Stein Series Release Notes

8.1.4

Upgrade Notes

  • The configuration option netapp_migration_cancel_timeout can be specified in the NetApp backend section to redefine the amount of time that the NetApp driver must attempt to wait on the asynchronous operation to cancel an ongoing migration. This option is set to 3600 seconds by default, which is sufficient time in most cases.

Bug Fixes

  • NetApp ONTAP share delete operation can fail sometimes when is triggered immediately after migration cancelation on a overloaded NetApp backend. Canceling an ongoing migration is an asynchronous operation on an ONTAP storage system. Now the NetApp driver checks if the asynchronous API has ended its operation before reporting migration cancelation success. If the operation of the asynchronous API did not end within the specified timeout, the migration cancel cancel operation will be considered unsuccessful. To do so, a new configuration option netapp_migration_cancel_timeout has been added.

  • Fixed an issue while promoting back share replicas created using CIFS protocol. Please refer to the Launchpad bug #1879368 for more details.

  • NetApp ONTAP driver is now fixed to avoid the deletion of Cluster and Default ipspaces when deleting a share server. This issue was happening only when operating in driver_handles_share_servers enabled mode and creating shares using flat network type. See Launchpad bug 1880747 for more details.

  • Fixed launchpad bug #1885956 by ensuring that policy checks are enforced when looking up a share-type by name. This prevents a problem where shares could be stuck in CREATING status when a user attempts to create a share using the name of a private share-type to which the user lacks access.

  • Fixed bug #1886010 This bug caused glusterfs shares to still be readable/writable to connected clients while the share was deleted from manila.

  • The NetApp cDOT driver now validates the configuration of preferred domain controller(s) added in CIFS security service server setup. The mandatory option skip-config-validation was introduced to cifs-domain-preferred-dc-add with ONTAP 9.5.

  • An error with share group snapshot creation and deletion due to missing attributes has been fixed. See Launchpad bug 1888905 for more information.

  • The LVM driver no longer fails to delete shares, snapshots and access rules that are missing from storage. See Launchpad bug #1888915 for more details.

  • Fixed bug #1894362 Fixed the problem of Couldn’t find the’gluster_used_vols’ error when deploying glusterfs driver multi-backend service and deleting share instance.

  • Dell EMC Manila Driver: Fixes wrong capacity in pool_stat. bug 1890372 powermax manila return size in MB, bug 1890375 vnx manila return size in MB, bug 1890376 unity manila return size in bytes.

8.1.3

Bug Fixes

  • Fixed the Generic driver to evict and kill any user processes accessing a share before attempting to extend or shrink a CIFS share.

  • Fixed an issue with Unity driver fails to delete CIFS share if wrong access was set.

  • A new user message has been added in case of share extensions failing asynchronously.

  • Fixed unneeded all ports list request to Neutron in service instance helper module on tearing down service subnet, Neutron can filter them by subnet_id itself.

  • Fixed bug #1882590 that caused an error on starting a NetApp backend when using the SVM scoped account.

8.1.2

Bug Fixes

  • Fixed Launchpad bug 1699836 by preventing share type deletion when there are share group types associated with them.

  • NetApp cDOT driver is now fixed to remove the QoS Policy on the backend volume when a share is migrated from an extra-spec which had QoS defined to another extra-spec which has no QoS defined in it.

  • The NetApp cDOT driver is now fixed to honour the standard extra_specs during migration and manage/unmanage.

  • Fixed an issue in NetApp driver share replica periodic check that erroneously set a replica state to ‘error’. In this routine, a SnapMirror resync operation was being triggered while the replica data transfering is still in progress, receiving an error from the storage side. The driver now skips resync operation for all in progress SnapMirror relationship status.

  • Fixed an issue in NetApp driver when shrinking shares to a size smaller than the current used space. Now it will return a more appropriate error status called shrinking_possible_data_loss_error.

  • Launchpad bug 1869148 has been fixed. This bug could have affected environments where extension APIs were provided in compiled files rather than source code.

  • Reduces an increase of schedule time for non thin provisioned backends. On those backends, there is no need to calculate provisioned_capacity_gb, as it is not used during the scheduling. This calculation was not scaling properly on big environments as it implies many database queries.

