Rocky Serie Releasenotes

7.4.1-38

Aktualisierungsnotizen

  • The configuration option netapp_migration_cancel_timeout can be specified in the NetApp backend section to redefine the amount of time that the NetApp driver must attempt to wait on the asynchronous operation to cancel an ongoing migration. This option is set to 3600 seconds by default, which is sufficient time in most cases.

Security Issues

  • Closes a gap where a user can see the export locations for another user’s share if the uuid of the other share is leaked, stolen, or (improbably) guessed.

Bug Fixes

  • NetApp ONTAP share delete operation can fail sometimes when is triggered immediately after migration cancelation on a overloaded NetApp backend. Canceling an ongoing migration is an asynchronous operation on an ONTAP storage system. Now the NetApp driver checks if the asynchronous API has ended its operation before reporting migration cancelation success. If the operation of the asynchronous API did not end within the specified timeout, the migration cancel cancel operation will be considered unsuccessful. To do so, a new configuration option netapp_migration_cancel_timeout has been added.

  • Fixed Launchpad bug 1699836 by preventing share type deletion when there are share group types associated with them.

  • Fixed the Generic driver to evict and kill any user processes accessing a share before attempting to extend or shrink a CIFS share.

  • NetApp cDOT driver is now fixed to remove the QoS Policy on the backend volume when a share is migrated from an extra-spec which had QoS defined to another extra-spec which has no QoS defined in it.

  • The NetApp cDOT driver is now fixed to honour the standard extra_specs during migration and manage/unmanage.

  • Fixed an issue with Unity driver fails to delete CIFS share if wrong access was set.

  • Fixed an issue in NetApp driver share replica periodic check that erroneously set a replica state to ‚error‘. In this routine, a SnapMirror resync operation was being triggered while the replica data transfering is still in progress, receiving an error from the storage side. The driver now skips resync operation for all in progress SnapMirror relationship status.

  • Fixed an issue in NetApp driver when shrinking shares to a size smaller than the current used space. Now it will return a more appropriate error status called shrinking_possible_data_loss_error.

  • Launchpad bug 1869148 has been fixed. This bug could have affected environments where extension APIs were provided in compiled files rather than source code.

  • Reduces an increase of schedule time for non thin provisioned backends. On those backends, there is no need to calculate provisioned_capacity_gb, as it is not used during the scheduling. This calculation was not scaling properly on big environments as it implies many database queries.

  • Fixed the cleanup for private share types and share group types to include clearing out the database entries recording project specific access rules to these types. See Launchpad bug 1870751 for more details.

  • Fixed quota issue that made it impossible to create resources when the project had the quotas set to unlimited, and the user had a limited amount of quotas to use. Now, operations in the mentioned quota scenario are working properly. Please see Launchpad bug 1872872 for more details.

  • Updated the scheduler pool attributes provisioned_capacity_gb and allocated_capacity_gb to accommodate shares being created. This helps maintain an approximate tally of these attributes in between back end scheduler updates.

  • Fixed an issue while promoting back share replicas created using CIFS protocol. Please refer to the Launchpad bug #1879368 for more details.

  • Fixed unneeded all ports list request to Neutron in service instance helper module on tearing down service subnet, Neutron can filter them by subnet_id itself.

  • NetApp ONTAP driver is now fixed to avoid the deletion of Cluster and Default ipspaces when deleting a share server. This issue was happening only when operating in driver_handles_share_servers enabled mode and creating shares using flat network type. See Launchpad bug 1880747 for more details.

  • Fixed bug #1882590 that caused an error on starting a NetApp backend when using the SVM scoped account.

  • Fixed launchpad bug #1885956 by ensuring that policy checks are enforced when looking up a share-type by name. This prevents a problem where shares could be stuck in CREATING status when a user attempts to create a share using the name of a private share-type to which the user lacks access.

  • Fixed bug #1886010 This bug caused glusterfs shares to still be readable/writable to connected clients while the share was deleted from manila.

  • An error with share group snapshot creation and deletion due to missing attributes has been fixed. See Launchpad bug 1888905 for more information.

  • The LVM driver no longer fails to delete shares, snapshots and access rules that are missing from storage. See Launchpad bug #1888915 for more details.

  • Fixed bug #1894362 Fixed the problem of Couldn’t find the’gluster_used_vols‘ error when deploying glusterfs driver multi-backend service and deleting share instance.

  • Dell EMC Manila Driver: Fixes wrong capacity in pool_stat. bug 1890372 powermax manila return size in MB, bug 1890375 vnx manila return size in MB, bug 1890376 unity manila return size in bytes.

