Yoga Series Release Notes

20.3.2

Bug Fixes

• Dell PowerMax driver bug #2033398: Reduced the risk of failures when doing online migration. This change is to speed up the deletion of a volume which doesn’t require to rename the volume prior to delete it. This removal will allow to save 15s in terms of operation time and avoid unnecessary pausing time during migration.

20.3.1

Bug Fixes

• Bug #1980268: When creating a volume from an image, a check has been added to compare the requested volume size to the image’s virtual_size property and fail the request if the volume will be too small to contain the image. If the image record does not contain this property, the request is accepted but the volume will go to error status if the image does not fit (which is the current behavior).

• Infinidat Driver bug #1981982: Fixed Infinidat driver to use TLS/SSL communication between the Cinder volume service and the storage backend. Admin can set True or False for the driver_use_ssl and suppress_requests_ssl_warnings options in the driver section of cinder.conf to enable or disable these features.

• Bug #2008017: Fixed NetApp NFS driver to never spawn a native thread avoid thread starvation and other related issues.

• Bug #1945500: The original attempt at fixing this bug did not account for differences in how glance and cinder store image metadata, and as a result some image properties were not filtered out. This new improved fix addresses those differences and makes the filtering more thorough.

• PowerFlex driver bug #1942095: Fixed Cinder volume caching mechanism for the driver. Now the driver correctly raises exception.SnapshotLimitReached when maximum snapshots are created for a given volume and a volume cache is invalidated to allow a new row of fast volume clones.

• RBD driver bug #1960206: Fixed total_capacity reported by the driver to the scheduler on Ceph clusters that have renamed the bytes_used field to stored. (e.g., Nautilus).

20.3.0

Known Issues

• For security reasons (Bug #2004555) manually deleting an attachment, manually doing the os-terminate_connection, os-detach or os-force_detach actions will no longer be allowed in most cases unless the request is coming from another OpenStack service on behalf of a user.

Upgrade Notes

• Nova must be configured to send service tokens and cinder must be configured to recognize at least one of the roles that the nova service user has been assigned in keystone. By default, cinder will recognize the service role, so if the nova service user is assigned a differently named role in your cloud, you must adjust your cinder configuration file (service_token_roles configuration option in the keystone_authtoken section). If nova and cinder are not configured correctly in this regard, detaching volumes will no longer work (Bug #2004555).

Critical Issues

• Detaching volumes will fail if Nova is not configured to send service tokens, please read the upgrade section for more information. (Bug #2004555).

Security Issues

• As part of the fix for Bug #2004555, cinder now rejects user attachment delete requests for attachments that are being used by nova instances to ensure that no leftover devices are produced on the compute nodes which could be used to access another project’s volumes. Terminate connection, detach, and force detach volume actions (calls that are not usually made by users directly) are, in most cases, not allowed for users.

Bug Fixes

• Bug #2004555: Fixed issue where a user manually deleting an attachment, calling terminate connection, detach, or force detach, for a volume that is still used by a nova instance resulted in leftover devices on the compute node. These operations will now fail when it is believed to be a problem.

20.2.0

New Features

• Dell EMC PowerStore driver: Report trimming/discard support to Nova and Cinder.

• Dell EMC PowerMax driver: Report trimming/discard support to Nova and Cinder.

• Dell EMC PowerFlex driver: Report trimming/discard support to Nova and Cinder on thin volumes that don’t have snapshots. Not doing trim on volumes with snapshots is the vendor’s recommendation, but can be overriden with the report_discard_supported configuration option.

Upgrade Notes

• We introduced a new config parameter, reserved_image_namespaces, that allows operators to set the image properties to filter out from volume image metadata by namespace when uploading a volume to Glance. These properties, if not filtered out, cause failures when uploading images back to Glance. The error will happen on Glance side when the reserved namespaces are used. This option is also useful when an operator wants to use the Glance property protections feature to make some image properties read-only.

Bug Fixes

• Bug #1910767: Fixed the calculation of the allocated capacity for the volume manager. The fix takes into account all volumes that have a host setting, not just volumes with a status of ‘in-use’ or ‘available’.

