Stein Series Release Notes

14.3.1-9

Upgrade Notes

  • This release contains a fix for Bug #1908315, which changes the default value of the policy governing the Block Storage API action Reset group snapshot status to make the action administrator-only. This policy was inadvertently changed to be admin-or-owner during the Queens development cycle.

    The policy is named group:reset_group_snapshot_status.

    • If you have a custom value for this policy in your cinder policy configuration file, this change to the default value will not affect you.

    • If you have been aware of this regression and like the current (incorrect) behavior, you may add the following line to your cinder policy configuration file to restore that behavior:

      "group:reset_group_snapshot_status": "rule:admin_or_owner"
      

      This setting is not recommended by the Cinder project team, as it may allow end users to put a group snapshot into an invalid status with indeterminate consequences.

    For more information about the cinder policy configuration file, see the policy.yaml section of the Cinder Configuration Guide.

Bug Fixes

  • NetApp SolidFire driver: Fixed an issue that causes failback to fail after a volume service restart. This change fixes bug 1859653.

  • RBD driver bug #1901241: Fixed an issue where decreasing the rbd_max_clone_depth configuration option would prevent volumes that had already exceeded that depth from being cloned.

  • Bug #1908315: Corrected the default checkstring for the group:reset_group_snapshot_status policy to make it admin-only. This policy governs the Block Storage API action Reset group snapshot status, which by default is supposed to be an adminstrator-only action.

14.3.1

New Features

  • This PowerMax driver moves the legacy shared volume from the masking view structure in Ocata and prior releases (when SMI-S was supported) to staging masking view(s) in Pike and later releases (U4P REST). In Ocata, the live migration process shared the storage group, containing the volume, among the different compute nodes. In Pike, we changed the masking view structure to facilitate a cleaner live migration process where only the intended volume is migrated without exposing other volumes in the storage group. The staging storage group and masking views facilitate a seamless live migration operation in upgraded releases.

Bug Fixes

  • Fix bug #1874134, allowing an iSCSI or FCP volume to be extended to a size up to 16TB regardless of its original size, even if it’s attached to an instance.

  • The SolidFire replication was fixed. Several bugs were addressed (creating replicated volumes from snapshots, from volumes, retype a volume to a replicated type, managing a volume to a replicated type, correctly updating portal info on failover/failback and some minor other fixes). Closes bugs #1834013, #1751932.

  • Fix revert to snapshot not working for non admin users when using the snapshot’s name (bug #1889758).

14.3.0

Upgrade Notes

  • This release updates the os-brick library used by Cinder to version 2.8.7 to correct hopefully the final problem with the fix for Bug #1823200 in the previous os-brick release.

    See the os-brick 2.8.7 release notes for more information.

Bug Fixes

  • Now cinder will be rollback the quota_usages table when failed to create an incremental backup if there doesn’t exist a parent backup or the backup is not in available state.

  • Cinder no longer allows an incremental backup to be created while having the parent backup in another project.

  • Bug #1875570: Fixed issue with NFS backend where the image-volume cache was never used to create a volume, even when the cache was enabled.

  • Bug #1873738: RBD Driver: Added cleanup for residue destination file if the copy image to encrypted volume operation fails.

14.2.1

Bug Fixes

  • Solidfire fix extend volume with qos-Scaling to honor the increased size with increased iops on the extended volume.

  • Fix HPE 3PAR driver issue where volumes that were live migrated to it would end up being inaccessible. We would no longer be able to use the volume for any operation, such as attach, detach, delete, snapshot, etc. (bug 1697422)

  • Fix the HPE 3PAR driver’s attempt to rename the backend volume after it was migrated. If the original volume resides on the same 3PAR backend then the pre and post migration volume names are swapped. Otherwise, the newly migrated volume is renamed to match the original name. (bug 1858119)

14.2.0

Upgrade Notes

  • This release updates the os-brick library used by Cinder to version 2.8.6 to correct a problem with the fix for Bug #1823200 in the previous os-brick release. It does not contain any Cinder code changes.

    See the os-brick 2.8.6 release notes for more information.

