2023.2 Series Release Notes



  • Images in the qcow2 format with an external data file are now rejected with an ImageUnacceptable error because such images could be used in an exploit to expose host information. Given that qcow2 external data files were never supported by Cinder, this change should have no impact on users. See Bug #2059809 for details.


  • Bug #2008017: Hide value of the [coordination] backend_url option from logs because it can contain credential.

  • Bug #2059809: Fixed issue where a qcow2 format image with an external data file could expose host information. Such an image is now rejected with an ImageUnacceptable error if it is used to create a volume. Given that qcow2 external data files were never supported by Cinder, the only use for such an image previously was to attempt to steal host information, and hence this change should have no impact on users.

  • Dell PowerMax driver bug #2051828: The driver only recognized 10.0 as being Unisphere 10 and would try to use 9.2 for Unisphere 10.x (where x > 0), but now it correctly recognizes 10.x as being Unisphere 10.

  • Bug #1988942: Increased size of volume image metadata values accepted by the Block Storage API. Volume image metadata values were limited to 255 characters but Glance allows up to 65535 bytes. This change does not affect the database tables which already allow up to 65535 bytes for image metadata values.



  • Bug #2045431: Fixed a data leak scenario where we preserve sparseness when reimaging the volume.

    We currently do a sparse copy when writing an image on the volume. This could be a potential data leak scenario where the zero blocks of the new image are not written on the existing volume and the data from the old image still exists on the volume. We fix the scenario by not doing sparse copy when reimaging the volume.

  • HPE 3PAR driver Bug #2045411: Added support for ipv6 address in the 3PAR iSCSI driver.



  • Yadro Tatlin Unified: Added initial version of the FC driver.

  • Fujitsu ETERNUS DX driver: Added support for QoS

    What QoS settings are available depends upon the storage firmware version of the ETERNUS AF/DX.

    • When the storage firmware version is less than V11L30-0000, only the upper limit of bandwidth(BWS) can be set using:

      • maxBWS

      Note that when the firmware version of the ETERNUS AF/DX is earlier than V11L30, upper limits for the volume QoS settings of the ETERNUS AF/DX are set using predefined options. This means that you should set the upper limit of the ETERNUS AF/DX side to a maximum value that does not exceed the specified maxBWS.

    • When the storage firmware version is greater than V11L30-0000, the IOPS/Throughput of Total/Read/Write for the volume can be set separately using:

      • read_bytes_sec

      • write_bytes_sec

      • total_bytes_sec

      • read_iops_sec

      • write_iops_sec

      • total_iops_sec

      See the Fujitsu ETERNUS DX driver documentation for details.

  • NetApp ONTAP NFS driver: Enabled support for Active/Active environments in the NetApp NFS driver (including replication).

  • [Pure Storage] Corrected support status to True for generic group consistency snapshot support and added support for replication-enabled consistency groups.

  • Pure Storage FlashArray driver: Added support NVMe-TCP transport layer.

  • New ISCSI cinder volume driver for TOYOU NetStor TYDS Storage.


  • For security reasons (Bug #2004555) manually deleting an attachment, manually doing the os-terminate_connection, os-detach or os-force_detach actions will no longer be allowed in most cases unless the request is coming from another OpenStack service on behalf of a user.


  • Nova must be configured to send service tokens and cinder must be configured to recognize at least one of the roles that the nova service user has been assigned in keystone. By default, cinder will recognize the service role, so if the nova service user is assigned a differently named role in your cloud, you must adjust your cinder configuration file (service_token_roles configuration option in the keystone_authtoken section). If nova and cinder are not configured correctly in this regard, detaching volumes will no longer work (Bug #2004555).

  • The legacy sqlalchemy-migrate migrations, which have been deprecated since Xena, have been removed. There should be no end-user impact.

Critical Issues


  • As part of the fix for Bug #2004555, cinder now rejects user attachment delete requests for attachments that are being used by nova instances to ensure that no leftover devices are produced on the compute nodes which could be used to access another project's volumes. Terminate connection, detach, and force detach volume actions (calls that are not usually made by users directly) are, in most cases, not allowed for users.


