read_attr"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "GID:0",
"name": "wheel",
"type": "group"
}
}
],
Expected behavior FS module should return the custom zone usernames instead of System zone's ones.
System Information (please complete the following information):
- OS/Version: Ubuntu 20.04.4 LTS
- Ansible Version 2.13.2
- Python Version 3.9.13
- OneFS version: 9.2.1.10
Folks, I did some additional testing on this. In addition to the returning wrong usernames for users with same UID, the module returns usernames only if a user with the same UID exists in System zone and it returns null if you have a user with unique UID in a non-system zone. Check this out:
Custom zone user with non-unique UID:
--------------------------------------------------------------------------------
Name: user_auto_uid
DN: CN=user_auto_uid,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:zoneinsidezone
Sam Account Name: user_auto_uid
UID: 2001
SID: S-1-5-21-2000583827-658865485-2256679347-1006
Enabled: No
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/testzone/zoneinsidezone/home/user_auto_uid
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-23T18:00:07
Password Last Set: 2022-09-23T17:28:47
Password Expires: No
Shell: /bin/zsh
UPN: user_auto_uid@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
System zone user with the same UID:
--------------------------------------------------------------------------------
Name: winscp_user
DN: CN=winscp_user,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:System
Sam Account Name: winscp_user
UID: 2001
SID: S-1-5-21-1442644921-1582277087-1925991597-1002
Enabled: Yes
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/home/winscp_user
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-23T18:04:08
Password Last Set: 2021-10-28T14:00:34
Password Expires: No
Shell: /bin/zsh
UPN: winscp_user@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
Custom zone user with unique UID:
--------------------------------------------------------------------------------
Name: user3k2
DN: CN=user3k2,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:zoneinsidezone
Sam Account Name: user3k2
UID: 3758
SID: S-1-5-21-2000583827-658865485-2256679347-1007
Enabled: No
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/testzone/zoneinsidezone/home/user3k2
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-23T18:00:07
Password Last Set: 2022-09-23T17:32:03
Password Expires: No
Shell: /bin/zsh
UPN: user3k2@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
Directory on the cluster:
mkdir /ifs/testzone/zoneinsidezone/uid_test_folder
chmod -R +a user 'user3k2' allow dir_gen_read /ifs/testzone/zoneinsidezone/uid_test_folder
chmod -R +a user 'user_auto_uid' allow dir_gen_read,dir_gen_write /ifs/testzone/zoneinsidezone/uid_test_folder
DBISILONSIMULATOR-1# ls -led /ifs/testzone/zoneinsidezone/uid_test_folder
drwxrw---- + 2 root wheel 0 Sep 23 18:09 /ifs/testzone/zoneinsidezone/uid_test_folder
OWNER: user:root
GROUP: group:wheel
0: user:user_auto_uid allow dir_gen_read,dir_gen_write
1: user:user3k2 allow dir_gen_read
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow std_read_dac,std_synchronize,dir_read_attr
The module returns a wrong username (one from System zone instead of from the custome zone) for one user and just null for another user:
...
"namespace_acl": {
"acl": [
{
"accessrights": [
"dir_gen_read",
"dir_gen_write"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "UID:2001",
"name": "winscp_user",
"type": "user"
}
},
{
"accessrights": [
"dir_gen_read"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "UID:3758",
"name": null,
"type": null
}
}
...
@Bonifucksy, sorry for a much delayed response. This is due to an issue with the platform REST API. We are in discussion with the platform team, however at this point in time there is no ETA for the fix.
@anupamaloke - Last comment was that this was a REST API issue - (Dec 16, 2022). Any update? I'm having a similar issue where I request an ADS group and it returns the wrong group.
