Queens Series Release Notes

6.3.2-38

Upgrade Notes

  • The configuration option netapp_migration_cancel_timeout can be specified in the NetApp backend section to redefine the amount of time that the NetApp driver must attempt to wait on the asynchronous operation to cancel an ongoing migration. This option is set to 3600 seconds by default, which is sufficient time in most cases.

Security Issues

  • Closes a gap where a user can see the export locations for another user’s share if the uuid of the other share is leaked, stolen, or (improbably) guessed.

  • CVE-2020-9543: An issue with share network retrieval has been addressed in the API by scoping unprivileged access to project only. Please see launchpad bug #1861485 for more details.

Bug Fixes

  • NetApp ONTAP share delete operation can fail sometimes when is triggered immediately after migration cancelation on a overloaded NetApp backend. Canceling an ongoing migration is an asynchronous operation on an ONTAP storage system. Now the NetApp driver checks if the asynchronous API has ended its operation before reporting migration cancelation success. If the operation of the asynchronous API did not end within the specified timeout, the migration cancel cancel operation will be considered unsuccessful. To do so, a new configuration option netapp_migration_cancel_timeout has been added.

  • Fixed Launchpad bug 1699836 by preventing share type deletion when there are share group types associated with them.

  • Fixed the Generic driver to evict and kill any user processes accessing a share before attempting to extend or shrink a CIFS share.

  • NetApp cDOT driver is now fixed to remove the QoS Policy on the backend volume when a share is migrated from an extra-spec which had QoS defined to another extra-spec which has no QoS defined in it.

  • The NetApp cDOT driver is now fixed to honour the standard extra_specs during migration and manage/unmanage.

  • Fixed an issue in NetApp driver share replica periodic check that erroneously set a replica state to ‘error’. In this routine, a SnapMirror resync operation was being triggered while the replica data transfering is still in progress, receiving an error from the storage side. The driver now skips resync operation for all in progress SnapMirror relationship status.

  • Fixed an issue in NetApp driver when shrinking shares to a size smaller than the current used space. Now it will return a more appropriate error status called shrinking_possible_data_loss_error.

  • Fixed Quota exceeded exception for snapshot creation. Consumed gigabytes now reports the snapshot gigabytes instead of share gigabytes usage.

  • Launchpad bug 1869148 has been fixed. This bug could have affected environments where extension APIs were provided in compiled files rather than source code.

  • Reduces an increase of schedule time for non thin provisioned backends. On those backends, there is no need to calculate provisioned_capacity_gb, as it is not used during the scheduling. This calculation was not scaling properly on big environments as it implies many database queries.

  • Fixed the cleanup for private share types and share group types to include clearing out the database entries recording project specific access rules to these types. See Launchpad bug 1870751 for more details.

  • Fixed quota issue that made it impossible to create resources when the project had the quotas set to unlimited, and the user had a limited amount of quotas to use. Now, operations in the mentioned quota scenario are working properly. Please see Launchpad bug 1872872 for more details.

  • Updated the scheduler pool attributes provisioned_capacity_gb and allocated_capacity_gb to accommodate shares being created. This helps maintain an approximate tally of these attributes in between back end scheduler updates.

  • Fixed an issue while promoting back share replicas created using CIFS protocol. Please refer to the Launchpad bug #1879368 for more details.

  • Fixed unneeded all ports list request to Neutron in service instance helper module on tearing down service subnet, Neutron can filter them by subnet_id itself.

  • NetApp ONTAP driver is now fixed to avoid the deletion of Cluster and Default ipspaces when deleting a share server. This issue was happening only when operating in driver_handles_share_servers enabled mode and creating shares using flat network type. See Launchpad bug 1880747 for more details.

  • Fixed bug #1882590 that caused an error on starting a NetApp backend when using the SVM scoped account.

  • Fixed launchpad bug #1885956 by ensuring that policy checks are enforced when looking up a share-type by name. This prevents a problem where shares could be stuck in CREATING status when a user attempts to create a share using the name of a private share-type to which the user lacks access.