  • Bug #2007615: the restore operation of the Cinder backup service now restores into sparse volumes, if possible. So, operators no longer need more space than used previously when they restore from a disaster.

  • Bug #2025277: Fixed a regression in the fix for Cinder backup restoring into sparse volumes, where OpenStack's integrated CLI triggered a traceback. The deprecated project-specific legacy CLI of Cinder continued to work.

  • Ceph backup driver Bug #1895035: Fixed restore full backups to non RBD volumes.

  • Bug #1912624: Corrected regression introduced by the refactoring of the backup service in the ussuri release, which prevented the creation of a volume backup in a different availability zone.

  • IBM Spectrum Virtualize Family driver: Bug #1976400: Optimize svcinfo CLI calls to reduce the computational time for rc-relationship related operations.

  • Dell PowerMax Driver Bug #1981420: Fixed issue faced while creating synchronous volume which was caused by incorrect handling of the force flag. This is corrected by checking volume type extra specs for the value of "force_vol_edit" parameter along with the "force" parameter.

  • HPE 3PAR driver bug #2008931: Fixed issue when performing migrate volume operation when comment attribute is missing from the volume.

  • NetApp ONTAP driver bug #2028857: Fixed errors that were occuring in the replica failover operation when using ONTAP REST API.

  • Bug #1945500: The original attempt at fixing this bug did not account for differences in how glance and cinder store image metadata, and as a result some image properties were not filtered out. This new improved fix addresses those differences and makes the filtering more thorough.

  • Dell PowerFlex driver bug #1998136: When using self signed certificates, the option sent to os-brick via the connection_properties was not correctly handled. It has now been fixed by adding the 'verify_certificate' and 'certificate_path' to the driver when initializing the connection.

  • HPE 3PAR driver Bug #2015746: Fixed: minor code changes to work with new wsapi.

  • HPE 3PAR driver Bug #1994521: Fixed: While performing a delete snapshot (s1) operation, the volumes (v2) dependent on the snapshot (s1) are converted to base volumes. This operation fails if these dependent volumes (v2) have their own dependent snapshots (s2). The errors during the failure were vague and not helpful. With this release, we added conditions to fail this operation early and also added useful error message.

  • HPE 3PAR driver Bug #2023253: Fixed: Handle error during retype of volume without comment

  • HPE 3PAR driver bug #2018994: Fixed: use small QoS Latency value (less than 1)

  • HPE 3PAR driver Bug #2015034: Added handling for VLAN iscsi IPs in the 3PAR iSCSI driver.

  • NetApp ONTAP driver Bug #1927784: Fixed the replication setup with FlexVol pools.

  • Pure iSCSI & FC driver bug #2006960: Fixed attaching LUNs greater than 255. Driver leverages new os-brick functionality to specify LUN addressing mode.

  • [Pure Storage] bug #2028380: Fixed issue with cinder replication failover failing due to incorrect REST call.

  • Pure Storage Cinder Driver: Fixed bug 2029005 to correctly disconnect a sync replicated volume from host on the secondary array when uniform option is set to True.

  • Bug #1997980: RBD: Fixed failure to update rbd image features for multi-attach when features = 0.

  • Bug #2004555: Fixed issue where a user manually deleting an attachment, calling terminate connection, detach, or force detach, for a volume that is still used by a nova instance resulted in leftover devices on the compute node. These operations will now fail when it is believed to be a problem.

  • Bug #2008259: Fixed the volume create functionality where non-admin users were able to create multiattach volumes by providing the multiattach parameter in the request body. Now we can only create multiattach volumes using a multiattach volume type, which is also the recommended way.


  • Nimble driver: Enable thin provisioning as default method while creating volumes.

  • Removed the ability to create multiattach volumes by specifying multiattach parameter in the request body of a volume create operation. This functionality is unsafe, can lead to data loss, and has been deprecated since the Queens release. The recommended method for creating a multiattach volume is to use a volume type that supports multiattach. By default, volume types can only be created by the operator. Users who have a need for multiattach volumes should contact their operator if a suitable volume type is not available.