When I call it in a loop, it applies each group and it's permissions through the collection:
- name: Modify Filesystem to Apply Access Control Rights Block
block:
- name: Modify Filesystem to Apply Access Control Rights
collections:
- dellemc.powerscale
filesystem:
onefs_host: "{{ endpoint_host }}"
api_user: "{{ endpoint_user }}"
api_password: "{{ endpoint_password }}"
port_no: "{{ endpoint_port }}"
verify_ssl: "{{ verify_ssl }}"
access_zone: "{{ access_zone }}"
path: "{{ path_to_apply_acl }}"
owner:
name: root
provider_type: file
group:
name: wheel
provider_type: file
access_control_rights:
access_type: "{{ acl_item.access_type }}"
access_rights: "{{ acl_item.access_rights }}"
inherit_flags: "{{ acl_item.inherit_flags }}"
trustee:
name: "{{ acl_item.trustee_name }}"
type: "{{ acl_item.trustee_type }}"
provider_type: "{{ acl_item.trustee_provider_type }}"
access_control_rights_state: "add"
state: present
register: acl_apply_result
The variables provided are:
acl_apply_permissions:
hosts:
acl_apply_permissions.default:
cluster_name: VAA2SN201 # PSCALE9300A, PSCALE9300B, TBD will find AZ
nas_name: Paerscns06tv1
path_type: share_name # share_name or relative or full or nfs_alias
nas_path: ns06tv1_smb_000003 # share name for access zone to directory to search
acl_to_apply: #[] # List of ACLs to Apply
- trustee_name: 'CUSTOMER\group_rw' # Provides the trustee (user or group) name
trustee_type: group # Options are user, group and wellknown
trustee_provider_type: ads # Options are local, file, ldap and ads
access_type: allow # Options are allow and deny
access_rights:
- dir_gen_read
- dir_gen_write
- dir_gen_execute
- std_delete # Options: dir_gen_all, dir_gen_read, dir_gen_write, dir_gen_execute, etc
inherit_flags:
- container_inherit
- object_inherit # Options: container_inherit, object_inherit, no_propagate_inherit, inherit_only
- trustee_name: 'CUSTOMER\group_ro' # Provides the trustee (user or group) name
trustee_type: group # Options are user, group and wellknown
trustee_provider_type: ads # Options are local, file, ldap and ads
access_type: allow # Options are allow and deny
access_rights:
- dir_gen_read
- dir_gen_execute # Options: dir_gen_all, dir_gen_read, dir_gen_write, dir_gen_execute, etc
inherit_flags:
- container_inherit
- object_inherit # Options: container_inherit, object_inherit, no_propagate_inherit, inherit_only
- trustee_name: 'CUSTOMER\X333333' # Provides the trustee (user or group) name
trustee_type: user # Options are user, group and wellknown
trustee_provider_type: ads # Options are local, file, ldap and ads
access_type: allow # Options are allow and deny
access_rights:
- dir_gen_read
- dir_gen_execute # Options: dir_gen_all, dir_gen_read, dir_gen_write, dir_gen_execute, etc
inherit_flags:
- container_inherit
- object_inherit # Options: container_inherit, object_inherit, no_propagate_inherit, inherit_only
The output is:
Initial ACL of the directory/filesystem:
Cluster1-8% ls -lead /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
drwxrwxrwx 2 CUSTOMER\x222222a CUSTOMER\domain users 0 Sep 13 14:49 /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
OWNER: user:CUSTOMER\x222222a
GROUP: group:CUSTOMER\domain users
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:CUSTOMER\x222222 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit
1: group:Administrators allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace
When adding the two groups and the user via the collections (see sample code), you get the following:
Cluster1-8% ls -lead /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
drwxrwxrwx 2 CUSTOMER\x222222a CUSTOMER\domain users 0 Sep 16 11:37 /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
OWNER: user:CUSTOMER\x222222a
GROUP: group:CUSTOMER\domain users
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:CUSTOMER\x333333 allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
1: group:CUSTOMER\$3m3i10-qrirm3fasc5c allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
2: group:CUSTOMER\group_incorrect_rw allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit
3: user:CUSTOMER\x222222 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit
4: group:Administrators allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace
Note:
- [for #2] instead of CUSTOMER\group_rw, you see CUSTOMER\group_incorrect_rw
- [for #1] instead of CUSTOMER\group_ro, you see CUSTOMER$3m3i10-qrirm3fasc5c
- [for #0] the user is correct
- Collection is dellemc.powerscale v2.0.0
Then, adding the correct group by CLI:
Cluster1-8% chmod +a group 'CUSTOMER\group_rw' allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
You can see it references the correct group in the ACL.