14.1.0

Upgrade Notes

  • The fix for Bug #1823200 requires os-brick >= 2.8.5 but < 2.9.0.

  • Two new checks are added to the cinder-status upgrade check CLI to ensure that online data migrations from Queens onward have been completed.

Security Issues

  • Due to OSSN-0085: Cinder configuration option can leak secret key from Ceph backend, deployers using the rbd_keyring_conf option are advised to stop using it immediately. The option has been deprecated for removal as of Ussuri and will be removed in the Victoria development cycle.

Bug Fixes

  • Bug #1823200: This release contains an updated Dell EMC VxFlex OS driver. It must be used with os-brick >= 2.8.5 but < 2.9.0. and requires that a new configuration file be deployed on compute nodes, cinder nodes, and anywhere you would perform a volume attachment in your deployment. See the Dell EMC VxFlex OS (ScaleIO) Storage driver documentation for details about the configuration file, and see OSSN-0086 for more information about the security vulnerability.

  • PowerMax Driver - Issue with upgrades from pre Pike to Pike and later. The device is not found when trying to snapshot a legacy volume.

14.0.4

Bug Fixes

  • PowerMax driver - fix to eliminate ‘cannot use the device for the function because it is in a Copy Session’ when attempting to delete a volume group that previously had a group snapshot created on and deleted from it.

  • Fixed issue where all Ceph RBD backups would be incremental after the first one. The driver now honors whether --incremental is specified or not.

14.0.3

Bug Fixes

  • Dell EMC VNX Cinder Driver: Fixes bug 1794646 to delete the LUN from the VNX storage. Because a temporary snapshot is created from the LUN during creating a volume from a snapshot and isn’t deleted, the LUN cannot be deleted before its snapshot is deleted. The fix makes sure the temp snapshot is deleted.

14.0.2

New Features

  • Support for multiattach has been enabled for HPE MSA Storage since the 14.0.0 release, but no release note was included to announce this change.

Bug Fixes

  • Fix python 3 incompatibility issues preventing NetApp cDOT driver from generating EMS logging messages (Bug #1833115).

  • Fixes a bug that prevented distributed file system drivers from creating snapshots during volume clone operations (NFS, WindowsSMBFS, VZstorage and Quobyte drivers). Fixing this allows creating snapshot based backups.

  • Fix DetachedInstanceError is not bound to a Session for VolumeAttachments. This affected VolumeList.get_all, and could make a service fail on startup and make it stay in down state.

  • Bug 1809249 - 3PAR driver adds the config option hpe3par_target_nsp that can be set to the 3PAR backend to use when multipath is not enabled and the Fibre Channel Zone Manager is not used.

  • LVM iSCSI driver fix for IPv6 addresses for the different targets, IET, LIO, TGT, CXT, and SCST.

  • Dell EMC SC Driver: Fixes bug 1822229 to handle the volume mappings in the backend when a volume is attached to multiple instances on the same host.

14.0.1

Upgrade Notes

  • A new check is added to the cinder-status upgrade check CLI to check for the use of backup driver module path instead of full driver class path in the backup_driver configuration setting.

  • A warning has been added to the cinder-status upgrade check CLI if a policy.json file is present. Documentation has been updated to correct the file as policy.yaml if any policies need to be changed from their defaults.

  • A new check is added to the cinder-status upgrade check CLI to check for the configuration of CoprHD, HGST or ITRI DISCO drivers. These drivers were removed in the Stein release and should not be configured at the time of upgrade.

  • A new check is added to the cinder-status upgrade check CLI to check for the use of cinder.volume.drivers.windows.windows.WindowsDriver and a message is reported that the user needs to update the setting to cinder.volume.drivers.windows.iscsi.WindowsISCSIDriver if it is encountered.

Bug Fixes

  • Kaminario FC and iSCSI drivers: Fixed bug 1829398 where force detach would fail.

  • NetApp iSCSI drivers no longer use the discovery mechanism for multipathing and they always return all target/portals when attaching a volume. Thanks to this, volumes will be successfully attached even if the target/portal selected as primary is down, this will be the case for both, multipath and single path connections.