  • Fixed bug #1886010 This bug caused glusterfs shares to still be readable/writable to connected clients while the share was deleted from manila.

  • An error with share group snapshot creation and deletion due to missing attributes has been fixed. See Launchpad bug 1888905 for more information.

  • The LVM driver no longer fails to delete shares, snapshots and access rules that are missing from storage. See Launchpad bug #1888915 for more details.

  • Fixed bug #1894362 Fixed the problem of Couldn’t find the’gluster_used_vols’ error when deploying glusterfs driver multi-backend service and deleting share instance.

  • Dell EMC Manila Driver: Fixes wrong capacity in pool_stat. bug 1890372 powermax manila return size in MB, bug 1890375 vnx manila return size in MB, bug 1890376 unity manila return size in bytes.

6.3.2

Bug Fixes

  • The NetApp ONTAP driver is now fixed to unmount the original active share volume after one of its replica gets promoted.

  • Share type extra-specification share_backend_name is now ignored when creating share replicas. This ensures that backends in the same replication domain need not have the same value of share_backend_name. See launchpad bug #1634734 for details.

  • The NetApp ONTAP driver is now fixed to set revert_to_snapshot_support to True or False depending upon SnapRestore License.

  • The NetApp ONTAP driver is now fixed to allow extension and shrinking of share replicas after they get promoted.

  • When the OpenStack administrator has a busy environment that contains many shares, the list operation with –limit parameter was taking too long to respond. This lag has now been fixed. See the launchpad bug 1795463 for more details.

  • Fixed an issue with the Dell EMC Unity driver to work with a management IP configured in IPv6 format.

6.3.1

Bug Fixes

  • When manila API is run behind a proxy webserver, the API service was parsing the major API version requested incorrectly, leading to incorrect responses. This behavior has now been fixed. See launchpad bug 1818081 for more details.

  • NetApp driver volume efficiency settings now behave consistently: like on volume creation now also modification, which is currently consumed by manage and migration, will make sure that deduplication and compression settings are applied correctly.

6.3.0

Upgrade Notes

  • For Dell EMC VMAX Manila driver, replaced emc_nas_pool_names with vmax_share_data_pools, emc_interface_ports with vmax_ethernet_ports, emc_nas_server_container with vmax_server_container.

Deprecation Notes

  • For Dell EMC VMAX Manila driver, options emc_nas_pool_names, emc_interface_ports, emc_nas_server_container are deprecated.

Bug Fixes

  • Access rule type for shares served via nfs-ganesha is now validated, fixing launchpad bug #1816420 where cephx access type was allowed though only ip access type is effective. This fix also validates access_level to ensure that it is set to RW or RO.

6.2.0

Bug Fixes

  • The generic and LVM drivers have been fixed to always perform a filesystem check on newly created snapshots and derivative shares before attempting to assign a UUID to them. See Launchpad bug 1798219 for more details.

  • Share type quotas, usages and reservations will now be correctly cleaned up if a share type has been deleted. See launchpad bug #1811680 for details regarding the bug that prevented this cleanup prior.

  • Launchpad bug 1815038 has been fixed and now we correctly parse the base URL from manila’s endpoint url, accounting for proxy URLs.

  • APIs that were not returning a request ID (‘x-compute-request-id’) in the response headers have been fixed.

  • Shares backed by CephFS no longer have hard-coded mode 755. Use the cephfs_volume_mode configuration option to set another mode, such as 775 when using manila dynamic external storage provider with OpenShift. The default value remains 755 for backwards compatibility.

  • Drivers using ganesha can now handle ‘manila access-allow <share-id> ip 0.0.0.0/0’ as a way to allow access to the share from all IPs.

  • Fixed the driver filter to not check for hard equality between the share_backend_name and the name reported by the host as it defeats the purpose of the capabilities filter giving the ability to use “<in>” selection operator in the extra-spec. Refer to Launchpad bug 1815700 for more details.