Cluster1-8% ls -lead /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
drwxrwxrwx 2 CUSTOMER\x222222a CUSTOMER\domain users 0 Sep 16 11:37 /ifs/Cluster1/MyDevAZ/TIER1/smb/mydev01_multi_000039/sub_share
OWNER: user:CUSTOMER\x222222a
GROUP: group:CUSTOMER\domain users
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: group:CUSTOMER\group_rw allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit
1: user:CUSTOMER\x333333 allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
2: group:CUSTOMER\$3m3i10-qrirm3fasc5c allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
3: group:CUSTOMER\group_incorrect_rw allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit
4: user:CUSTOMER\x222222 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit
5: group:Administrators allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace
Cluster1-8%
The correct group is referencing a SID, while the other incorrectly added groups are referencing a GID.
@xinyert what OneFS version are you running? In 2022 Dell support confirmed that it was a bug in OneFS and not in the Ansible module. They supposed to fix it in some path for 9.5 but they didn't release that patch for the Isilon simulators. Anyway the bug shouldn't exist in the next versions.
Nik:
We are running 9.5.0.7 and I was testing against a real cluster in the customer’s dev environment. I changed customer names in the issue on github. For your information, here is the real output.
Green – Correct and added by CLI Yellow – Incorrect and added by Collection
VAA1SN102-2% ls -lead /ifs/VAA1SN102/VNSVADEV01/TIER1/smb/vadev01_multi_000039/sub_share drwxrwxrwx 2 PRUDENTIAL\x265602a PRUDENTIAL\domain users 0 Sep 16 11:37 /ifs/VAA1SN102/VNSVADEV01/TIER1/smb/vadev01_multi_000039/sub_share OWNER: user:PRUDENTIAL\x265602a GROUP: group:PRUDENTIAL\domain users CONTROL:dacl_auto_inherited,sacl_auto_inherited 0: group:PRUDENTIAL\gt-ldat_c_vncrp8100_trt-backups allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit 1: user:PRUDENTIAL\x265933 allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit 2: group:PRUDENTIAL$3m3i10-qrirm3fasc5c allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit 3: group:PRUDENTIAL\gi-ldat_c_paerscns21_shared06b_communications allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit 4: user:PRUDENTIAL\x265602 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit 5: group:Administrators allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace
VAA1SN102-2% ls -leand /ifs/VAA1SN102/VNSVADEV01/TIER1/smb/vadev01_multi_000039/sub_share drwxrwxrwx 2 1047220 1000000 0 Sep 16 11:37 /ifs/VAA1SN102/VNSVADEV01/TIER1/smb/vadev01_multi_000039/sub_share OWNER: SID:S-1-5-21-1229272821-838170752-1801674531-2358255 GROUP: SID:S-1-5-21-1229272821-838170752-1801674531-513 CONTROL:dacl_auto_inherited,sacl_auto_inherited 0: SID:S-1-5-21-1229272821-838170752-1801674531-2517528 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit 1: user:62217 allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit 2: group:1000639 allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit 3: group:1000640 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit 4: user:62215 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit 5: SID:S-1-5-32-544 allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace
#0 matches what should be #3
Also, I’m trying to get the API to work, but I’m doing something wrong using the ansible builtin uri module. Here is my code. If I could testing using the API directly, I could verify what is going on. Can you assist? The documentation for namespace is not very detailed.
