Zed Series Release Notes

21.3.1

バグ修正

  • Bug #1996049: Fixed bug where backup was not set to error on failure when volume did not exist.

  • Infinidat Driver bug #1982350: Fixed Infinidat driver multi-attach feature. Added a check if there are multiple attachments to the volume from the same connector and terminate connection only for the last attachment from the corresponding host.

  • Infinidat Driver bug #1982405: Fixed Infinidat driver to allow generic volume migration between two storage pools within the same cluster.

  • Bug #1945500: The original attempt at fixing this bug did not account for differences in how glance and cinder store image metadata, and as a result some image properties were not filtered out. This new improved fix addresses those differences and makes the filtering more thorough.

21.3.0

既知の問題

  • For security reasons (Bug #2004555) manually deleting an attachment, manually doing the os-terminate_connection os-detach or os-force_detach actions will no longer be allowed unless the request is coming from another OpenStack service on behalf of a user.

アップグレード時の注意

  • Nova must be configured to send service tokens and cinder must be configured to recognize at least one of the roles that the nova service user has been assigned in keystone. By default, cinder will recognize the service role, so if the nova service user is assigned a differently named role in your cloud, you must adjust your cinder configuration file (service_token_roles configuration option in the keystone_authtoken section). If nova and cinder are not configured correctly in this regard, detaching volumes will no longer work (Bug #2004555).

Critical Issues

セキュリティー上の問題

  • As part of the fix for Bug #2004555, cinder now rejects user attachment delete requests for attachments that are being used by nova instances to ensure that no leftover devices are produced on the compute nodes which could be used to access another project's volumes. Terminate connection, detach, and force detach volume actions are not allowed for users.

バグ修正

  • Bug #2004555: Fixed issue where a user manually deleting an attachment, calling terminate connection, detach, or force detach, for a volume that is still used by a nova instance resulted in leftover devices on the compute node. These operations will now fail.

21.2.0

新機能

  • RBD driver: Sets the Ceph cluster FSID as the default value for the rbd_secret_uuid configuration option.

アップグレード時の注意

  • We introduced a new config parameter, reserved_image_namespaces, that allows operators to set the image properties to filter out from volume image metadata by namespace when uploading a volume to Glance. These properties, if not filtered out, cause failures when uploading images back to Glance. The error will happen on Glance side when the reserved namespaces are used. This option is also useful when an operator wants to use the Glance property protections feature to make some image properties read-only.

バグ修正

  • PowerStore driver bug #1962824: Fixed Cinder volume caching mechanism for the driver. Now the driver correctly raises exception.SnapshotLimitReached when maximum snapshots are created for a given volume and the volume cache is invalidated to allow a new row of fast volume clones.

  • Bug #2008017: Fixed NetApp NFS driver to never spawn a native thread avoid thread starvation and other related issues.

  • Bug #1945500: Fixed an error when uploading to Glance a previously downloaded glance image when glance multistore is enabled. Glance reserves image properties in the namespace 'os_glance' for its own use and will not allow images to be created with these properties. Additionally, there are image properties, such as those associated with image signature verification, that are stored in a volume's image metadata, which should not be added to a new image when a volume is being uploaded as an image. Thus Cinder will no longer include any volume image metadata in the namespaces os_glance and img_signature when it creates an image in Glance. Furthermore, because the Glance property protections feature allows an operator to configure specific image properties as read-only, this fix adds a configuration option, reserved_image_namespaces, that allows an operator to exclude additional image properties by namespace (the os_glance and img_signature namespaces are always excluded).

  • Pure Storage FlashArray driver bug #1969784: Fixed array failover incorrectly handles loss of an array due to network issue

  • RBD driver bug #1960206: Fixed total_capacity reported by the driver to the scheduler on Ceph clusters that have renamed the bytes_used field to stored. (e.g., Nautilus).

  • Bug #2008259: Fixed the volume create functionality where non-admin users were able to create multiattach volumes by providing the multiattach parameter in the request body. Now we can only create multiattach volumes using a multiattach volume type, which is also the recommended way.

その他の注意点

  • Removed the ability to create multiattach volumes by specifying multiattach parameter in the request body of a volume create operation. This functionality is unsafe, can lead to data loss, and has been deprecated since the Queens release. The recommended method for creating a multiattach volume is to use a volume type that supports multiattach. By default, volume types can only be created by the operator. Users who have a need for multiattach volumes should contact their operator if a suitable volume type is not available.