• Bug #1945500: Fixed an error when uploading to Glance a previously downloaded glance image when glance multistore is enabled. Glance reserves image properties in the namespace ‘os_glance’ for its own use and will not allow images to be created with these properties. Additionally, there are image properties, such as those associated with image signature verification, that are stored in a volume’s image metadata, which should not be added to a new image when a volume is being uploaded as an image. Thus Cinder will no longer include any volume image metadata in the namespaces os_glance and img_signature when it creates an image in Glance. Furthermore, because the Glance property protections feature allows an operator to configure specific image properties as read-only, this fix adds a configuration option, reserved_image_namespaces, that allows an operator to exclude additional image properties by namespace (the os_glance and img_signature namespaces are always excluded).

• Bug #2008259: Fixed the volume create functionality where non-admin users were able to create multiattach volumes by providing the multiattach parameter in the request body. Now we can only create multiattach volumes using a multiattach volume type, which is also the recommended way.

Other Notes

• Removed the ability to create multiattach volumes by specifying multiattach parameter in the request body of a volume create operation. This functionality is unsafe, can lead to data loss, and has been deprecated since the Queens release. The recommended method for creating a multiattach volume is to use a volume type that supports multiattach. By default, volume types can only be created by the operator. Users who have a need for multiattach volumes should contact their operator if a suitable volume type is not available.

20.1.0

Upgrade Notes

• This release introduces a new configuration option, vmdk_allowed_types, that specifies the list of VMDK image subformats that Cinder will allow. The default setting allows only the ‘streamOptimized’ and ‘monolithicSparse’ subformats, which do not use named extents.

Security Issues

• This release introduces a new configuration option, vmdk_allowed_types, that specifies the list of VMDK image subformats that Cinder will allow in order to prevent exposure of host information by modifying the named extents in a VMDK image. The default setting allows only the ‘streamOptimized’ and ‘monolithicSparse’ subformats, which do not use named extents.

• As part of the fix for Bug #1996188, cinder is now more strict in checking that the disk_format recorded for an image (as revealed by the Image Service API image-show response) matches what cinder detects when it downloads the image. Thus, some requests to create a volume from a source image that had previously succeeded may fail with an ImageUnacceptable error.

Bug Fixes

• RBD Driver bug #1957073: Fixed snapshot deletion failure when its volume doesn’t exist.

• IBM Spectrum Virtualize Family driver: Bug #1976499: Setting correct SVC Code level for lsfcportsetmember call.

• Bug #1978729: Fixed context.message_action is None on errors by backup drivers. The message_* properties of the context were not passed during rpc, which caused a double exception when a backup driver raised an exception, masking the actual backup driver exception.

• Infinidat Driver bug #1981354: Fixed Infinidat driver to return all configured and enabled iSCSI portals for a given network space.

• Bug #1996188: Fixed issue where a VMDK image file whose createType allowed named extents could expose host information. This change introduces a new configuration option, vmdk_allowed_types, that specifies the list of VMDK image subformats that Cinder will allow. The default setting allows only the ‘streamOptimized’ and ‘monolithicSparse’ subformats.

• RBD driver bug #1916843: Fixed rpc timeout when backing up RBD snapshot. We no longer flatten temporary volumes and snapshots.

• NFS driver bug #1946059: Fixed revert to snapshot operation.

• Hitachi driver bug #1989176: Fixed Hitachi driver to output a message for resource lock correctly.

• NetApp SolidFire driver Bug #1934435: Fixed errors that might occur when an operation is made to a volume at the same time as the Element OS upgrades.

• PowerMax driver bug #1979668: Fixed visibility of manageable volumes in multiple storage groups.

• PowerStore driver bug #1981068: Fixed request data validation for the REST client.

Other Notes

• Unified how cinder calculates the virtual free storage space for a pool. Previously Cinder had 2 different mechanisms for calculating the virtual free storage. Now both the Capacity Filter and the Capacity Weigher use the same mechanism, which is based upon the defined terms in https://specs.openstack.org/openstack/cinder-specs/specs/queens/provisioning-improvements.html

20.0.1

Bug Fixes

• Bug #1929223: Fixed HTTPS certificate validation was disabled in PowerFlex connector.

• Bug #1965847: Fixed issue where importing a backup record for a backup_id that currently existed had the unfortunate side effect of deleting the existing backup record.

• IBM Spectrum Virtualize Family driver: Bug #1968159: Fix for retype failure for replicated volume-type. Controlling chfcmap call for rc_controlled fcmap for replication-type volumes during retype operation.

• Bug #1970768: Fixed status of temporary volumes when creating backups and reverting to a snapshot, preventing accidental manual deletion of those resources.