-
name: Initialize Required Variables Block block:
-
name: Initialize Required Variables ansible.builtin.set_fact: acl_body: action: update authoritative: acl acl: op: add trustee: name: "{{ acl_item.trustee_name }}" type: "{{ acl_item.trustee_type }}" # provider_type: "{{ acl_item.trustee_provider_type }}" accesstype: "{{ acl_item.access_type }}" accessrights: "{{ acl_item.access_rights }}" inherit_flags: "{{ acl_item.inherit_flags }}"
-
name: Convert acl_body to JSON String ansible.builtin.set_fact: acl_body_json: "{{ acl_body | to_json }}"
-
name: Debug Printout Result - acl_body length ansible.builtin.debug: var: acl_body_json | calculate_byte_length verbosity: 2
-
-
name: Modify Filesystem to Apply Access Control Rights Block block:
-
name: Modify Filesystem to Apply Access Control Rights uri: url: “https://{{ endpoint_host }}:{{ endpoint_port }}/namespace/{{ path_to_apply_acl }}?acl=true&nsaccess=true” method: PUT user: "{{ endpoint_user }}" password: "{{ endpoint_password }}" validate_certs: "{{ verify_ssl }}" force_basic_auth: yes headers: Content-Type: "application/json" # Transfer-Encoding: chunked Content-Length: "{{ acl_body_json | calculate_byte_length }}" # x-isi-ifs-target-type: "object" body_format: json body: "{{ acl_body_json }}" status_code: 200 register: set_permissions_response
-
name: Debug Printout Result - set_permissions_response ansible.builtin.debug: var: set_permissions_response verbosity: 2
-
I’ve tried it with nsaccess=true and without it.
All help appreciated. Customer is realling pushing for a ACL solution as they are trying to replace a 3rd party item that does this.
Thanks.
John (Trey) Nix Senior Principal Engineer, Solutions Architecture Dell Technologies | Managed Services mobile +1 513 335 1992tel:+1%20513%20335%201992 @.@.> Working Hours: Monday ‒ Friday | 8:00 ‒ 17:00
Vacation Notice:
Internal Use - Confidential From: Nik @.> Sent: Tuesday, September 24, 2024 7:35 AM To: dell/ansible-powerscale @.> Cc: Nix, Trey @.>; Mention @.> Subject: Re: [dell/ansible-powerscale] [BUG]: FS module returns wrong username if UID is equal to other UID in System zone (Issue #38)
[EXTERNAL EMAIL]
@xinyert [github.com]https://urldefense.com/v3/__https:/github.com/xinyert__;!!LpKI!mOeRVuNDuQ-NLJC1FprtrGevvC_2wHujLifdTHuXu-LsJwt0zQ5JnBzdQtdDILuY8AeU0HcgIoJiSM7RhPrKK-Y$ what OneFS version are you running? In 2022 Dell support confirmed that it was a bug in OneFS and not in the Ansible module. They supposed to fix it in some path for 9.5 but they didn't release that patch for the Isilon simulators. Anyway the bug shouldn't exist in the next versions.
— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/dell/ansible-powerscale/issues/38*issuecomment-2371011039__;Iw!!LpKI!mOeRVuNDuQ-NLJC1FprtrGevvC_2wHujLifdTHuXu-LsJwt0zQ5JnBzdQtdDILuY8AeU0HcgIoJiSM7RCnxufnE$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AQ3B5HAVSE7ODP26ZNYHIQLZYFE75AVCNFSM6AAAAABOWWXYLWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZRGAYTCMBTHE__;!!LpKI!mOeRVuNDuQ-NLJC1FprtrGevvC_2wHujLifdTHuXu-LsJwt0zQ5JnBzdQtdDILuY8AeU0HcgIoJiSM7RuytVr7A$. You are receiving this because you were mentioned.Message ID: @.@.>>
@xinyert You probably intended to send your answer via email, but just FYI, you posted it publicly on GitHub. I found my previous communication with Dell support regarding this issue, and it was supposed to be fixed in version 9.5.0.6. Since your customer is running 9.5.0.7, the issue should already be resolved. You may want to wait for an answer from the developers, but if I were you, I’d proceed with the standard support approach in the meantime - updating everything to the recommended versions. First of all, I’d start with the Ansible module, as it's easier to update compared to OneFS. In your previous message, you mentioned that you're using version 2.0.0, but the current version is 2.3.0. After that, I’d install the newer OneFS version. I believe the recommended version is 9.7 now, but I’m not entirely sure.
