Victoria Series Release Notes

11.1.2-8

Problèmes de sécurités

• The SSH utility module no longer logs usernames and passwords as debug information.

Corrections de bugs

• The GET /shares/{share_id} API now responds with HTTP 404 (Not Found) for inaccessible resources. See bug 1901210 for further information.

• Deployers now can specify [glance]endpoint_type configuration option (defaults to publicURL for backward compatibility) so that Manila uses Glance endpoint other than the public one (see bug 1991396).

11.1.2

Corrections de bugs

• Fixed an issue with ONTAP AFF platforms while creating shares that forced volumes to have efficient data saving even when the contrary was specified. For more details, please refer to launchpad bug #1929421

• When cephfs_ganesha_server_ip is not set, the current hostname is used as a default for such config option. The driver was treating this value as an IP address and trying to perform validations on it. The CEPH NFS driver will no longer treat hostnames as ip addresses and try to validate them as such.

11.1.1

Corrections de bugs

• Fixed an issue during snapshot creation where a database error was being mishandled with dead code. See Launchpad bug 1475351 for more details.

• Fixed periodic_share_replica_update() to skip active replicas similarly to periodic_share_replica_snapshot_update(). The intention is to check on non-active replicas, that can be “in_sync”, “out_of_sync” or in “error” state.

11.1.0

Notes de mises à jours

• Added a new config option netapp_ssl_cert_path for NetApp driver. This option enables the user to choose the directory with certificates of trusted CA or the CA bundle. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates.

Problèmes de sécurités

• An RBAC policy check has been enforced against the GET /share-access-rules API to ensure that users are permitted to access the share that the access rule belongs to. See bug 1917417 for more details.

Corrections de bugs

• Fixed an issue on ONTAP NetApp driver that was forcing the location of CA certificates for SSL verification during HTTPS requests. It adds the netapp_ssl_cert_path configuration, enabling the user to choose the directory with certificates of trusted CA or the CA bundle. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates. Please refer to the Launchpad bug #1900191 for more details.

• An issue with RPC handling on service restart was addressed by ensuring proper initialization before creating the RPC consumer. See bug 1271568 for more details.

• A bug with storage protocol filtering in the scheduler has been fixed. See bug for more details.

• Fixed bug #1883506 that caused a quota error when delete or unmanage a share that failed to manage.

• New user messages now alert users of possible remediations during access rule creation errors with CephFS shares. This includes hints to users to not use cephx client users that are prohibited by CephFS or the share driver. See CVE-2020-27781 and bug #1904015 <https://launchpad.net/bugs/1904015>`_ for more details.

• Fixed a bug that if extend a volume after shrink it under generic driver, it may have a wrong real size. Please see Launchpad bug #1909951 for more details.

• Resizing 0.0.0.0/24 accessible NFS shares with generic driver

• The scheduler stats resource APIs (/scheduler-stats/pools and /scheduler-stats/pools/detail) have been fixed to not return an arbitrary traceback in the error message body to the caller when access to the resource has been denied.

• Authentication errors when loading service clients of OpenStack Compute (nova), OpenStack Image (glance), OpenStack Volume (cinder) and OpenStack Networking (neutron) services are now handled in a better manner.

• Fixed bug #1922075 Fixed the problem that « gluster volume set nfs.rpc-auth-reject “*” » failed when the glusterfs driver created an instance from a snapshot.

• Fixed NotFound error in share replica periodic tasks. It could happen that the parent share of the replica that was being worked on had already been deleted.

• Corrected an error message for attempts to create snapshots from shares that do not support this operation. The message said that the share backend has no such support but that is not always true. The original share for the snapshot does not support snapshots because it was created with a share type without the snapshot_support extra-spec set, irrespective of whether the back end used can itself support snapshots or not.

• Fixed an issue that made migrated shares with replication support to do not have a share instance with its replica_state set to active. Now, when the share supports replication, the destination share instance will have its replica state set as active right after the migration gets completed. For more details, please refer to bug 1927060

• Filtering shares by share-type « extra_specs » as key=value now returns the expected output.

