Ussuri Series Release Notes

10.2.0-15

Security Issues

  • The SSH utility module no longer logs usernames and passwords as debug information.

Bug Fixes

  • An issue with RPC handling on service restart was addressed by ensuring proper initialization before creating the RPC consumer. See bug 1271568 for more details.

  • Fixed an issue during snapshot creation where a database error was being mishandled with dead code. See Launchpad bug 1475351 for more details.

  • The GET /shares/{share_id} API now responds with HTTP 404 (Not Found) for inaccessible resources. See bug 1901210 for further information.

  • Fixed periodic_share_replica_update() to skip active replicas similarly to periodic_share_replica_snapshot_update(). The intention is to check on non-active replicas, that can be ‚in_sync‘, ‚out_of_sync‘ or in ‚error‘ state.

  • Fixed an issue that made migrated shares with replication support to do not have a share instance with its replica_state set to active. Now, when the share supports replication, the destination share instance will have its replica state set as active right after the migration gets completed. For more details, please refer to bug 1927060

  • Fixed an issue with ONTAP AFF platforms while creating shares that forced volumes to have efficient data saving even when the contrary was specified. For more details, please refer to launchpad bug #1929421

  • NetApp driver: fixed an issue with the ONTAP 9.8 and older, for scoped account users, where the operation of deleting a replica was not working, but returned a message of success. For more details, please refer to launchpad bug #1934889

10.2.0

Bug Fixes

  • Resizing 0.0.0.0/24 accessible NFS shares with generic driver

  • Authentication errors when loading service clients of OpenStack Compute (nova), OpenStack Volume (cinder) and OpenStack Networking (neutron) services are now handled in a better manner.

  • Filtering shares by share-type „extra_specs“ as key=value now returns the expected output.

  • New user message now alerts users when attempting to create a new share without identifying a share type, either through request body or by setting a default share type. See bug #1870280 for more details.

10.1.0

Aktualisierungsnotizen

  • Added a new config option netapp_ssl_cert_path for NetApp driver. This option enables the user to choose the directory with certificates of trusted CA or the CA bundle. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates.

Security Issues

  • An RBAC policy check has been enforced against the GET /share-access-rules API to ensure that users are permitted to access the share that the access rule belongs to. See bug 1917417 for more details.

Bug Fixes

  • Fixed an issue on ONTAP NetApp driver that caused access rules not to be applied to a promoted replica using CIFS protocol. Please refer to the Launchpad bug #1896949 for more details.

  • Fixed an issue on ONTAP NetApp driver that was forcing the location of CA certificates for SSL verification during HTTPS requests. It adds the netapp_ssl_cert_path configuration, enabling the user to choose the directory with certificates of trusted CA or the CA bundle. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates. Please refer to the Launchpad bug #1900191 for more details.

  • A bug with storage protocol filtering in the scheduler has been fixed. See bug for more details.

  • Fixed bug #1886232 that causes an INFO message saying the python-manila package was not found. Now, the package name was updated to python3-manila. This fix solves only in the case that the user installed the manila using the default packages found in OS.

  • New user messages now alert users of possible remediations during access rule creation errors with CephFS shares. This includes hints to users to not use cephx client users that are prohibited by CephFS or the share driver. See CVE-2020-27781 and bug #1904015 <https://launchpad.net/bugs/1904015>`_ for more details.

  • Fixed a bug that if extend a volume after shrink it under generic driver, it may have a wrong real size. Please see Launchpad bug #1909951 for more details.

  • The scheduler stats resource APIs (/scheduler-stats/pools and /scheduler-stats/pools/detail) have been fixed to not return an arbitrary traceback in the error message body to the caller when access to the resource has been denied.

  • Fixed bug #1922075 Fixed the problem that „gluster volume set nfs.rpc-auth-reject ‚*‘“ failed when the glusterfs driver created an instance from a snapshot.

  • Fixed NotFound error in share replica periodic tasks. It could happen that the parent share of the replica that was being worked on had already been deleted.

  • Corrected an error message for attempts to create snapshots from shares that do not support this operation. The message said that the share backend has no such support but that is not always true. The original share for the snapshot does not support snapshots because it was created with a share type without the snapshot_support extra-spec set, irrespective of whether the back end used can itself support snapshots or not.

10.0.2

Bug Fixes

  • The API to import shares into manila could sometimes allow a share to be „managed“ into manila multiple times via different export paths. This API could also incorrectly disallow a manage operation citing a new share in question was already managed. Both issues have now been fixed. See bug #1848608 and bug #1893718 for more details.

  • Fixed an issue while bringing shares under Manila management. Now, when a share is being managed and there is no available quota to complete this operation, the service will allow the quotas to be exceeded and the operation will be completed. The administrator will need to adjust the quotas after. Please see Launchpad bug for more details.

  • Fixed an issue while promoting back share replicas created using CIFS protocol. Please refer to the Launchpad bug #1879368 for more details.

  • Fixed bug #1886010 This bug caused glusterfs shares to still be readable/writable to connected clients while the share was deleted from manila.