21.1.0

アップグレード時の注意

  • This release introduces a new configuration option, vmdk_allowed_types, that specifies the list of VMDK image subformats that Cinder will allow. The default setting allows only the 'streamOptimized' and 'monolithicSparse' subformats, which do not use named extents.

セキュリティー上の問題

  • This release introduces a new configuration option, vmdk_allowed_types, that specifies the list of VMDK image subformats that Cinder will allow in order to prevent exposure of host information by modifying the named extents in a VMDK image. The default setting allows only the 'streamOptimized' and 'monolithicSparse' subformats, which do not use named extents.

  • As part of the fix for Bug #1996188, cinder is now more strict in checking that the disk_format recorded for an image (as revealed by the Image Service API image-show response) matches what cinder detects when it downloads the image. Thus, some requests to create a volume from a source image that had previously succeeded may fail with an ImageUnacceptable error.

バグ修正

  • Bug #1996188: Fixed issue where a VMDK image file whose createType allowed named extents could expose host information. This change introduces a new configuration option, vmdk_allowed_types, that specifies the list of VMDK image subformats that Cinder will allow. The default setting allows only the 'streamOptimized' and 'monolithicSparse' subformats.

21.0.0

新機能

  • Added iSCSI and Fibre Channel volume drivers for DataCore's SANsymphony and Hyper-converged Virtual SAN storage.

  • Added a new configuration option image_conversion_disable to disallow conversion between image disk format and volume format when doing certain operations. This can prevent performance problems on a cinder-volume node due to the large amount of system resources consumed during image conversion. The default value is False, which corresponds to Cinder's current behavior to always attempt image conversion.

    This option affects three Block Storage API calls:

    • Upload volume to image: POST /v3/volumes/{volume_id}/action with the os-volume_upload_image action. This call will result in a 400 (Bad Request) response when an image disk_format that would require conversion is requested.

    • Create a volume: POST /v3/volumes with an imageRef attribute in the request body. This will result in a 202 (Accepted) response, but if the image's disk_format would require conversion to be written to the volume, the volume will go to error status.

    • Reimage a volume: POST /v3/volumes/{volume_id}/action with the os-reimage action. This call will result in a 202 (Accepted) response, but if the image's disk_format would require conversion to be written to the volume, the volume will go to error status.

    In the latter two cases, an end user can determine what happened by using the Messages API, which can be accessed using the cinderclient or openstackclient.

  • Infinidat driver: Added support for revert to snapshot operation.

  • Dell PowerStore: Added NFS storage driver.

  • Yadro Tatlin Unified: Added initial version of the iSCSI driver.

  • The Swift backup driver now supports sending a X-Service-Token header with a service token when the new backup_swift_service_auth config option is enabled. Please note that you still need to configure the [service_user] group and also set send_service_user_token to enable the behavior and not only the Swift backup driver option. Note send_service_user_token enables it globally and will also affect communication with Nova and Glance.

  • Dell EMC PowerStore driver: Report trimming/discard support to Nova and Cinder.

  • Dell EMC PowerMax driver: Report trimming/discard support to Nova and Cinder.

  • Dell EMC PowerFlex driver: Report trimming/discard support to Nova and Cinder on thin volumes that don't have snapshots. Not doing trim on volumes with snapshots is the vendor's recommendation, but can be overriden with the report_discard_supported configuration option.

  • Seagate driver: Added support for get_driver_options api call

  • Lenovo driver: Return additional configuration options from get_driver_options call

  • Hitachi driver: Add a feature Port Scheduler. This feature is enabled when specifying True for the parameter hitachi_port_scheduler. When this feature is enabled and an attach request is received, the active WWNs that are obtained by Fibre Channel Zone Manager will be distributed and registered to the host groups of each port of the storage system. To use this feature, specify True for both parameters hitachi_group_request and hitachi_rest_name_only_discovery. If you specify False or use default value for the hitachi_rest_name_only_discovery, it will take a long time to attach volume, by seeking the host group for all specified ports. This feature is supported on Fibre Channel only.

  • Infinidat driver: Added support to manage and unmanage volumes and snapshots. Also added the functionality to list the manageable volumes and snapshots.

  • os-brick file lock location can be specified independently of the Cinder service lock location using lock_path in the [os_brick] configuration section. Useful for HCI deployments and when running Cinder and Glance with Cinder backend on the same host.

