2023.2 Series Release Notes

23.3.0-1

バグ修正

  • Fixed the volume property signature_verified propagating to images created from volumes. That property could later conflict with the same property being added again when creating a new volume from such image, preventing the volume from being created successfully. This volume property is created whenever a volume is created from an image for the purpose of indicating that the image signature was verified on creation, and was not intended to be propagated further if a new image is created from such volume.

23.3.0

新機能

  • Added a new cinder-manage command to handle the situation where database purges would not complete due to the volumes table holding references to deleted services. The new command makes sure that all volumes have a reference only to the correct service_uuid, which will allow old service records to be purged from the database.

    Command: cinder-manage volume update_service

  • When Cinder creates a new cinder-volume service, it now also immediately updates the service_uuid for all volumes associated with that cinder-volume host. In some cases, this was preventing the database purge operation from completing successfully.

アップグレード時の注意

  • Cinder now uses the RBD trash functionality to handle some volume deletions. Therefore, deployments must either a) enable scheduled RBD trash purging on the RBD backend or b) enable the Cinder RBD driver's enable_deferred_deletion option to have Cinder purge the RBD trash. This adds the new configuration option 'rbd_concurrent_flatten_operations', which limits how many RBD flattens the driver will run simultaneously. This can be used to prevent flatten operations from consuming too much I/O capacity on the Ceph cluster. It defaults to 3.

バグ修正

  • Bug #2058596: Fixed broken backup_swift_service_auth=True which made swift backup driver consistently fail during object data access.

  • Bug #2031897: Fixed issues for volume backups with the Ceph driver where failures of the first process ("rbd export-diff") were not caught. Instead, only the return code of the second process ("rbd import-diff") was recognized.

    This change also preserves the stderr that was lost previously in order to ease debugging.

  • Hitachi driver bug #2072317: Fix potential data-loss due to a network issue during a volume deletion.

  • Hitachi driver bug #2024418: Fixed to raise correct exception when volume is busy while performing delete volume operation.

  • HPE XP and NEC V driver bug #2012515: Fixed to use correct Host group name.

  • Hitachi driver bug #2011810: Fixed to use correct pool number for secondary storage on GAD environment.

  • Hitachi driver bug #2071697 <https://bugs.launchpad.net/cinder/+bug/2071697>'_: Fix to set correct object ID as LDEV nickname when running host-assisted migration with ``retype` or migration commands.

  • Hitachi driver bug #2063317: Fix test scripts to avoid failing by unexpected response from psuedo REST API server

  • HPE 3PAR driver Bug #2068795: Fixed: Perform login before invoking getWsApiVersion

  • Bug #1969643: The RBD driver can now delete volumes with other volumes cloned from it (or its snapshots) in cases where deletion would previously fail. This uses the RBD trash functionality.

23.2.0

セキュリティー上の問題

  • Images in the qcow2 format with an external data file are now rejected with an ImageUnacceptable error because such images could be used in an exploit to expose host information. Given that qcow2 external data files were never supported by Cinder, this change should have no impact on users. See Bug #2059809 for details.

バグ修正

  • Bug #2008017: Hide value of the [coordination] backend_url option from logs because it can contain credential.

  • Bug #2059809: Fixed issue where a qcow2 format image with an external data file could expose host information. Such an image is now rejected with an ImageUnacceptable error if it is used to create a volume. Given that qcow2 external data files were never supported by Cinder, the only use for such an image previously was to attempt to steal host information, and hence this change should have no impact on users.

  • Dell PowerMax driver bug #2051828: The driver only recognized 10.0 as being Unisphere 10 and would try to use 9.2 for Unisphere 10.x (where x > 0), but now it correctly recognizes 10.x as being Unisphere 10.

  • Bug #1988942: Increased size of volume image metadata values accepted by the Block Storage API. Volume image metadata values were limited to 255 characters but Glance allows up to 65535 bytes. This change does not affect the database tables which already allow up to 65535 bytes for image metadata values.

23.1.0

バグ修正

  • Bug #2045431: Fixed a data leak scenario where we preserve sparseness when reimaging the volume.

    We currently do a sparse copy when writing an image on the volume. This could be a potential data leak scenario where the zero blocks of the new image are not written on the existing volume and the data from the old image still exists on the volume. We fix the scenario by not doing sparse copy when reimaging the volume.

  • HPE 3PAR driver Bug #2045411: Added support for ipv6 address in the 3PAR iSCSI driver.

23.0.0

新機能

  • Yadro Tatlin Unified: Added initial version of the FC driver.

  • Fujitsu ETERNUS DX driver: Added support for QoS

    What QoS settings are available depends upon the storage firmware version of the ETERNUS AF/DX.

    • When the storage firmware version is less than V11L30-0000, only the upper limit of bandwidth(BWS) can be set using:

      • maxBWS

      Note that when the firmware version of the ETERNUS AF/DX is earlier than V11L30, upper limits for the volume QoS settings of the ETERNUS AF/DX are set using predefined options. This means that you should set the upper limit of the ETERNUS AF/DX side to a maximum value that does not exceed the specified maxBWS.

    • When the storage firmware version is greater than V11L30-0000, the IOPS/Throughput of Total/Read/Write for the volume can be set separately using:

      • read_bytes_sec

      • write_bytes_sec

      • total_bytes_sec

      • read_iops_sec

      • write_iops_sec

      • total_iops_sec

      See the Fujitsu ETERNUS DX driver documentation for details.

  • NetApp ONTAP NFS driver: Enabled support for Active/Active environments in the NetApp NFS driver (including replication).