  • Fixed the cleanup for private share types and share group types to include clearing out the database entries recording project specific access rules to these types. See Launchpad bug 1870751 for more details.

  • Fixed quota issue that made it impossible to create resources when the project had the quotas set to unlimited, and the user had a limited amount of quotas to use. Now, operations in the mentioned quota scenario are working properly. Please see Launchpad bug 1872872 for more details.

  • Updated the scheduler pool attributes provisioned_capacity_gb and allocated_capacity_gb to accommodate shares being created. This helps maintain an approximate tally of these attributes in between back end scheduler updates.

8.1.1

Security Issues

  • Closes a gap where a user can see the export locations for another user’s share if the uuid of the other share is leaked, stolen, or (improbably) guessed.

  • CVE-2020-9543: An issue with share network retrieval has been addressed in the API by scoping unprivileged access to project only. Please see launchpad bug #1861485 for more details.

Bug Fixes

  • Fixed Quota exceeded exception for snapshot creation. Consumed gigabytes now reports the snapshot gigabytes instead of share gigabytes usage.

  • Improved share list speed using lazy=’subquery’. The sqlalchemy models of Share and Share Instance relationships previously had lazy=’immediate’. This resulted in at least three extra queries when we queried for all share details.

8.1.0

Bug Fixes

  • The NetApp ONTAP driver is now fixed to unmount the original active share volume after one of its replica gets promoted.

  • Share type extra-specification share_backend_name is now ignored when creating share replicas. This ensures that backends in the same replication domain need not have the same value of share_backend_name. See launchpad bug #1634734 for details.

  • The NetApp ONTAP driver is now fixed to set revert_to_snapshot_support to True or False depending upon SnapRestore License.

  • The NetApp ONTAP driver is now fixed to allow extension and shrinking of share replicas after they get promoted.

  • When the OpenStack administrator has a busy environment that contains many shares, the list operation with –limit parameter was taking too long to respond. This lag has now been fixed. See the launchpad bug 1795463 for more details.

  • Update share networks with MTU before creating network allocations so that the first allocation in a share network is correct.

  • Fixed an issue with the Dell EMC Unity driver to work with a management IP configured in IPv6 format.

8.0.1

Bug Fixes

  • When manila API is run behind a proxy webserver, the API service was parsing the major API version requested incorrectly, leading to incorrect responses. This behavior has now been fixed. See launchpad bug 1818081 for more details.

  • Fixed an issue with the NetApp driver failing during a rollback operation in the share server creation.

8.0.0

Prelude

Added new tool manila-status upgrade check.

New Features

  • The manila-manage utility now has a new command to update the host attribute of shares. This is useful when the share manager process has been migrated to a different host, or if changes are made to the host config option or the backend section name in manila.conf. Execute manila-manage share update_host -h to see usage instructions.

  • New experimental APIs were introduced version 2.47 to retrieve export locations of share replicas. With API versions 2.46 and prior, export locations of non-active or secondary share replicas are included in the share export locations APIs, albeit these APIs do not provide all the necessary distinguishing information (availability zone, replica state and replica ID). See the API reference for more information regarding these API changes.

  • A new common user-visible share types extra-spec called “availability_zones” has been introduced. When using API version 2.48, user requests to create new shares in a specific availability zone will be validated against the configured availability zones of the share type. Similarly, users requests to create share groups and share replicas are validated against the share type availability_zones extra-spec when present. Users can also filter share types by one or more AZs that are supported by them.

  • New API policies (share:create_public_share and share:set_public_share) have been introduced for the “create” (POST /shares) and “update” (PUT /shares) APIs to validate requests to create publicly visible shares.

  • For NetApp CIFS share provisioning users can now specify the optional “server” API parameter to provide an active directory domain controller IP address for when creating a security service. Multiple IP addresses can be given separated by comma. This represents the “Preferred DC” at the vserver cifs domain.

  • The Neutron Port IDs and IP addresses of the network allocation when using the NetApp cDOT driver with DHSS=true are made accessible for administrators at share server backend_details of newly created share servers. Those are corresponding to the NetApp lifs of a vserver.

  • Added managing and unmanaging of share servers functionality to the Container Driver, allowing for shares to be managed and unmanaged.