  • An error with share group snapshot creation and deletion due to missing attributes has been fixed. See Launchpad bug 1888905 for more information.

  • The LVM driver no longer fails to delete shares, snapshots and access rules that are missing from storage. See Launchpad bug #1888915 for more details.

  • Fixed bug #1894362 Fixed the problem of Couldn’t find the’gluster_used_vols‘ error when deploying glusterfs driver multi-backend service and deleting share instance.

  • The NetApp cDOT driver now sets the required NFS options for clients running Windows operating systems with NFSv3 support.

  • Dell EMC Manila Driver: Fixes wrong capacity in pool_stat. bug 1890372 powermax manila return size in MB, bug 1890375 vnx manila return size in MB, bug 1890376 unity manila return size in bytes.

10.0.1

Aktualisierungsnotizen

  • The configuration option netapp_migration_cancel_timeout can be specified in the NetApp backend section to redefine the amount of time that the NetApp driver must attempt to wait on the asynchronous operation to cancel an ongoing migration. This option is set to 3600 seconds by default, which is sufficient time in most cases.

Bug Fixes

  • Dell EMC Unity Driver: Fixes bug 1841035 to avoid lots of error messages displayed in logs.

  • NetApp ONTAP share delete operation can fail sometimes when is triggered immediately after migration cancelation on a overloaded NetApp backend. Canceling an ongoing migration is an asynchronous operation on an ONTAP storage system. Now the NetApp driver checks if the asynchronous API has ended its operation before reporting migration cancelation success. If the operation of the asynchronous API did not end within the specified timeout, the migration cancel cancel operation will be considered unsuccessful. To do so, a new configuration option netapp_migration_cancel_timeout has been added.

  • Fixed the Generic driver to evict and kill any user processes accessing a share before attempting to extend or shrink a CIFS share.

  • Added a new user message when share shrinking fails due to operation not being supported by the driver.

  • Fixed bug #1878993 that caused a failure on HTTPS connections within NetApp backend using python 3.7.

  • Fixed unneeded all ports list request to Neutron in service instance helper module on tearing down service subnet, Neutron can filter them by subnet_id itself.

  • NetApp ONTAP driver is now fixed to avoid the deletion of Cluster and Default ipspaces when deleting a share server. This issue was happening only when operating in driver_handles_share_servers enabled mode and creating shares using flat network type. See Launchpad bug 1880747 for more details.

  • Fixed bug #1882590 that caused an error on starting a NetApp backend when using the SVM scoped account.

  • Fixed launchpad bug #1885956 by ensuring that policy checks are enforced when looking up a share-type by name. This prevents a problem where shares could be stuck in CREATING status when a user attempts to create a share using the name of a private share-type to which the user lacks access.

  • The NetApp cDOT driver now validates the configuration of preferred domain controller(s) added in CIFS security service server setup. The mandatory option skip-config-validation was introduced to cifs-domain-preferred-dc-add with ONTAP 9.5.

10.0.0

Prelude

  • Share group APIs have graduated from their experimental feature state from API version 2.55. Share group types can be created to encompass one or more share types, share groups can be created, updated, snapshotted and deleted, and shares can be created within share groups. These actions no longer require the inclusion of X-OpenStack-Manila-API-Experimental header in the API requests.

New Features

  • The scheduler was improved to select and weigh compatible back ends when creating shares from snapshots. This change only affects the existing behavior if the option use_scheduler_creating_share_from_snapshot is enabled.

  • A new share status creating_from_snapshot was added to inform the user that a share creation from snapshot is in progress and may take some time to be concluded. In order to quantify the share creation progress a new field called progress was added to shares and share instances information, to indicate the conclusion percentage of share create operation (0 to 100%).

  • Added quotas for amount of share replicas and share replica gigabytes.

  • User messages can be queried by timestamp with query keys created_since and created_before starting with API version 2.52.

  • A „no-op“ interface driver (manila.network.linux.interface.NoopInterfaceDriver) has been introduced to work with drivers that create and manage lifecycle of share servers (driver_handles_share_servers=True) through service instance virtual machines using OpenStack Compute. This interface driver can be used when manila-share is running on a machine that has access to the administrator network used by Manila.

  • The NetApp driver now supports efficiently creating new shares from snapshots in pools or back ends different than that of the source share. In order to have this functionality working across different back ends, replication must be enabled and configured accordingly.

  • Dell EMC Unity Manila driver now supports manage/unmange share server, share instance and share snapshot.

Aktualisierungsnotizen

  • Two new config options are available for setting default quotas for share replicas: quota_share_replicas and quota_replica_gigabytes.

  • Python 2.7 support has been dropped. Last release of openstack/manila to support python 2.7 is OpenStack Train (9.x). The minimum version of Python now supported by openstack/manila is Python 3.6.

  • The values of share type extra-specs will be considered case insensitive for comparison in the scheduler’s capabilities filter.