  • [Pure Storage] Corrected support status to True for generic group consistency snapshot support and added support for replication-enabled consistency groups.

  • Pure Storage FlashArray driver: Added support NVMe-TCP transport layer.

  • New ISCSI cinder volume driver for TOYOU NetStor TYDS Storage.

既知の問題

  • For security reasons (Bug #2004555) manually deleting an attachment, manually doing the os-terminate_connection, os-detach or os-force_detach actions will no longer be allowed in most cases unless the request is coming from another OpenStack service on behalf of a user.

アップグレード時の注意

  • Nova must be configured to send service tokens and cinder must be configured to recognize at least one of the roles that the nova service user has been assigned in keystone. By default, cinder will recognize the service role, so if the nova service user is assigned a differently named role in your cloud, you must adjust your cinder configuration file (service_token_roles configuration option in the keystone_authtoken section). If nova and cinder are not configured correctly in this regard, detaching volumes will no longer work (Bug #2004555).

  • The legacy sqlalchemy-migrate migrations, which have been deprecated since Xena, have been removed. There should be no end-user impact.

Critical Issues

セキュリティー上の問題

  • As part of the fix for Bug #2004555, cinder now rejects user attachment delete requests for attachments that are being used by nova instances to ensure that no leftover devices are produced on the compute nodes which could be used to access another project's volumes. Terminate connection, detach, and force detach volume actions (calls that are not usually made by users directly) are, in most cases, not allowed for users.

バグ修正

  • Bug #2007615: the restore operation of the Cinder backup service now restores into sparse volumes, if possible. So, operators no longer need more space than used previously when they restore from a disaster.

  • Bug #2025277: Fixed a regression in the fix for Cinder backup restoring into sparse volumes, where OpenStack's integrated CLI triggered a traceback. The deprecated project-specific legacy CLI of Cinder continued to work.

  • Ceph backup driver Bug #1895035: Fixed restore full backups to non RBD volumes.

  • Bug #1912624: Corrected regression introduced by the refactoring of the backup service in the ussuri release, which prevented the creation of a volume backup in a different availability zone.

  • IBM Spectrum Virtualize Family driver: Bug #1976400: Optimize svcinfo CLI calls to reduce the computational time for rc-relationship related operations.

  • Dell PowerMax Driver Bug #1981420: Fixed issue faced while creating synchronous volume which was caused by incorrect handling of the force flag. This is corrected by checking volume type extra specs for the value of "force_vol_edit" parameter along with the "force" parameter.

  • HPE 3PAR driver bug #2008931: Fixed issue when performing migrate volume operation when comment attribute is missing from the volume.

  • NetApp ONTAP driver bug #2028857: Fixed errors that were occuring in the replica failover operation when using ONTAP REST API.

  • Bug #1945500: The original attempt at fixing this bug did not account for differences in how glance and cinder store image metadata, and as a result some image properties were not filtered out. This new improved fix addresses those differences and makes the filtering more thorough.

  • Dell PowerFlex driver bug #1998136: When using self signed certificates, the option sent to os-brick via the connection_properties was not correctly handled. It has now been fixed by adding the 'verify_certificate' and 'certificate_path' to the driver when initializing the connection.

  • HPE 3PAR driver Bug #2015746: Fixed: minor code changes to work with new wsapi.

  • HPE 3PAR driver Bug #1994521: Fixed: While performing a delete snapshot (s1) operation, the volumes (v2) dependent on the snapshot (s1) are converted to base volumes. This operation fails if these dependent volumes (v2) have their own dependent snapshots (s2). The errors during the failure were vague and not helpful. With this release, we added conditions to fail this operation early and also added useful error message.

  • HPE 3PAR driver Bug #2023253: Fixed: Handle error during retype of volume without comment

  • HPE 3PAR driver bug #2018994: Fixed: use small QoS Latency value (less than 1)

  • HPE 3PAR driver Bug #2015034: Added handling for VLAN iscsi IPs in the 3PAR iSCSI driver.

  • NetApp ONTAP driver Bug #1927784: Fixed the replication setup with FlexVol pools.

  • Pure iSCSI & FC driver bug #2006960: Fixed attaching LUNs greater than 255. Driver leverages new os-brick functionality to specify LUN addressing mode.

  • [Pure Storage] bug #2028380: Fixed issue with cinder replication failover failing due to incorrect REST call.

  • Pure Storage Cinder Driver: Fixed bug 2029005 to correctly disconnect a sync replicated volume from host on the secondary array when uniform option is set to True.

  • Bug #1997980: RBD: Fixed failure to update rbd image features for multi-attach when features = 0.

  • Bug #2004555: Fixed issue where a user manually deleting an attachment, calling terminate connection, detach, or force detach, for a volume that is still used by a nova instance resulted in leftover devices on the compute node. These operations will now fail when it is believed to be a problem.

  • Bug #2008259: Fixed the volume create functionality where non-admin users were able to create multiattach volumes by providing the multiattach parameter in the request body. Now we can only create multiattach volumes using a multiattach volume type, which is also the recommended way.

その他の注意点

  • Nimble driver: Enable thin provisioning as default method while creating volumes.

  • Removed the ability to create multiattach volumes by specifying multiattach parameter in the request body of a volume create operation. This functionality is unsafe, can lead to data loss, and has been deprecated since the Queens release. The recommended method for creating a multiattach volume is to use a volume type that supports multiattach. By default, volume types can only be created by the operator. Users who have a need for multiattach volumes should contact their operator if a suitable volume type is not available.