• HPE 3PAR driver Bug #1958122: Fixed issue of multi-detach operation in multi host environment.

• NetApp ONTAP: Fix check QoS minimum support for SVM scoped account. See: Bug #1924798.

20.0.0

Prelude

Welcome to the Yoga release of the OpenStack Block Storage service (cinder). With this release, the Block Storage API version 3 has reached microversion 3.68. The cinder team would like to bring the following points to your attention. Details may be found throughout this document.

• Microversion 3.67 is introduced as a marker to indicate that any instance of the Block Storage API 3.67 or greater treats a project_id in the URL as optional. This change is backward compatible: the API can handle legacy URLs containing a project_id as well as URLs without a project_id. This is the case regardless of what microversion specified in a request. See the “New Features” section for details.

• Microversion 3.68 introduces a new volume action, os-reimage, that allows a user to replace the current content of a specified volume with the data of a specified image supplied by the Image service (glance). See the “New Features” section for details.

• Some new backend storage drivers have been added, and many current drivers have added features and fixed bugs.

New Features

• Add microversion 3.68 to support the ability to re-image a volume with a specific image. Specify the os-reimage action in the request body.

  A volume in available or error status can be re-imaged directly. To re-image a volume in reserved status, you must include the reimage_reserved parameter set to true. When reimaging a volume, the volume state will be changed to downloading first.

  Note that this is a destructive action, that is, all data currently contained in a volume is destroyed when the volume is re-imaged.

  Two new policies are introduced to govern this functionality:

  • volume:reimage - users who satisfy this policy may re-image a volume in status available or error

  • volume:reimage_reserved - users who satisfy this policy may re-image a volume in status reserved

  The default setting for both policies allow an administrator or the volume owner to perform the associated action. See the Policy configuration documentation in the Cinder Service Configuration guide for details.

• Lightbits LightOS driver: new Cinder driver for Lightbits(TM) LightOS(R). Lightbits Labs (http://www.lightbitslabs.com) LightOS is software-defined, cloud native, high-performance, clustered scale-out and redundant NVMe/TCP storage that performs like local NVMe flash.

• Hitachi driver: Support AIX as host OS type. When running cinder attachment-create command with the option --ostype aix, AIX is set as host OS type.

• Hitachi driver: Add target port assignment. Defining particular ports in extra spec hbsd:target_ports determines which of the ports specified by the hitachi_target_ports or the hitachi_compute_target_ports parameters are used to create LUN paths during volume attach operations for each volume type.

• IBM Spectrum Virtualize Family driver: Added support for clean_rate parameter. Clean_rate parameter can now be passed as extra-spec in volume-type or fetched from cinder.conf.

• IBM Spectrum Virtualize Family driver: Added support to manage host attachment using portsets for code level >= 8.4.2.0

• LVM driver: Added support for the NVMe TCP transport protocol. Configuration option is target_protocol = nvmet_tcp when using nvmet as the target_helper.

• Added backend FC and iSCSI drivers for NEC V series Storage.

• Inclusion of a project_id in API URLs is now optional. The Block Storage API V3 reference guide continues to show URLs with a project_id because the legacy behavior continues to be supported.

  A new API microversion V3.67 is introduced to inform clients when inclusion of a project_id in API URLs is optional. The V3.67 microversion is only used as an indicator that the API accepts a URL without a project_id, and this applies to all requests regardless of the microversion in the request. For example, an API node serving V3.67 or greater will accept a URL without a project_id even if the request asks for V3.0. Likewise, it will accept a URL containing a project_id even if the request asks for V3.67.

• Pure Storage FlashArray driver: Enabled support for Active/Active replication for the FlashArray driver. This allows users to configure FlashArray backends in clustered environments.

• Pure Storage driver adds volume metadata describing the backend array name (array_name) and volume name (array_volume_name). This allows easier identification and location of a cinder volume when multiple clusters are using the same backend arrays, or when the cinder scheduler has multiplae backends to choose from.

• New FC cinder volume driver for TOYOU NetStor Storage.

Known Issues

• Just before release, Bug #1965847 was reported. When importing a backup record for a backup_id that currently exists, the import fails as expected. However, this operation has the unfortunate side effect that the existing backup record is deleted. Initial analysis of the bug indicates a small, isolated solution that should be backportable to stable branches.