Thank you for letting me know.
I’ll be getting with the customer to upgrade their execution environment, targeting upgrades of ansible, python and the ansible-powerscale libraries. We’ll target 3.3.0 for the ansible-powerscale and then retest. Unfortunately, we don’t control the environment, so this will take some time.
That said, I went through the change notes real quick for the ansible-powerscale libraries and I didn’t see anything that would jump out as a must upgrade reason. But maybe something was changed under the hood, so to speak.
Thanks for the info and help.
John (Trey) Nix Senior Principal Engineer, Solutions Architecture Dell Technologies | Managed Services mobile +1 513 335 1992tel:+1%20513%20335%201992 @.@.> Working Hours: Monday ‒ Friday | 8:00 ‒ 17:00
Vacation Notice:
Internal Use - Confidential From: Nik @.> Sent: Tuesday, September 24, 2024 11:18 AM To: dell/ansible-powerscale @.> Cc: Nix, Trey @.>; Mention @.> Subject: Re: [dell/ansible-powerscale] [BUG]: FS module returns wrong username if UID is equal to other UID in System zone (Issue #38)
[EXTERNAL EMAIL]
@xinyert [github.com]https://urldefense.com/v3/__https:/github.com/xinyert__;!!LpKI!i0_yDn_ltwABXamDb94IeSUqOHP6klhAFfxbpwwZUEHd1BjoZ2FiBv22C-iRFcJRaz4MV08TLXgv4KvHjwrl_W8$ You probably intended to send your answer via email, but just FYI, you posted it publicly on GitHub. I found my previous communication with Dell support regarding this issue, and it was supposed to be fixed in version 9.5.0.6. Since your customer is running 9.5.0.7, the issue should already be resolved. You may want to wait for an answer from the developers, but if I were you, I’d proceed with the standard support approach in the meantime - updating everything to the recommended versions. First of all, I’d start with the Ansible module, as it's easier to update compared to OneFS. In your previous message, you mentioned that you're using version 2.0.0, but the current version is 2.3.0. After that, I’d install the newer OneFS version. I believe the recommended version is 9.7 now, but I’m not entirely sure.
— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/dell/ansible-powerscale/issues/38*issuecomment-2371608612__;Iw!!LpKI!i0_yDn_ltwABXamDb94IeSUqOHP6klhAFfxbpwwZUEHd1BjoZ2FiBv22C-iRFcJRaz4MV08TLXgv4KvH21Z_O_o$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AQ3B5HCOCQTWRDJNUSJ7HC3ZYF7C5AVCNFSM6AAAAABOWWXYLWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZRGYYDQNRRGI__;!!LpKI!i0_yDn_ltwABXamDb94IeSUqOHP6klhAFfxbpwwZUEHd1BjoZ2FiBv22C-iRFcJRaz4MV08TLXgv4KvHXw3Q8GY$. You are receiving this because you were mentioned.Message ID: @.@.>>
We are being pushed to do more simulator testing. Any idea if installing later versions of the simulator will have the fix?