14.0.0

New Features

  • Added an excluded_domain_ips option to the Dell EMC SC driver. This is identical to the excluded_domain_ip option only comma separated rather than multiple entry. This is concatenated with the excluded_domain_ip option.

  • Added project_id attribute to response body of list groups with detail, list group snapshots with detail, show group detail and show group snapshot detail APIs since microversion “3.58”.

  • Added transfer pagination support since microversion 3.59.

  • Add user_id attribute to response body of list backup with detail and show backup detail APIs.

  • NetApp SolidFire driver now supports optimized revert to snapshot operations.

  • New Cinder volume driver for LINBIT LINSTOR resources.

  • Added a new config reinit_driver_count in volume driver, which indicates the maximum retry limit for driver re-initialization when it fails to initialize a volume driver. Its default value is 3. The interval of retry is exponentially backoff, and will be 1s, 2s, 4s etc.

  • Added backend driver for Hedvig iSCSI storage.

  • Expanded volume transfer information. Starting with microversion 3.57, source_project_id, destination_project_id, and accepted fields will be returned in the response of the volume transfer create, show, and list calls.

  • New Cinder volume driver for Inspur AS13000 series.

  • Support for retype and volume migration for HPE Nimble Storage driver.

  • PowerMax for Cinder driver now supports storage-assisted in-use retype for volumes including those in replication sessions.

  • Pure Storage FlashArray driver has added configuration options pure_replication_pg_name and pure_replication_pod_name for setting the names for replication PGs and Pods.

  • Added a new option quobyte_overlay_volumes for the Quobyte volume driver. This option activates internal snapshots who allow to create volumes from snapshots as overlay files based on the volume from snapshot cache. This significantly speeds up the creation of volumes from large snapshots.

  • Added support for QTS fw 4.4.0 to QNAP Cinder driver.

  • QNAP Cinder driver supports QES FW on TDS series NAS.

  • RBD driver has added multiattach support. It should be noted that replication and multiattach are mutually exclusive, so a single RBD volume can only be configured to support one of these features at a time. Additionally, RBD image features are not preserved which prevents a volume being retyped from multiattach to another type. This limitation is temporary and will be addressed soon.

  • A new target, spdk-nvmeof, is added for the SPDK driver over RDMA. It allows cinder to use SPDK target in order to create/delete subsystems on attaching/detaching an SPDK volume to/from an instance.

  • A new volume driver, SPDK, is added for Storage Performance Development Kit NVMe-oF target handling, that allows Cinder to manage volumes in SPDK NVMe-oF driver.

  • Add support for deferred deletion in the RBD volume driver.

  • Dell EMC Unity Driver: Added storage-assisted migration support.

  • [Community Goal] Support has been added for developers to write pre-upgrade checks. Operators can run these checks using cinder-status upgrade check. This allows operators to be more confident when upgrading their deployments by having a tool that automates programmable checks against the deployment configuration or dataset.

  • Dell EMC VMAX driver has added support for failover to second instance of Unisphere.

  • Added support for changing storage policy of backend volumes created by VMwareVStorageObjectDriver using retype API.

  • vSphere 6.7 added support for vStorageObject snapshots. The VMwareVStorageObjectDriver is updated to use VStorageObject snapshots for volume snapshots.

  • Added vSphere storage policy support in VMwareVStorageObjectDriver. The storage policies that must be associated with the volumes can be specified using volume type extra-spec key ‘vmware:storage_profile’ similar to VMware VMDK driver. The vSphere version must be 6.7 or above to use this feature.

  • VMware VMDK driver now supports a config option vmware_storage_profile to specify a list with names of storage profiles to be monitored for capacity.

  • Oracle ZFSSA iSCSI volume driver implements get_manageable_volumes()

Upgrade Notes

  • The Dell EMC SC configuration option excluded_domain_ip has been deprecated and will be removed in a future release. Deployments should now migrate to the option excluded_domain_ips for equivalent functionality.