• The Infinidat driver’s been fixed to process single IP Addresses (/32) correctly. See bug 1934345 for more details.

• NetApp driver: fixed an issue with the ONTAP 9.8 and older, for scoped account users, where the operation of deleting a replica was not working, but returned a message of success. For more details, please refer to launchpad bug #1934889

• New user message now alerts users when attempting to create a new share without identifying a share type, either through request body or by setting a default share type. See bug #1870280 for more details.

11.0.1

Corrections de bugs

• Fixed an issue on ONTAP NetApp driver that caused access rules not to be applied to a promoted replica using CIFS protocol. Please refer to the Launchpad bug #1896949 for more details.

• The API to import shares into manila could sometimes allow a share to be « managed » into manila multiple times via different export paths. This API could also incorrectly disallow a manage operation citing a new share in question was already managed. Both issues have now been fixed. See bug #1848608 and bug #1893718 for more details.

• The NetApp cDOT driver now sets the required NFS options for clients running Windows operating systems with NFSv3 support.

• Share cleanup for the LVM driver has been enhanced to retry on known errors that could occur due to mount propagation. See bug 1903773 for more details.

• Share cleanup for the ZFSOnLinux driver has been enhanced to retry on known errors that could occur due to mount propagation. See bug 1903773 for more details.

• Dell EMC Manila Driver: Fixes wrong capacity in pool_stat. bug 1890372 powermax manila return size in MB, bug 1890375 vnx manila return size in MB, bug 1890376 unity manila return size in bytes.

11.0.0

Prelude

• Share replication APIs have graduated from their experimental feature state from API version 2.56. One or more share replicas can be created from a given share. They can also be promoted to be considered the active share, resynchronized and deleted. These actions no longer require the inclusion of X-OpenStack-Manila-API-Experimental header in the API requests.

Nouvelles fonctionnalités

• Added the ability to migrate share servers within and across backends in Manila. As designed in share migration, a two-phase approach is now available for share servers, with the addition of a new API to check the feasibility of a migration, called share-server-migration-check. Now, Manila can start, complete, cancel and retrieve the progress of a share server migration. These operations were designed for Administrators and will work only when operating under driver_handles_share_servers=True mode. When starting a share server migration, it is possible to choose which capabilities must be supported by the driver: remain writable during the first phase, preserve_snapshots, be nondisruptive and migrate to a different share network.

• Added cleanup sub command to the manila-manage service command for administrators to be able to soft-delete services marked as down.

• The container driver now supports driver assisted share migration and share server migration across share networks, and across backends that share the same underlying volume group (configuration option: container_volume_group).

• The NetApp ONTAP driver now supports migration of share servers across clusters. While migrating a share server, the source remains writable during the first phase of the migration, until the cutover is issued. It is possible to specify a new share network for the destination share server, only if the associated security services remain unchanged. Share server migration relies on ONTAP features available only in versions equal and greater than 9.4. In order to have share server migration working across ONTAP clusters, they must be peered in advance. In order to adapt to different workloads and provide more flexibility on managing cluster’s free space a new configuration option was added:

  • netapp_server_migration_check_capacity: Specifies if a capacity validation at the destination backend must be made before proceeding with the share server migration. When enabled, the NetApp driver will validate if the destination pools can hold all shares and snapshots belonging to the source share server.

• Added support for Adaptive QoS policies that have been pre-created on the storage system, with clustered ONTAP version 9.4 or higher. To use this feature, configure a Manila share type with the extra-spec « netapp:adaptive_qos_policy_group » and value set to the qos policy group on the ONTAP storage system, for example:

  netapp:adaptive_qos_policy_group=platform3

  Note that a cluster scoped account must be used in the driver configuration in order to use QoS in clustered ONTAP. Other notes:

  • This only works for backends without share server management.