6.1.0

Deprecation Notes

  • The options ca_certificates_file, nova_ca_certificates_file, cinder_ca_certificates_file, api_insecure, nova_api_insecure and cinder_api_insecure have been deprecated from the DEFAULT group as well as nova, neutron and cinder configuration groups. Use cafile to specify the CA certificates and insecure to turn off SSL validation in these respective groups (nova, neutron and cinder).

Bug Fixes

  • Since the addition of NVE support, the Netapp driver used to fail to start when a VE license is not present on an ONTAP > 9.1. Now the driver starts but it reports NVE not supported.

  • Fixed a bug in the Quobyte driver that allowed share resizing to incorrectly address the share to be resized in the backend.

  • The SIGHUP behavior for the manila-scheduler service has been fixed. Previously, only the manila-share service was responding to SIGHUP and reloading its configuration, now manila-scheduler does the same.

  • The ZFSOnLinux driver now retries unmounting zfs shares to perform the manage operation. See Launchpad bug 1785180 for details.

  • New shares created on a Quobyte backend are now initialized with the correct quota.

  • fixes a bug causing incorrect quotas being set in the backend when resizing Quobyte shares.

  • Launchpad bug 1809318 has been fixed. The deprecated options api_insecure and ca_certificates_file from nova, cinder, neutron or DEFAULT configuration groups no longer override the newer insecure option if provided. Always use insecure and cafile to control SSL and validation since the deprecated options will be removed in a future release.

6.0.2

Bug Fixes

  • The generic driver has been fixed to allow removing inappropriate CIFS rules on NFS shares.

  • Changed sync mount permanently logic in the Generic driver to select the newly mounted share from /etc/mtab and insert it into /etc/fstab. Added corresponding remove mount permanently functionality.

  • The Launchpad bug 1717392 has been fixed and database downgrades do not fail if the database contains deleted access rules. Database downgrades are not recommended in production environments.

  • The access-allow API has now been fixed to validate duplicate IP addresses by different notation styles. For example, if a host with IP 172.16.21.24 already has access to an NFS share, access cannot be requested for 172.16.21.24/32.

  • The NetApp driver has been fixed to not enforce route creation when the share network provided has no gateway. See Launchpad bug 1777126 for details.

  • Fixed routes.mapper.Mapper.resource adds a bunch of formatted routes that cannot accept something after a ‘.’.

  • Removed confusing manila.db.sqlalchemy model messages indicating deprecated properties for share_type, host, share_server_id, share_network_id, available_zone. These are exposed in the API as properties of shares and are not in fact actually deprecated as such.

6.0.1

Bug Fixes

  • Change the CIFS mounting parameter of Huawei driver from form “user=” to “username=”, which is compatible in various OS.

  • When use driver_handles_share_servers driver, reset the tap device after manila-share service start.

  • Use Oslo’s logging features to securely output the configuration options for Manila.

6.0.0

New Features

  • Added total count info in Manila’s /shares and /shares/detail APIs.

  • Default Role Based Access Control (RBAC) policies for all the Manila APIs have moved into code from the auxiliary policy.json file.

  • Now Manila NetApp ONTAP driver supports NetApp Volume Encryption (NVE) which allows the creation of volumes that will be encrypted at rest.

  • Added ganesha driver feature to store NFS-Ganesha’s exports and export counter directly in a HA storage, Ceph’s RADOS objects.

  • Huawei driver implements the snapshot reverting feature, by Huawei storage’s snapshot-rollback capability.

  • Added a new driver for the INFINIDAT InfiniBox storage array.

  • Added support for IPv6 default gateways to the NetApp driver.

  • Added support for IPv6 export location and access rules to the NetApp driver.

  • The NetApp driver supports a new configuration option netapp_api_trace_pattern to enable filtering backend API interactions to log. This option must be specified in the backend section when desired and it accepts a valid python regular expression.

  • Added enhanced support to the QNAP Manila driver, including Thin Provisioning, SSD Cache, Deduplication and Compression.

  • QNAP Manila driver added support for QES fw 2.0.0.