  • The ability to specify a backup driver by module name was deprecated in the Queens release and the ability has now been removed. Any configuration in cinder.conf still using the module path should be updated to include the full class name. For example, cinder.backup.drivers.swift should be updated to cinder.backup.drivers.swift.SwiftBackupDriver.

  • Beginning with Cinder version 12.0.0, as part of the Queens release “policies in code” community effort, Cinder has had the ability to run without a policy file because sensible default values are specified in the code. Customizing the policies in effect at your site, however, still requires a policy file. The default location of this file has been /etc/cinder/policy.json (although the documentation has indicated otherwise). With this release, the default location of this file is changed to /etc/cinder/policy.yaml.

    Some points to keep in mind:

    • The policy file to be used may be specified in the /etc/cinder/cinder.conf file in the [oslo_policy] section as the value of the policy_file configuration option. That way there’s no question what file is being used.

    • To find out what policies are available and what their default values are, you can generate a sample policy file. To do this, you must have a local copy of the Cinder source code repository. From the top level directory, run the command:

      tox -e genpolicy
      

      This will generate a file named policy.yaml in the etc/cinder directory of your checked-out Cinder repository.

    • The sample file is YAML (because unlike JSON, YAML allows comments). If you prefer, you may use a JSON policy file.

    • Beginning with Cinder 12.0.0, you only need to specify policies in your policy file that you want to differ from the default values. Unspecified policies will use the default values defined in the code. Given that a default value must be specified in the code when a new policy is introduced, the default policy, which was formerly used as a catch-all for policy targets that were not defined elsewhere in the policy file, has no effect. We mention this because an old upgrade strategy was to use the policy file from the previous release with "default": "role:admin" (or "default": "!") so that newly introduced actions would be blocked from end users until the operator had time to assess the implications of exposing these actions. This strategy no longer works. Hopefully this isn’t a problem because we’re defining sensible defaults in the code. It would be a good idea, however, to generate the sample policy file with each release (see instructions above) to verify this for yourself.

  • The cinder-manage db online_data_migrations command now returns exit status 2 in the case where some migrations failed (raised exceptions) and no others were completed successfully from the last batch attempted. This should be considered a fatal condition that requires intervention. Exit status 1 will be returned in the case where the --max-count option was used and some migrations failed but others succeeded (updated at least one row), because more work may remain for the non-failing migrations, and their completion may be a dependency for the failing ones. The command should be reiterated while it returns exit status 1, and considered completed successfully only when it returns exit status 0.

  • With removal of the CoprHD Volume Driver any volumes being used by Cinder within a CoprHD backend should be migrated to a supported storage backend before upgrade.

  • The Cinder database can now only be upgraded with changes since the Ocata release. In order to upgrade from a version prior to that, you must now upgrade to at least Ocata first.

  • The Fujitsu DX driver names have been updated to distinguish them from other Fujitsu storage. The module path cinder.volume.drivers.fujitsu should now be updated to cinder.volume.drivers.fujitsu.eternus_dx in cinder.conf. Support for the previous driver naming will continue to work, but will be removed in a future release.

  • HPE LeftHand config options hplefthand_api_url, hplefthand_username, hplefthand_password, hplefthand_clustername, hplefthand_iscsi_chap_enabled, and hplefthand_debug were deprecated in the Mitaka release and have now been removed. The corresponding hpelefthand_api_url, hpelefthand_username, hpelefthand_password, hpelefthand_clustername, hpelefthand_iscsi_chap_enabled, and hpelefthand_debug should be used instead.

  • The ITRI DISCO storage driver has been removed after completion of its deprecation period without a reliable 3rd Party CI system being supported. Customers using the ITRI DISCO driver should not upgrade Cinder without first migrating all volumes from their DISCO backend to a supported storage backend. Failure to migrate volumes will result in no longer being able to access volumes back by the ITRI DISCO storage backend.

  • The Nexenta Edge driver has been marked as unsupported and is now deprecated. enable_unsupported_driver will need to be set to True in the driver’s section in cinder.conf to continue to use it.

  • The Tintri driver has been marked as unsupported and is now deprecated. enable_unsupported_driver will need to be set to True in the driver’s section in cinder.conf to continue to use it.