John (Trey) Nix Senior Principal Engineer, Solutions Architecture Dell Technologies | Managed Services mobile +1 513 335 1992tel:+1%20513%20335%201992 @.@.> Working Hours: Monday ‒ Friday | 8:00 ‒ 17:00
Vacation Notice:
Internal Use - Confidential From: Nik @.> Sent: Tuesday, September 24, 2024 7:35 AM To: dell/ansible-powerscale @.> Cc: Nix, Trey @.>; Mention @.> Subject: Re: [dell/ansible-powerscale] [BUG]: FS module returns wrong username if UID is equal to other UID in System zone (Issue #38)
[EXTERNAL EMAIL]
@xinyert [github.com]https://urldefense.com/v3/__https:/github.com/xinyert__;!!LpKI!mOeRVuNDuQ-NLJC1FprtrGevvC_2wHujLifdTHuXu-LsJwt0zQ5JnBzdQtdDILuY8AeU0HcgIoJiSM7RhPrKK-Y$ what OneFS version are you running? In 2022 Dell support confirmed that it was a bug in OneFS and not in the Ansible module. They supposed to fix it in some path for 9.5 but they didn't release that patch for the Isilon simulators. Anyway the bug shouldn't exist in the next versions.
— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/dell/ansible-powerscale/issues/38*issuecomment-2371011039__;Iw!!LpKI!mOeRVuNDuQ-NLJC1FprtrGevvC_2wHujLifdTHuXu-LsJwt0zQ5JnBzdQtdDILuY8AeU0HcgIoJiSM7RCnxufnE$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AQ3B5HAVSE7ODP26ZNYHIQLZYFE75AVCNFSM6AAAAABOWWXYLWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZRGAYTCMBTHE__;!!LpKI!mOeRVuNDuQ-NLJC1FprtrGevvC_2wHujLifdTHuXu-LsJwt0zQ5JnBzdQtdDILuY8AeU0HcgIoJiSM7RuytVr7A$. You are receiving this because you were mentioned.Message ID: @.@.>>
I would expect so. Anyway installing the isilon simulator is a fairly quick task. I would only recommended going above 9.5 for sure, because I have 9.5 running now and it has the bug.
Thank you for the info – In the meantime, is there any documentation for the PowerScale API regarding namespace? The platform commands are well documented, but I have found very little regarding the namespace beyond the GET abilities. I’d like to run tests quickly using PUT or POST to add the permissions and test the API before running my script using the collection. That way, I could compare the results.
All help appreciated.
John (Trey) Nix Senior Principal Engineer, Solutions Architecture Dell Technologies | Managed Services mobile +1 513 335 1992tel:+1%20513%20335%201992 @.@.> Working Hours: Monday ‒ Friday | 8:00 ‒ 17:00
Vacation Notice:
Internal Use - Confidential From: Nik @.> Sent: Wednesday, September 25, 2024 7:01 AM To: dell/ansible-powerscale @.> Cc: Nix, Trey @.>; Mention @.> Subject: Re: [dell/ansible-powerscale] [BUG]: FS module returns wrong username if UID is equal to other UID in System zone (Issue #38)
[EXTERNAL EMAIL]
I would expect so. Anyway installing the isilon simulator is a fairly quick task. I would only recommended going above 9.5 for sure, because I have 9.5 running now and it has the bug.
— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/dell/ansible-powerscale/issues/38*issuecomment-2373762207__;Iw!!LpKI!hCIK7KA2nK_Ve4J8Xof5wz1uSKL2G-_zYiBlhfxm6IgDu2LoLU1_MH3UvNFGl-8-DdSOlCgIoS-N-OVAmRNpo5s$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AQ3B5HFDSC7CUJVDT7RY5G3ZYKJYTAVCNFSM6AAAAABOWWXYLWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZTG43DEMRQG4__;!!LpKI!hCIK7KA2nK_Ve4J8Xof5wz1uSKL2G-_zYiBlhfxm6IgDu2LoLU1_MH3UvNFGl-8-DdSOlCgIoS-N-OVAMZQCKUI$. You are receiving this because you were mentioned.Message ID: @.@.>>
I've never tried doing it via REST API. It seems quicker to me to just run isi smb shares and chmod commands to setup the shares and ACL's. And then compare it to what Ansible gathers and/or creates via the modules.