• When the Ceph backup driver is used for the backup service, restoring a backup to a volume created on a non-RBD backend fails. The cinder team has developed a fix but decided to do more thorough testing before including it in a release. When ready, the solution is expected to be backported to a future release in the Yoga series. The issue is being tracked as Bug #1895035.

• Creating a volume of an encrypted volume type from an image in the Image service (Glance) using the generic NFS driver results in an unusable volume. The cinder team is working on a solution which is expected to be backported to a future release in the Yoga series. The issue is being tracked as Bug #1888680.

• Cinder use of cgroups v1

  This note applies to deployments that are using the cinder configuration option volume_copy_bps_limit in its non-default value (the default is 0).

  The cinder-volume service depends on Linux Kernel Control Groups (cgroups) version 1 to control i/o throttling during some volume-copy and image-convert operations. Some Linux distributions, however, have changed to using cgroup v2 by default and may have discontinued cgroups v1 support completely. Consult your Linux distribution’s documentation for details.

  The cinder team is working on a throttling solution using cgroup v2, but it was not ready at the time of this release. The solution is expected to be backported to a future release in the Yoga series. This issue continues to be tracked as Bug #1942203.

• NVMe-oF issues

  Cinder and Nova use the os-brick library to facilitate connections to volumes. The nvmeof os-brick connector has been refactored over the past few development cycles. In between the time of the Yoga os-brick release (os-brick 5.2.0) and this cinder release, several bugs were discovered in this connector. You can find these in the bug tracker with this query:

  https://bugs.launchpad.net/os-brick/+bugs?field.tag=nvme

Upgrade Notes

• Two new policies are introduced to govern the volume reimage functionality introduced with microversion 3.68:

  • volume:reimage - users who satisfy this policy may re-image a volume in status available or error

  • volume:reimage_reserved - users who satisfy this policy may re-image a volume in status reserved

  The default setting for both policies allow an administrator or the volume owner to perform the associated action. See the Policy configuration documentation in the Cinder Service Configuration guide for details.

• RBD driver: Enable Ceph V2 Clone API and Ceph Trash auto purge

  In light of the fix for RBD driver bug #1941815, we want to bring the following information to your attention.

  Using the v2 clone format for cloned volumes allows volumes with dependent images to be moved to the trash - where they remain until purged - and allow the RBD driver to postpone the deletion until the volume has no dependent images. Configuring the trash purge is recommended to avoid wasting space with these trashed volumes. Since the Ceph Octopus release, the trash can be configured to automatically purge on a defined schedule. See the rbd trash purge schedule commands in the rbd manpage.

• The QNAP driver has been marked as unsupported and is now deprecated. enable_unsupported_drivers will need to be set to True in cinder.conf to continue to use it.

• The Nimble Storage became a part of the HPE family of Storage solutions. The cinder Nimble driver has been relocated to the cinder.volume.driver.hpe module to reflect this. The impact on operators is that the module path cinder.volume.drivers.nimble.NimbleISCSIDriver and cinder.volume.drivers.nimble.FCDriver should now be updated to cinder.volume.drivers.hpe.nimble.NimbleISCSIDriver and cinder.volume.drivers.hpe.nimble.NimbleFCDriver respectively in cinder.conf

• Upgrades are not affected by the new functionality whereby a project_id is no longer required in API URLs. The legacy behavior in which a project_id is included in the URL continues to be supported.

  Detection of whether a URL includes a project_id is based on the value of a new project_id_regex option. The default value matches UUIDs created by keystone.

• Pure Storage: Minimum supported FlashArray Purity//FA is changed to 5.3.0. All FlashArray backends must be at at least this minimum version or the driver will not initialize.

Deprecation Notes

• The QNAP driver has been marked as unsupported and is now deprecated. enable_unsupported_drivers will need to be set to True in cinder.conf to continue to use it.

Bug Fixes

• Bug #1918889: Add support for iSCSI IPv6 in XtremIO driver.

• Bug #1935688: Cinder only supports uploading a volume of an encrypted volume type as an image to the Image service in raw format using a bare container type. Previously, os-volume_upload_image action requests to the Block Storage API specifying different format option values were accepted, but would result in a later failure. This condition is now checked at the API layer, and os-volume_upload_image action requests on a volume of an encrypted type that specify unsupported values for disk_format or container_format now result in a 400 (Bad Request) response.

• IBM Spectrum Virtualize Family driver Bug #1939145: Updating create_relationship and create_rccg calls with the system_id in the place of system_name to fix the issues while creating a mirror volume or creating a consistency group.