  • NetApp NFS driver: add an alternative approach to perform the efficient clone image when the Glance source store and Cinder destination pool are not in the same FlexVol, but they are in the same Cluster. Previously, the driver required the copy offload tool for doing it efficiently, which is no longer available. Now, the operators can maintain their efficient clone image by relying on the storage file copy operation.

  • NetApp drivers: NFS, iSCSI and FCP drivers have now the option to request ONTAP operations through REST API. The new option netapp_use_legacy_client switches between the old ZAPI client approach and new REST client. It is default to True, meaning that the drivers will keep working as before using ZAPI operations. If desired, this option can be set to False interacting with the storage using the new REST client. However, this new client still relies on ZAPI calls for consistency group snapshot operation.

    The drivers can only be configured with REST client when using ONTAP storage 9.11.1 or newer.

    NOTE: Enabling ONTAP REST client changes the behavior of QoS specs. Earlier, QoS values could be represented in BPS (bytes per second), but now REST client only supports integer values represented in MBPS (Megabytes per second). It means that though the user specifies the value in BPS, it will be converted to MBPS and rounded up.

  • Dell PowerStore driver: Added NVMe-TCP support.

  • Pure Storage adds a new driver to support NVMe-RoCE for the FlashArray. All features of the iSCSI and FC drivers are fully supported by this new driver.

  • RBD driver: Added QoS support.

  • Starting with API microversion 3.70, encrypted volumes can be transferred to a user in a different project. Prior to microversion 3.70, the transfer is blocked due to the inability to transfer ownership of the volume's encryption key. With microverson 3.70, ownership of the encryption key is transferred when the volume is transferred.

    When transferring an encrypted volume, its snapshots must also be transferred. Attempts to transfer an encrypted volume without transferring its snapshots are disallowed.

アップグレード時の注意

  • Support for MySQL 5.5 has been dropped.

  • Python 3.6 & 3.7 support has been dropped. The minimum version of Python now supported is Python 3.8.

  • The storage_protocol treats all variants of the protocol name as the same regarding matches, so for example using FC, fc, or fibre_channel will be treated equally in the scheduler, be it when filtering using the volume type's extra specs or when using filter and goodness functions.

    The storage protocol reporting via the REST API will be now the same for them all, using the preferred naming, FC, NVMe-oF, iSCSI, NFS...

    If your deployment uses storage_protocol to differentiate between backends that use the same protocol but report it using different variants, be aware that they will no longer be differentiated.

  • On HCI deployments and when running Cinder and Glance with Cinder backend on the same host an os-brick shared location can be configured using the lock_path in the [os_brick] configuration section.

廃止予定の機能

  • Deprecate NetApp NFS option netapp_copyoffload_tool_path. The tool is no longer available for downloading.

バグ修正

  • Bug #1980268: When creating a volume from an image, a check has been added to compare the requested volume size to the image's virtual_size property and fail the request if the volume will be too small to contain the image. If the image record does not contain this property, the request is accepted but the volume will go to error status if the image does not fit (which is the current behavior).

  • Fixed a CHAP authentication issue while trying to attach an iSCSI volume using the NetApp ONTAP driver. Please refer to the Launchpad bug #1914639 for more details.

  • Bug #1929223: Fixed HTTPS certificate validation was disabled in PowerFlex connector.

  • PowerMax driver bug #1936848: Fixed Generic Volume Group error where the name has been changed in OpenStack and is not reflected on the corresponding storage group on the PowerMax.

  • RBD driver bug #1942210: When creating a volume from a snapshot, the operation could fail due to an uncaught exception being raised during a check to see if the backend Ceph installation supported the clone v2 API. The driver now handles this situation gracefully.

  • Bug #1944577: Managing a volume to an encrypted type was never a good idea because there was no way to specify an encryption key ID so that the volume could be used. Requests to manage a volume to an encrypted volume type now result in an invalid request response.

  • IBM DS8000 Driver Bug #1951046: Fixed detach issue for multi-attach volumes. Detach the volume without deleting the host until attachment count is zero.

  • NetApp ONTAP driver bug #1955057: Fixed the function get_ontap_version on Cinder NetApp driver, now it returns a tuple of integers instead of a string.

  • RBD Driver bug #1957073: Fixed snapshot deletion failure when its volume doesn't exist.

  • IBM Spectrum Virtualize family driver Bug #1960314: Fixed resize issue for GMCV volumes which are a part of a consistency group(CG).