  • In this release, the operation create share from snapshot was improved in the ZFSonLinux driver. Now, the operator using the ZFSonLinux driver can create a share from snapshot in different pools or backends by specifying the Manila API configuration option [DEFAULT]/use_scheduler_creating_share_from_snapshot.

Security Issues

  • Closes a gap where a user can see the export locations for another user’s share if the uuid of the other share is leaked, stolen, or (improbably) guessed.

  • CVE-2020-9543: An issue with share network retrieval has been addressed in the API by scoping unprivileged access to project only. Please see launchpad bug #1861485 for more details.

Bug Fixes

  • The availability zone parameter is now being considered when creating shares from snapshots.

  • Share type extra-specification share_backend_name is now ignored when creating share replicas. This ensures that backends in the same replication domain need not have the same value of share_backend_name. See launchpad bug #1634734 for details.

  • Fixed Launchpad bug 1699836 by preventing share type deletion when there are share group types associated with them.

  • The NetApp ONTAP driver is now fixed to allow extension and shrinking of share replicas after they get promoted.

  • NetApp cDOT driver is now fixed to remove the QoS Policy on the backend volume when a share is migrated from an extra-spec which had QoS defined to another extra-spec which has no QoS defined in it.

  • The NetApp cDOT driver is now fixed to honour the standard extra_specs during migration and manage/unmanage.

  • Fixed an issue with the Dell EMC Unity driver to work with a management IP configured in IPv6 format.

  • Manila PowerMax fix ensuring that hosts that are given access to a share i.e read only, will always precede ‚-0.0.0.0/0.0.0.0‘. Any host after this string will be denied access.

  • Manila VNX fix ensuring that hosts that are given access to a share i.e read only, will always precede ‚-0.0.0.0/0.0.0.0‘. Any host after this string will be denied access.

  • Fixed an issue with Unity driver fails to delete CIFS share if wrong access was set.

  • Fixed unexpected behavior when updating a share network’s neutron_net_id or neutron_subnet_id. Now, Manila does not allow updating a share network that does not contain a default subnet.

  • Fixed an issue in NetApp driver share replica periodic check that erroneously set a replica state to ‚error‘. In this routine, a SnapMirror resync operation was being triggered while the replica data transfering is still in progress, receiving an error from the storage side. The driver now skips resync operation for all in progress SnapMirror relationship status.

  • A new user message has been added in case of share extensions failing asynchronously.

  • Launchpad bug 1853940 has been fixed. When drivers are still initializing or when they fail to initialize, the share service will be reported as being „down“ until the driver has been initialized.

  • Fixed an issue in NetApp driver when shrinking shares to a size smaller than the current used space. Now it will return a more appropriate error status called shrinking_possible_data_loss_error.

  • Fixed Quota exceeded exception for snapshot creation. Consumed gigabytes now reports the snapshot gigabytes instead of share gigabytes usage.

  • Improved share list speed using lazy=‘subquery‘. The sqlalchemy models of Share and Share Instance relationships previously had lazy=‘immediate‘. This resulted in at least three extra queries when we queried for all share details.

  • Some resources will be eagerly loaded from the database to avoid cyclical references and faulty results if their retrieval is deferred.

  • Launchpad bug 1869148 has been fixed. This bug could have affected environments where extension APIs were provided in compiled files rather than source code.

  • Reduces an increase of schedule time for non thin provisioned backends. On those backends, there is no need to calculate provisioned_capacity_gb, as it is not used during the scheduling. This calculation was not scaling properly on big environments as it implies many database queries.

  • Fixed the cleanup for private share types and share group types to include clearing out the database entries recording project specific access rules to these types. See Launchpad bug 1870751 for more details.

  • Dell EMC VNX and PowerMax Drivers: Fixes bug 1871999 to make create_share and create_share_from_snapshot return correct list of export locations.

  • NetApp cDOT driver is now fixed to not create peer relationship between same share servers when handling share replica creation and promotion. This issue was happening when operating in driver_handles_share_servers enabled mode with backends configured with more than one pool. See Launchpad bug 1872243 for more details.

  • Fixed quota issue that made it impossible to create resources when the project had the quotas set to unlimited, and the user had a limited amount of quotas to use. Now, operations in the mentioned quota scenario are working properly. Please see Launchpad bug 1872872 for more details.

  • Updated the scheduler pool attributes provisioned_capacity_gb and allocated_capacity_gb to accommodate shares being created. This helps maintain an approximate tally of these attributes in between back end scheduler updates.

  • NetApp cDOT driver is now fixed to not trigger peer accept operation between share servers that belong to the same cluster, when handling share replica creation and promotion. This issue was happening when operating in driver_handles_share_servers enabled mode with multiple backends configured within the same cluster. See Launchpad bug 1873963 for more details.

  • The Generic driver has been fixed to invoke compute image retrieval by ID rather than list all images and implement a filter. This prevents failures in case there are a lot of images available and the image service returns a paginated response.

  • When attempting to shrink a share to a size smaller than the current used space, the share status will remain as available instead of shrinking_possible_data_loss_error. The user will receive warning message saying that the shrink operation was not completed.