NetApp
Windows SMB mount error - "empty username or password is not allowed"
Describe the bug
Hello, we've updated our Trident to 23.04 and enabled Windows Support.
Because of Windows doesn't support NFS we have created a new backend with SMB and a StorageClass which is using the new backend.
Creating a new share works without any problem, but if we want to mount the share within Windows Container, we got following error message:
MountVolume.MountDevice failed for volume "pvc-5832aba1-54ff-4040-9ec0-bbed6a2b4056" : rpc error: code = Internal desc = error mounting SMB volume \\10.0.3.203\trident_pvc_5832aba1_54ff_4040_9ec0_bbed6a2b4056 on mountpoint \var\lib\kubelet\plugins\kubernetes.io\csi\csi.trident.netapp.io\96bbcc284bda9f6bbfd0a627557179d7c1558a7b6b4abcbf735f4e7a7634b291\globalmount: empty username or password is not allowed
Environment Provide accurate information about the environment to help us reproduce the issue.
- Trident version: 23.04
- Trident installation flags used: deployed it manually with https://github.com/NetApp/trident/blob/master/deploy/bundle_post_1_25.yaml
- Container runtime: containerd
- Kubernetes version: v1.25.8+37a9a08
- Kubernetes orchestrator: Openshift 4.12
- Kubernetes enabled feature gates: -
- OS: RHEL 8, Windows Server 2022
- NetApp backend types: ONTAP-NAS
- Other:
To Reproduce Steps to reproduce the behavior:
- Rollout Trident with Windows Support
- Create a new Backend with SMB
{
"dataLIF": "10.0.3.203",
"defaults": {
"spaceReserve": "none"
},
"managementLIF": "10.0.3.201",
"password": "{{ TRIDENT_PASSWORD }}",
"storageDriverName": "ontap-nas",
"svm": "S-MU43-trident",
"username": "{{ TRIDENT_USERNAME }}",
"version": 1,
"nasType": "smb",
"labels": {"netapp": "S-MU43-trident-smb"}
}
- Create a new StorageClass which use the backend:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: file-smb
annotations:
storageclass.kubernetes.io/is-default-class: "false"
k10.kasten.io/is-snapshot-class: "true"
k10.kasten.io/volume-snapshot-class: trident
parameters:
backendType: ontap-nas
selector: "netapp=S-MU43-trident-smb"
provisioner: csi.trident.netapp.io
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
- Create a PVC with this StorageClass
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test
namespace: test
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
volumeName: pvc-5832aba1-54ff-4040-9ec0-bbed6a2b4056
storageClassName: file-smb
volumeMode: Filesystem
- Mount the PVC to a Windows Container
volumeMounts:
- name: test-volume
mountPath: /test/
volumes:
- name: test-volume
persistentVolumeClaim:
claimName: test
Expected behavior The PVC gets mounted succesfully.
Additional context
Trident Container Log:
time="2023-05-30T12:37:27+02:00" level=error msg="GRPC error: rpc error: code = Internal desc = error mounting SMB volume \\\\10.0.3.203\\trident_pvc_5832aba1_54ff_4040_9ec0_bbed6a2b4056 on mountpoint \\var\\lib\\kubelet\\plugins\\kubernetes.io\\csi\\csi.trident.netapp.io\\96bbcc284bda9f6bbfd0a627557179d7c1558a7b6b4abcbf735f4e7a7634b291\\globalmount: empty username or password is not allowed" logLayer=csi_frontend requestID=994d2803-d9da-4e85-b700-0853fcdbbc58 requestSource=CSI
I've found a solution, it is necessary to create a "smbcreds" secret and use it in the StorageClass.
This is only documented in the manual for "Azure NetApp Files"
- https://docs.netapp.com/us-en/trident-2301/trident-use/anf-prep.html#prerequisites-for-nfs-and-smb-volumes
- https://docs.netapp.com/us-en/trident-2301/trident-use/anf-examples.html#example-definitions-for-smb-volumes
Could this be added to ONTAP NAS drivers, too?
hi @burkhat Please let us know if this issue still exists with the newer versions of Trident. If not, please close the issue.
Closing. Please re-open if you notice this issue with newer versions of Trident.