  • Added APIs with default policy set to ‘rule:admin_api’ that allow managing and unmanaging share servers. Managing Share servers is useful for importing pre-existing shares and snapshots into Manila’s management when the driver is configured in driver_handles_share_servers enabled mode. Unmanaging removes manila share servers from the database without removing them from the back end. Managed share servers, or share servers that have had one or more shares unmanaged will not be deleted automatically when they do not have any shares managed by Manila, even if the config options [DEFAULT]/delete_share_server_with_last_share or [DEFAULT]/automatic_share_server_cleanup have been set to True.

  • Updated Manage Share API to be able to manage shares in driver_handles_share_servers enabled driver mode by supplying the Share Server ID.

  • Updated Unmanage Share and Unmanage Snapshot APIs to allow unmanaging shares and snapshots in driver_handles_share_servers enabled driver mode.

  • New framework for manila-status upgrade check command is added. This framework allows adding various checks which can be run before a Manila upgrade to ensure if the upgrade can be performed safely.

  • The NetApp ONTAP driver security service dns_ip parameter also takes a list of comma separated DNS IPs for vserver dns configuration. Allows HA setup, where DNS can be down for maintenance.

  • Added managing and unmanaging of share servers functionality to the NetApp driver, allowing for shares and snapshots to be managed and unmanaged in driver mode driver_handles_share_servers set to True.

  • Availability zones may now be configured per backend in a multi-backend configuration. Individual back end sections can now have the configuration option backend_availability_zone set. If set, this value will override the storage_availability_zone option from the [DEFAULT] section.

  • QNAP Manila driver supports QES FW on TDS series NAS.

  • Revert to snapshot support for Dell EMC Unity Manila driver.

  • Shrink share support has been added for Dell EMC Unity Manila driver.

Upgrade Notes

  • The Quobyte driver now provides an option to adapt the export path to the Quobyte NFS services PSEUDO path setting.

  • Operator can now use new CLI tool manila-status upgrade check to check if Manila deployment can be safely upgraded from N-1 to N release.

  • The storage_availability_zone option can now be overridden per backend by using the backend_availability_zone option within the backend stanza. This allows enabling multiple storage backends that may be deployed in different AZs in the same manila.conf file if desired, simplifying service architecture around the Share Replication feature.

  • For Dell EMC VMAX Manila driver, replaced emc_nas_pool_names with vmax_share_data_pools, emc_interface_ports with vmax_ethernet_ports, emc_nas_server_container with vmax_server_container.

Deprecation Notes

  • In API version 2.47, export locations APIs: GET /v2/{tenant_id}/shares/{share_id}/export_locations and GET /v2/{tenant_id}/shares/{share_id}/export_locations/​{export_location_id } no longer provide export locations of non-active or secondary share replicas where available. Use the newly introduced share replica export locations APIs to gather this information: GET /v2/{tenant_id}/share-replicas/{share_replica_id}/export-locations and GET /v2/{tenant_id}/share-replicas/{share_replica_id}/export -locations/{export_location_id}.

  • The API policies to create publicly visible shares (share:create_public_share) or modify existing shares to become publicly visible (share:set_public_share) have their default value changed to rule:admin_api. This means that these APIs (POST /shares and PUT /shares) will allow the ‘is_public’ parameter to be set to True in the request body if the requester’s role is set to an Administrator role. These policies will allow their previous default behavior in the Stein release (8.0.0) (i.e., any user can create publicly visible shares and even non-privileged users within a project can update their shares to become publicly visible). If the previous default behavior is always desired, deployers must explicitly set “share:create_public_share” and “share:set_public_share” to “rule:default” in their policy.json file.

  • The configuration option share_usage_audit_period from the [DEFAULT] section has been deprecated. Specifying this option never had any effect on manila and so it will be removed in an upcoming release. This option should not be confused with share_usage_size_update_interval from the back end section, which can be used to gather usage size for some back ends that support that feature.

  • The configuration option “memcached_servers” from the [DEFAULT] section is deprecated. This option has currently no effect and will be removed in future releases. To specify memcached servers for the authentication middleware when using keystone, please use the option “memcached_servers” from the [keystone_authtoken] configuration group.