  • The Veritas HyperScale driver has been marked as unsupported and is now deprecated. enable_unsupported_driver will need to be set to True in the driver’s section in cinder.conf to continue to use it.

  • In order to simplify initial setup for new installations the default behaviour of the Quobyte driver for the options nas_secure_file_operations and nas_secure_file_permissions has changed. The ‘auto’ values are no longer mapped to true but to false. Therefore the old default behaviour to run with secure settings is changed to run without secure settings as the new default behaviour. Installations using the default values for these options should ensure to explicitly set them to true with this new Cinder Quobyte driver version.

  • The IBM FlashSystem configuration options flashsystem_multipath_enabled was deprecated in the Mitaka release. It had no effect, so it can be safely removed and does not have a new equivalent config option.

  • The HGST Flash Suite storage driver has been removed after completion of its deprecation period without a reliable 3rd Party CI system being supported. Customers using the HGST Flash Suite driver should not upgrade Cinder without first migrating all volumes from their HGST backend to a supported storage backend. Failure to migrate volumes will result in no longer being able to access volumes backed by the HGST storage backend.

  • The config options iscsi_ip_address, iscsi_port, target_helper, iscsi_target_prefix and iscsi_protocol were deprecated in the Queens release and have now been removed. Deployments should now used the more general target_ip_address, target_port, target_helper, target_prefix and target_protocol options.

  • Deprecated config option query_volume_filters is removed now. Please, use config file described in resource_query_filters_file to configure allowed volume filters.

  • The WindowsDriver was renamed in the Queens release to WindowsISCSIDriver to avoid confusion with the SMB driver. The backwards compatibility for this has now been removed, so any cinder.conf settings still using cinder.volume.drivers.windows.windows.WindowsDriver must now be updated to use cinder.volume.drivers.windows.iscsi.WindowsISCSIDriver.

  • Support for NetApp E-Series has been removed. The NetApp Unified driver can now only be used with NetApp Clustered Data ONTAP.

  • Dell EMC VMAX has been rebranded to PowerMax. The drivers cinder.volume.drivers.dell_emc.vmax.iscsi.VMAXISCSIDriver and cinder.volume.drivers.dell_emc.vmax.fc.VMAXFCDriver will now be updated to cinder.volume.drivers.dell_emc.powermax. iscsi.PowerMaxISCSIDriver and cinder.volume.drivers.dell_emc. powermax.fc.PowerMaxFCDriver respectively in cinder.conf. Driver configuration options that start with vmax should also be updated to powermax. Existing vmax configuration options will continue to work but will be removed in the Train release. Online documentation will also change to reflect these changes.

  • Add granularity to the volume_extension:volume_type_encryption policy with the addition of distinct actions for create, get, update, and delete:

    • volume_extension:volume_type_encryption:create

    • volume_extension:volume_type_encryption:get

    • volume_extension:volume_type_encryption:update

    • volume_extension:volume_type_encryption:delete

    To address backwards compatibility, the new rules added to the volume_type.py policy file, default to the existing rule, volume_extension:volume_type_encryption, if it is set to a non-default value.

  • Volume Manager now uses the configuration option init_host_max_objects retrieval to set max number of volumes and snapshots to be retrieved per batch during volume manager host initialization. Query results will be obtained in batches from the database and not in one shot to avoid extreme memory usage. Default value is 0 and disables this functionality.

Deprecation Notes

  • The Dell EMC SC configuration option excluded_domain_ip has been deprecated and will be removed in a future release. Deployments should now migrate to the option excluded_domain_ips for equivalent functionality.

  • The Dell EMC PS Series volume driver which supports Dell PS Series (EqualLogic) Storage is moving to maintenance mode in S Release and will be removed in T Release.

  • The LINBIT DRBDManage volume driver is moving to maintenance mode in Stein Release and will be removed in T Release.

  • The FusionStorage driver has deprecated the configuration options “dsware_isthin”, “dsware_manager”, “fusionstorageagent”, “clone_volume_timeout”, “pool_type”, and “pool_id_filter”. These configuration options will be removed in the Train release(14.0.0).