  • This does not work for share replicas or can fail when creating share from snapshot across backends, if the destination backend does not have the pre-created « adaptive_qos_policy_group ».

• The NetApp cDOT driver now reports the max_over_subscription_ratio configuration, which can be set per share back end, via scheduler-stats/pools/detail API.

• For NetApp ONTAP driver, administrators are now able to set share servers max NFS transfer limits. These limits can be configured by setting the netapp:tcp_max_xfer_size and netapp:udp_max_xfer_size extra-specs. The driver will consider these limits while deciding to create or reuse share servers. While bringing a share under Manila management, the driver will check if the share type extra-specs values match the share server configured NFS limits. This change does not have effect in DHSS=False environments and relies on ONTAP features available only in versions equal to and greater than 9.4.

• Dell EMC Unity: Default filter function support for 3GB share size.

Notes de mises à jours

• When using a driver with the service-instance module, manila.conf now requires a [glance] section in addition the the previously required sections for [neutron], [nova], and cinder since the glanceclient is now required as well as the clients for these other services. To generate a sample manila.conf that includes sections for all of these services run `` tox -egenconfig`` from the top of the manila source repository.

• The share server entity now contains two new fields: task_state and source_share_server_id. The task_state field helps tracking the migration progress of a share server. The source_share_server_id field will hold the source share server identification until the migration gets completed or cancelled. New statuses were added in order to control whether a share server, its shares or snapshots are being migrated to a different location. Share server shares’ are going to remain in the status server_migrating while the migration is in course. When the migration gets completed, the statuses are going to be updated.

• The configuration option netapp_migration_cancel_timeout can be specified in the NetApp backend section to redefine the amount of time that the NetApp driver must attempt to wait on the asynchronous operation to cancel an ongoing migration. This option is set to 3600 seconds by default, which is sufficient time in most cases.

• This version includes a fix to the CephFS drivers to address an issue with total and free space calculation in the CephFS driver. When you update, you will notice that the space calculations reflect reality in your Ceph clusters, and provisioning may fail if the share sizes exceed the cluster’s free space. CephFS shares are always thin provisioned, and the driver does not support oversubscription via Manila; so space can be claimed for new shares as long as there is free space on the cluster. Use the « reserved_share_percentage » back end configuration option to ensure there’s always space left aside for provisioned workloads to grow over time.

• The default value for the CephFS driver configuration option cephfs_enable_snapshots has changed to True. This option has also been deprecated, and will be removed in a future release. If snapshots are not desired with this back end, set the share type extra spec snapshot_support to False.

• This version of OpenStack Manila has not been tested with Ceph clusters prior to Nautilus. CephFS drivers interact with Ceph clusters via a python binding called « ceph_volume_client ». This is being replaced by supplying management operations via the ceph manager interface that was introduced in the Nautilus release of Ceph. So it is advised that you upgrade your Ceph deployment prior to upgrading to Manila’s Victoria release.

• Added a new config option container_volume_mount_path. This option defines the path where ContainerShareDriver driver should mount a logical volume on the host prior to providing access to it from a container.

• A new configuration option called report_default_filter_function has been added to the Dell EMC Unity driver. It can be set to True or False, and the default value is False. When set to True, the scheduler will disallow the creation of shares smaller than 3 GiB on the Dell EMC Unity back end. The default value of this option will be changed to True in a future release, so always set the desired value in your manila.conf per your expectations.

Notes dépréciées

• The CephFS driver configuration option cephfs_enable_snapshots has been deprecated, and will be removed in a future release. Use the share type extra-spec snapshot_support to enable or disable snapshots.

Corrections de bugs

• Share creation sometimes failed with drivers that use the service-instance module (currently, the generic and windows smb because the service-instance image could not be found. The service instance module used the novaclient to discover the images, it paginates lists of images, and if there are more than 25 images the service-image may not be in the list.

  This fix switches to use the glanceclient – a more direct and appropriate client for OpenStack images that is not subject to the pagination limitation.