7.4.1

Security Issues

  • CVE-2020-9543: An issue with share network retrieval has been addressed in the API by scoping unprivileged access to project only. Please see launchpad bug #1861485 for more details.

Bug Fixes

  • Fixed Quota exceeded exception for snapshot creation. Consumed gigabytes now reports the snapshot gigabytes instead of share gigabytes usage.

7.4.0

Bug Fixes

  • The NetApp ONTAP driver is now fixed to unmount the original active share volume after one of its replica gets promoted.

  • Share type extra-specification share_backend_name is now ignored when creating share replicas. This ensures that backends in the same replication domain need not have the same value of share_backend_name. See launchpad bug #1634734 for details.

  • The NetApp ONTAP driver is now fixed to set revert_to_snapshot_support to True or False depending upon SnapRestore License.

  • The NetApp ONTAP driver is now fixed to allow extension and shrinking of share replicas after they get promoted.

  • When the OpenStack administrator has a busy environment that contains many shares, the list operation with –limit parameter was taking too long to respond. This lag has now been fixed. See the launchpad bug 1795463 for more details.

  • When manila API is run behind a proxy webserver, the API service was parsing the major API version requested incorrectly, leading to incorrect responses. This behavior has now been fixed. See launchpad bug 1818081 for more details.

  • Fixed an issue with the Dell EMC Unity driver to work with a management IP configured in IPv6 format.

7.3.0

Aktualisierungsnotizen

  • For Dell EMC VMAX Manila driver, replaced emc_nas_pool_names with vmax_share_data_pools, emc_interface_ports with vmax_ethernet_ports, emc_nas_server_container with vmax_server_container.

Deprecation Notes

  • For Dell EMC VMAX Manila driver, options emc_nas_pool_names, emc_interface_ports, emc_nas_server_container are deprecated.

Bug Fixes

  • Access rule type for shares served via nfs-ganesha is now validated, fixing launchpad bug #1816420 where cephx access type was allowed though only ip access type is effective. This fix also validates access_level to ensure that it is set to RW or RO.

  • NetApp driver volume efficiency settings now behave consistently: like on volume creation now also modification, which is currently consumed by manage and migration, will make sure that deduplication and compression settings are applied correctly.

7.2.0

Bug Fixes

  • The generic and LVM drivers have been fixed to always perform a filesystem check on newly created snapshots and derivative shares before attempting to assign a UUID to them. See Launchpad bug 1798219 for more details.

  • Share type quotas, usages and reservations will now be correctly cleaned up if a share type has been deleted. See launchpad bug #1811680 for details regarding the bug that prevented this cleanup prior.

  • Launchpad bug 1815038 has been fixed and now we correctly parse the base URL from manila’s endpoint url, accounting for proxy URLs.

  • APIs that were not returning a request ID (‚x-compute-request-id‘) in the response headers have been fixed.

  • Shares backed by CephFS no longer have hard-coded mode 755. Use the cephfs_volume_mode configuration option to set another mode, such as 775 when using manila dynamic external storage provider with OpenShift. The default value remains 755 for backwards compatibility.

  • Fixed the driver filter to not check for hard equality between the share_backend_name and the name reported by the host as it defeats the purpose of the capabilities filter giving the ability to use „<in>“ selection operator in the extra-spec. Refer to Launchpad bug 1815700 for more details.

7.1.0

Deprecation Notes

  • The options ca_certificates_file, nova_ca_certificates_file, cinder_ca_certificates_file, api_insecure, nova_api_insecure and cinder_api_insecure have been deprecated from the DEFAULT group as well as nova, neutron and cinder configuration groups. Use cafile to specify the CA certificates and insecure to turn off SSL validation in these respective groups (nova, neutron and cinder).

Bug Fixes

  • The ZFSOnLinux driver now retries unmounting zfs shares to perform the manage operation. See Launchpad bug 1785180 for details.

  • Launchpad bug 1809318 has been fixed. The deprecated options api_insecure and ca_certificates_file from nova, cinder, neutron or DEFAULT configuration groups no longer override the newer insecure option if provided. Always use insecure and cafile to control SSL and validation since the deprecated options will be removed in a future release.

  • Drivers using ganesha can now handle ‚manila access-allow <share-id> ip 0.0.0.0/0‘ as a way to allow access to the share from all IPs.

7.0.0

Prelude

Add Inspur AS13000 driver.