  • The Nexenta Edge driver has been marked as unsupported and is now deprecated. enable_unsupported_driver will need to be set to True in the driver’s section in cinder.conf to continue to use it. If its support status does not change, it will be removed in the ‘T’ development cycle.

  • The Tintri driver has been marked as unsupported and is now deprecated. enable_unsupported_driver will need to be set to True in the driver’s section in cinder.conf to continue to use it. If its support status does not change, it will be removed in the ‘T’ development cycle.

  • The Veritas HyperScale driver has been marked as unsupported and is now deprecated. enable_unsupported_driver will need to be set to True in the driver’s section in cinder.conf to continue to use it. If its support status does not change, it will be removed in the ‘T’ development cycle.

Security Issues

  • Removed the ability to create volumes in a ScaleIO Storage Pool that has zero-padding disabled. A new configuration option had been added to override this new behavior and allow volume creation, but should not be enabled if multiple tenants will utilize volumes from a shared Storage Pool.

Bug Fixes

  • Dell EMC Scale IO Driver: Fixes bug 1560649 <https://bugs.launchpad.net/cinder/+bug/1560649> for creating volumes with sizes greater than that of the original snapshot.

  • Fixed group availability zone-backend host mismatch [Bug 1773446].

  • Now cinder will keep track of ‘multiattach’ attribute when managing backend volumes.

  • PowerMax driver - Workload support was dropped in ucode 5978. If a VMAX All Flash array is upgraded to 5978 or greater and existing volume types leveraged workload e.g. DSS, DSS_REP, OLTP and OLTP_REP, certain operations will no longer work and the volume type will be unusable. This fix addresses these issues and fixes problems with using old volume types with workloads included in the volume type pool_name.

  • Fixed a bug which could create volumes with invalid content in case of unhandled errors from glance client (Bug #1799221).

  • When using a PowerMax OS array as a replication target, where the source is an All-Flash/Hybrid array running HyperMax OS, service level and workload settings are not correctly applied for devices on the replication target if a workload is specified. Instead of setting only the workload to None, both service level and workload are set to None. This fix corrects the application of service level and workload settings for replication sessions where the source is HyperMax OS and the target is PowerMax OS.

  • Cinder now will return 415 (HTTPUnsupportedMediaType) when any unsupported content type is specified in request header.

  • The Solidfire cinder driver has been fixed to ensure delete happens on the correct volume.

  • Fixed support for IPv6 on management and data paths for NFS, iSCSI and FCP NetApp ONTAP drivers.

  • Fixed NetApp SolidFire bug that avoided multiatached volumes to be deleted.

  • Fixes a bug in NetApp SolidFire where the deletion of group snapshots was failing.

  • Fixes force_detach behavior for volumes in NetApp SolidFire driver.

  • Fix SolidFire free_capacity_gb reporting and also reports thin_provisioning_support=True. This allow the use of Cinder scheduler’s parameters for thin provisioning in the SolidFire plataform.

  • Fix python3 imcompability issues and make SolidFire driver fully compatible with python3.

  • Dell EMC VNX Driver: Fixes bug 1817385 to make sure the sg can be created again after it was destroyed under destroy_empty_storage_group setting to True.

Other Notes

  • PowerMax driver - Changing 8.4 to 9.0 Unisphere for PowerMax REST endpoints.

  • After being marked unsupported in the Rocky release the CoprHD driver is now being removed in Stein. The vendor has indicated that this is desired as the CoprHD driver has been deprecated.

  • The ITRI DISCO storage driver was marked unsupported in Rocky due to 3rd Party CI not meeting Cinder’s requirements. As a result the driver is removed starting from the Stein release.

  • This PowerMax driver now puts the unmanaged “orphan” volume in a storage group called OS-Unmanaged. It is not possible to query a volume’s associated snapvx snapshots using the PowerMax management software, unless it belongs to a storage group.

  • The HGST Flash Storage Suite Driver was marked unsupported in the Rocky release because their 3rd Party CI system was not meeting Cinder’s requirements. The system has not started reporting so the driver is now removed as of the Stein release.