• Dell EMC Unity Driver: Fixes bug 1841035 to avoid lots of error messages displayed in logs.

• NetApp ONTAP share delete operation can fail sometimes when is triggered immediately after migration cancelation on a overloaded NetApp backend. Canceling an ongoing migration is an asynchronous operation on an ONTAP storage system. Now the NetApp driver checks if the asynchronous API has ended its operation before reporting migration cancelation success. If the operation of the asynchronous API did not end within the specified timeout, the migration cancel cancel operation will be considered unsuccessful. To do so, a new configuration option netapp_migration_cancel_timeout has been added.

• Fixed the Generic driver to evict and kill any user processes accessing a share before attempting to extend or shrink a CIFS share.

• Added a new user message when share shrinking fails due to operation not being supported by the driver.

• Fixed an issue while bringing shares under Manila management. Now, when a share is being managed and there is no available quota to complete this operation, the service will allow the quotas to be exceeded and the operation will be completed. The administrator will need to adjust the quotas after. Please see Launchpad bug for more details.

• Fixed bug #1878993 that caused a failure on HTTPS connections within NetApp backend using python 3.7.

• Fixed an issue while promoting back share replicas created using CIFS protocol. Please refer to the Launchpad bug #1879368 for more details.

• Fixed unneeded all ports list request to Neutron in service instance helper module on tearing down service subnet, Neutron can filter them by subnet_id itself.

• NetApp ONTAP driver is now fixed to avoid the deletion of Cluster and Default ipspaces when deleting a share server. This issue was happening only when operating in driver_handles_share_servers enabled mode and creating shares using flat network type. See Launchpad bug 1880747 for more details.

• The manila-manage share update_host command now updates the host attribute of share servers and share groups in addition to shares.

• Added manila-manage service cleanup command to soft-delete entries from the services table for services, that are down. E.g. this fixed the removal of services for hosts, that had been renamed.

• Fixed bug #1882590 that caused an error on starting a NetApp backend when using the SVM scoped account.

• Fixed launchpad bug #1885956 by ensuring that policy checks are enforced when looking up a share-type by name. This prevents a problem where shares could be stuck in CREATING status when a user attempts to create a share using the name of a private share-type to which the user lacks access.

• Fixed bug #1886010 This bug caused glusterfs shares to still be readable/writable to connected clients while the share was deleted from manila.

• Fixed bug #1886232 that causes an INFO message saying the python-manila package was not found. Now, the package name was updated to python3-manila. This fix solves only in the case that the user installed the manila using the default packages found in OS.

• The NetApp cDOT driver now validates the configuration of preferred domain controller(s) added in CIFS security service server setup. The mandatory option skip-config-validation was introduced to cifs-domain-preferred-dc-add with ONTAP 9.5.

• An error with share group snapshot creation and deletion due to missing attributes has been fixed. See Launchpad bug 1888905 for more information.

• The LVM driver no longer fails to delete shares, snapshots and access rules that are missing from storage. See Launchpad bug #1888915 for more details.

• In the share migration_get_progress API a race condition was fixed. If the share manager reports InvalidShare the share’s task state is evaluated again to return progress 0 or 100 based on known task states instead of raising ShareMigrationError.

• The CephFS driver has now been fixed to report total and available space on the storage system correctly. See Launchpad bug#1890833 for more details.

• The CephFS driver now honors the configuration option « reserved_share_percentage », and it can be used to prevent save space for provisioned workloads to grow over time.

• Fixed bug #1894362 Fixed the problem of Couldn’t find the’gluster_used_vols” error when deploying glusterfs driver multi-backend service and deleting share instance.

• Fixed an issue on Container driver when managing share servers. The regex used to search for container-name in the available network interfaces was updated to support newer versions of Open vSwitch. Refer to the Bug #1896322 for more details.

• When attempting to shrink a share to a size smaller than the current used space, the share status will remain as available instead of shrinking_possible_data_loss_error. The user will receive warning message saying that the shrink operation was not completed.