New Features

  • The share type and share group type APIs in API version 2.46 return field „is_default“ which is set to ‚true‘ if the share type or the share group type is the default as configured by the administrator.

  • Metadata can be added to share access rules as key=value pairs, and also introduced the GET /share-access-rules API with API version 2.45. The prior API to retrieve access rules of a given share, POST /shares/{share-id}/action {‚access-list: null} has been removed in API version 2.45.

  • Share types can now be filtered with its extra_specs.

  • Snapshot directories of shares created by the NetApp driver can now be controlled through extra-specs for newly created shares and through a config option for existing shares.

  • Added ‚ou‘ field to ‚security_service‘ object to be able to configure in which organizational unit the share ends up.

  • cephfs volume path prefix is now configurable in order to enable support for multiple cephfs back ends.

  • The INFINIDAT share driver now supports multiple export locations per share, defined by the enabled IP addresses in the chosen network space.

  • Added new Inspur AS13000 driver, which supports snapshots operation along with all the minimum driver features.

  • The NetApp cDOT driver uses the ou field from security services to set the organizational unit of a vserver’s active directory configuration. This is done at CIFS server creation.

  • QNAP Manila driver added support for QES fw 2.1.0.

Aktualisierungsnotizen

  • The API GET /share-access-rules?share_id={share-id} replaces POST /shares/{share-id}/action with body {‚access_list‘: null} in API version 2.45. The new API supports access rule metadata and is expected to support sorting, filtering and pagination features along with newer fields to interact with access rules in future versions. The API request header ‚X-OpenStack-Manila-API-Version‘ can be set to 2.44 to continue using the prior API to retrieve access rules, but no new features will be added to that API.

  • The deprecated configuration option ‚standalone_network_plugin_ip_version‘ has been removed. ‚network_plugin_ipv4_enabled‘ and ‚network_plugin_ipv6_enabled‘ should be used instead.

Deprecation Notes

  • Remove deprecated cinder, neutron, nova options in DEFAULT group.

Security Issues

  • Service Instance Module - Added option to block port 22 from other subnets than manila service network using neutron security groups.

Bug Fixes

  • The generic driver has been fixed to allow removing inappropriate CIFS rules on NFS shares.

  • Changed sync mount permanently logic in the Generic driver to select the newly mounted share from /etc/mtab and insert it into /etc/fstab. Added corresponding remove mount permanently functionality.

  • The Launchpad bug 1717392 has been fixed and database downgrades do not fail if the database contains deleted access rules. Database downgrades are not recommended in production environments.

  • Allows the use of blank in user group name, since the AD allow user group name to include blank.

  • The database migration has been adjusted to work with mariadb >= 10.2.8 by ensuring that a primary key constraint is first dropped and re-added when a column is removed that is part of it

  • rabbitmq password is no longer exposed in the logs when debugging is enabled.

  • The access-allow API has now been fixed to validate duplicate IP addresses by different notation styles. For example, if a host with IP 172.16.21.24 already has access to an NFS share, access cannot be requested for 172.16.21.24/32.

  • Since the addition of NVE support, the Netapp driver used to fail to start when a VE license is not present on an ONTAP > 9.1. Now the driver starts but it reports NVE not supported.

  • Fix ensure_shares running every time despite not having any configuration option changed.

  • Fixed the QNAP driver so that it does not modify the share size on the back end when manila manages a share.

  • Fixed a bug in the Quobyte driver that allowed share resizing to incorrectly address the share to be resized in the backend.

  • The NetApp driver has been fixed to not enforce route creation when the share network provided has no gateway. See Launchpad bug 1777126 for details.

  • The SIGHUP behavior for the manila-scheduler service has been fixed. Previously, only the manila-share service was responding to SIGHUP and reloading its configuration, now manila-scheduler does the same.

  • New shares created on a Quobyte backend are now initialized with the correct quota.

  • fixes a bug causing incorrect quotas being set in the backend when resizing Quobyte shares.

  • Change the CIFS mounting parameter of Huawei driver from form „user=“ to „username=“, which is compatible in various OS.

  • Fixed routes.mapper.Mapper.resource adds a bunch of formatted routes that cannot accept something after a ‚.‘.

  • Removed confusing manila.db.sqlalchemy model messages indicating deprecated properties for share_type, host, share_server_id, share_network_id, available_zone. These are exposed in the API as properties of shares and are not in fact actually deprecated as such.

  • When use driver_handles_share_servers driver, reset the tap device after manila-share service start.

  • Use Oslo’s logging features to securely output the configuration options for Manila.