• IBM Spectrum Virtualize Family driver: Bug #1941694: Fixed detaching volume from second instance for multi-attach type volumes.

• RBD driver bug #1941815: Fixed deleting volumes with snapshots/volumes in the ceph trash space.

• IBM Spectrum Virtualize family driver Bug #1943682: Updating rccg_name property to volume metadata for the resultant volumes of a clone_group from a source_group or a group_snapshot.

• Bug #1944577: Managing a volume to an encrypted type was never a good idea because there was no way to specify an encryption key ID so that the volume could be used. Requests to manage a volume to an encrypted volume type now result in an invalid request response.

• RBD driver bug #1947518: Corrected a regression caused by the fix for Bug #1931004 that was attempting to access the glance images RBD pool with write privileges when creating a volume from an image.

• IBM Spectrum Virtualize Family driver Bug #1949061: Fixed retype issue of mirror-volume to mirror-volume-type with different mirror pool

• IBM Spectrum Virtualize Family driver Bug #1920870: Reduce multiple lsiogrp, lsvdisk calls in Retype operaton to optimize the code.

• Bug #1953168: Fixed missing parameter in the capacity filter log message.

• IBM Spectrum Virtualize family driver Bug #1953185: Fixed revert to snapshot issue for replicated volumes which are a part of group.

• Bug #1947134: Fixed the initialization of GPFS NFS driver when gpfs_images_share_mode is set to copy_on_write by correcting _same_filesystem functionality.

• Bug #1947123: Fixed the volume creation issue in GPFS NFS driver when gpfs_images_share_mode is set to copy_on_write.

• Pure Storage driver Bug #1945824: Fixed missing DB values when creating new consistency group from CG snapshot.

• Bug #1916980: Fixed stale volume notification information on volume detach.

• Bug #1935011: Fixed missing detach.start notification when deleting an attachment in reserved state.

• Bug #1937084: Fixed race condition between delete attachment and delete volume that can leave deleted volumes stuck as attached to instances.

• Bug #1960019: Fixed value of the x-openstack-request-id header when Cinder is using noauth.

• Bug #1960020: Fixed duplicated request-id values in logs for different requests, happens only on request to / to get available api versions.

• Bug #1960021: Fixed missing request id headers in requests to / to get available api versions.

• Bug #1960329: Fixed wrong request ID on middleware filters.

• Bug #1924643: Fixed the NetApp cinder driver sub-clone operation that might be used by extend operation in case the extended size is greater than the max LUN geometry.

• Bug #1950474: Fixed policy authorization for transfer accept API. Previously, setting enforce_new_defaults=True in oslo_policy section would break the transfer accept API which is fixed in this release.

• HPE 3PAR driver Bug #1940069: Fixed issue of connection rejected by reusing existing session.

• PowerMax driver bug #1930290: This fixes the QoS conflict issue on a child storage group by not setting QoS on a parent storage group.

• PowerMax driver : Enhancement to use an existing initiator group even if there is no entry for the contained initiator(s) in the login table. This is permissable so long as the initiator(s) in the connector object match.

• PowerMax driver bug #1938572 : Legacy PowerMax OS fix to convert an int to a string if the generation of snapVX is returned as an int from REST so that a 0 does not equate to False in python.

• Pure Storage Driver: Add internal check to allow for FlashArray with joint FC and NVMe-FC support

• Pure Storage: Remove all API version checks in driver as the new minimum FlashArray Purity//FA version supports all previously version-gated features and functionality support.

• Bug #1935057: Fixed sometimes on a detach volume may end in available and detached yet have an attachment in error_detaching.

• NetApp SolidFire driver Bug #1932964: Fixed a name exception that occurs on any volume migration.

• NetApp SolidFire driver Bug #1942090: Fixed a status exception that occurs on volume retype with migration.

Other Notes

• The optional driver feature “Snapshot Attachment” has been removed from the Cinder Driver Support Matrix. It is an enhancment used for backups, it is not exposed via the Block Storage API, and its presence in the Support Matrix was misleading.

• Pure Storage: FlashArray minimum Purity//FA version is increased to 5.3.0. All FlashArray backends must be at at least this minimum version or the driver will not initialize.

• SolidFire driver: Driver no longer stores attach timestamp and instance as metadata on the storage array. Any metadata remaining in the array must be considered outdated and incorrect.