  • QNAP Manila driver adds support for QES fw 1.1.4.

  • IPv6 support for Dell EMC Unity Manila driver.

  • Added Manila driver for Veritas Access.

  • IPv6 support for Dell EMC VNX Manila driver.

Upgrade Notes

  • Removed the default policy.json file.

  • Operators need not maintain the policy.json file if they were not overriding default manila policies.

  • If Operators need to override certain RBAC policies, they can do so by creating a JSON formatted file named policy.json and populate it with the necessary overrides. This file must be placed in the config directory. The default RBAC policies are documented in the configuration reference alongside other sample configuration files.

  • Added config option ‘data_node_access_ips’ that accepts a list of IP addresses. Those IPs can be either IPv4 or IPv6.

Deprecation Notes

  • Config option ‘data_node_access_ip’ has been deprecated in favor of ‘data_node_access_ips’, and marked for removal.

Bug Fixes

  • For the latest Python 2.7 release, urllib uses the SSL certification while launching URL connection by default, which causes Huawei driver failed to connect backend storage because it doesn’t support SSL certification. Utilize the requests lib for Huawei driver instead, and set no SSL certification for backend storage connection.

  • Fixed the NetApp ONTAP driver to handle reverting to replicated and migrated snapshots.

  • Error message changed for manage API.

  • Fixed issue where locales other than POSIX and en_US.UTF-8 might cause the translate_string_size_to_float method to fail on a comma decimal separator instead of a period decimal separator.

  • Fixed creation of security group and security group rule - neutronclient mapping

  • Added operation of cleaning up the temp config files when moving the config file from temp location to the correct ganesha config location goes wrong.

  • The NetApp ONTAP driver has been fixed to honor the share size as requested when creating shares from an existing snapshot.

  • Fixed the database update query for the drivers’ private data store that was failing to update any rows marked as deleted.

  • Non admin users may invoke GET /share-networks and GET /security-services APIs with the ‘all-tenants’ flag in the query, however, the flag is ignored, and only resources belonging to the project will be served. This API change was made to fix bug 1721787 in the manila client project.

  • IPv6 addresses are handled corrected when specified for the netapp_server_hostname driver option.

  • Fixed logic in driver base class that determines whether IPv6 is supported at runtime.

  • Root uses can now correctly read files on read-only shares when the LVM or generic drivers are used.

  • Fixed the QNAP driver that the access rule setting is overridden by the later access rule setting.

  • Improved responsiveness of Host-assisted share migration by changing the waiting function of resource waiters.

  • This patch converts UnicodeDecodeError exception into BadRequest, plus an explicit error message. Fix invalid query parameter could lead to HTTP 500.

  • LVM driver now correctly parses IPv6 addresses during a Host-assisted share migration.

  • The database migration has been adjusted to work with mariadb >= 10.2.8 by ensuring that a primary key constraint is first dropped and re-added when a column is removed that is part of it

  • rabbitmq password is no longer exposed in the logs when debugging is enabled.

  • Adds the ability to solve the potential problem of slow start up, and deal with non-user-initiated state changes to shares.

  • Fixed a failure in the INFINIDAT share driver which occurs while deleting shares with externally created snapshots.

  • The Quobyte driver now handles updated error codes from Quobyte API versions 1.4+ .

  • Change Id905d47600bda9923cebae617749c8286552ec94 is causing gate failures with the generic driver so we need to revert it for now and revisit after rc.

  • Switch to use glance client to retrive image list, novaclient is rarely maintained with glance API.

Other Notes

  • Remove in-tree manila tempest plugin because it now lives in the new repo openstack/manila-tempest-plugin From now on changes to manila tempest tests should be made in this new repo.

  • The configuration option “os_region_name” from the [DEFAULT] group got removed. It was not used anywhere.

5.0.0

Bug Fixes

  • Re-enabled the consistent snapshot code in the NetApp driver, now compatible with the Manila Share Groups API instead of the deprecated and removed Manila Consistency Groups API.