  • IBM Spectrum Virtualize family driver Bug #1960315: Fixed delete and resize volume issues in during reverse replication and added support to extend the volume for failover scenarios.

  • IBM Spectrum Virtualize Family driver: Bug #1961548: Optimize lsvdisk and lssystem calls to reduce the computational time for creating GMCV volumes.

  • Bug #1965847: Fixed issue where importing a backup record for a backup_id that currently existed had the unfortunate side effect of deleting the existing backup record.

  • IBM Spectrum Virtualize family driver Bug #1966639: Fixed resize issue in reverse replication for the volumes which are a part of a consistency group(CG).

  • IBM Spectrum Virtualize Family driver: Bug #1968159: Fix for retype failure for replicated volume-type. Controlling chfcmap call for rc_controlled fcmap for replication-type volumes during retype operation.

  • Bug #1968170: Fixed the message created when nova fails to reimage the volume.

  • Bug #1970768: Fixed status of temporary volumes when creating backups and reverting to a snapshot, preventing accidental manual deletion of those resources.

  • IBM Spectrum Virtualize Family driver: Bug #1976499: Setting correct SVC Code level for lsfcportsetmember call.

  • Bug #1978729: Fixed context.message_action is None on errors by backup drivers. The message_* properties of the context were not passed during rpc, which caused a double exception when a backup driver raised an exception, masking the actual backup driver exception.

  • Infinidat Driver bug #1981354: Fixed Infinidat driver to return all configured and enabled iSCSI portals for a given network space.

  • Infinidat Driver bug #1981982: Fixed Infinidat driver to use TLS/SSL communication between the Cinder volume service and the storage backend. Admin can set True or False for the driver_use_ssl and suppress_requests_ssl_warnings options in the driver section of cinder.conf to enable or disable these features.

  • IBM Spectrum Virtualize Family driver: Bug #1982078: Fixed the default portset value during driver initialization.

  • RBD driver bug #1916843: Fixed rpc timeout when backing up RBD snapshot. We no longer flatten temporary volumes and snapshots.

  • Bug #1979666: PowerMax driver : Fixed rare case where the SRP in the local and remote arrays are different when managing volumes into OpenStack. For backward compatibility and name matching, the default storage group will assume the SRP name of the local array on both arrays.

  • Bug #1969366: Fixed reporting of cacheable capability by drivers.

  • Fix NetApp iSCSI and FC driver issues with custom initiator groups. (bug 1697490).

  • NFS driver bug #1946059: Fixed revert to snapshot operation.

  • PowerFlex driver bug #1942095: Fixed Cinder volume caching mechanism for the driver. Now the driver correctly raises exception.SnapshotLimitReached when maximum snapshots are created for a given volume and a volume cache is invalidated to allow a new row of fast volume clones.

  • Bug #1966103: Fixed inconsistent behavior of storage_protocol among different backends that report variants of the protocol name, such as FC, fc, fibre_channel.

  • Bug #1901188: Fix unnecessary migration on retype when QoS has the same elements in both types.

  • Hitachi driver bug #1989176: Fixed Hitachi driver to output a message for resource lock correctly.

  • HPE 3PAR driver Bug #1819903: Fixed: umanaged volumes & snapshots missing from cinder manageable-list.

  • HPE 3PAR driver Bug #1958122: Fixed issue of multi-detach operation in multi host environment.

  • NetApp ONTAP bug #1958245: In an ONTAP flexgroup replication environment, snapmirror creation would succeed but a driver bug caused an error message to be logged for the cinder-volume service. The issue has been corrected in this release.

  • NetApp ONTAP: Fix check QoS minimum support for SVM scoped account. See: Bug #1924798.

  • NetApp SolidFire driver Bug #1934435: Fixed errors that might occur when an operation is made to a volume at the same time as the Element OS upgrades.

  • NetApp SolidFire driver bug #1934459: Fixed backend initialization failing with RecursionError error when OSProfiler is enabled.

  • PowerStore driver bug #1981068: Fixed request data validation for the REST client.

  • Bug #1951982: Fixed cloning of encrypted volumes not using multipathing to change the encryption key used on the new volume.

  • Bug #1951977: Fixed backup create and restore not using multipath configuration when attaching the volume.

  • Kaminario driver bug #1951981: Fixed create volume from volume or snapshot not using multipath configuration.

その他の注意点