  • The options ca_certificates_file, nova_ca_certificates_file, cinder_ca_certificates_file, api_insecure, nova_api_insecure and cinder_api_insecure have been deprecated from the DEFAULT group as well as nova, neutron and cinder configuration groups. Use cafile to specify the CA certificates and insecure to turn off SSL validation in these respective groups (nova, neutron and cinder).

  • For Dell EMC VMAX Manila driver, options emc_nas_pool_names, emc_interface_ports, emc_nas_server_container are deprecated.

Bug Fixes

  • Fixed multi segment neutron data save in NeutronBindNetworkPlugin to provide IP version for neutron port creation.

  • The NetApp ONTAP DHSS=True driver has been fixed to allow multiple shares to use the same ipspace and VLAN port across all subnets belonging to the same neutron network.

  • The all_tenants query parameter in the share networks API (GET /v2/{project_id}/share-networks) has been fixed to accept ‘f’, ‘false’, ‘off’, ‘n’, ‘no’, or ‘0’. Setting the flag to any of these values will retrieve security services only from the requester’s project namespace.

  • The all_tenants query parameter in the security services API (GET /v2/{project_id}/security-services) has been fixed to accept ‘f’, ‘false’, ‘off’, ‘n’, ‘no’, or ‘0’. Setting the flag to any of these values will retrieve security services only from the requester’s project namespace.

  • The ZFSOnLinux driver now retries unmounting zfs shares to perform the manage operation. See Launchpad bug 1785180 for details.

  • Pool stats collection has been fixed in the container driver to reflect the differences in formatting of information for the underlying volume groups across different operating systems.

  • The generic and LVM drivers have been fixed to always perform a filesystem check on newly created snapshots and derivative shares before attempting to assign a UUID to them. See Launchpad bug 1798219 for more details.

  • Added caching of host state map to speed up calls for scheduler-stats/pools/detail.

  • Share type quotas, usages and reservations will now be correctly cleaned up if a share type has been deleted. See launchpad bug #1811680 for details regarding the bug that prevented this cleanup prior.

  • Launchpad bug 1815038 has been fixed and now we correctly parse the base URL from manila’s endpoint url, accounting for proxy URLs.

  • APIs that were not returning a request ID (‘x-compute-request-id’) in the response headers have been fixed.

  • Access rule type for shares served via nfs-ganesha is now validated, fixing launchpad bug #1816420 where cephx access type was allowed though only ip access type is effective. This fix also validates access_level to ensure that it is set to RW or RO.

  • Shares backed by CephFS no longer have hard-coded mode 755. Use the cephfs_volume_mode configuration option to set another mode, such as 775 when using manila dynamic external storage provider with OpenShift. The default value remains 755 for backwards compatibility.

  • Launchpad bug 1809318 has been fixed. The deprecated options api_insecure and ca_certificates_file from nova, cinder, neutron or DEFAULT configuration groups no longer override the newer insecure option if provided. Always use insecure and cafile to control SSL and validation since the deprecated options will be removed in a future release.

  • Drivers using ganesha can now handle ‘manila access-allow <share-id> ip 0.0.0.0/0’ as a way to allow access to the share from all IPs.

  • Fixed the size value not being present in share snapshot instances, which caused the NetApp driver to crash when creating a share from a snapshot using python3.

  • Fixed an issue with the NetApp driver leaving leftover resources when it was handling too many share server creation and deletion requests in parallel.

  • Fixed an issue while getting efficiency status from the NetApp backend while creating or updating volumes.

  • Fixed the driver filter to not check for hard equality between the share_backend_name and the name reported by the host as it defeats the purpose of the capabilities filter giving the ability to use “<in>” selection operator in the extra-spec. Refer to Launchpad bug 1815700 for more details.

  • Fixed CIFS permission issue with Inspur AS13000 driver so that files and folders can be created and deleted correctly.

  • NetApp driver volume efficiency settings now behave consistently: like on volume creation now also modification, which is currently consumed by manage and migration, will make sure that deduplication and compression settings are applied correctly.

  • Fixed the QNAP driver so that the snapshot which does not exist in NAS will not be managed.

  • Fixed the QNAP driver so that the managed snapshot and the share which created from snapshot will not be inconsistent in some cases.

Other Notes

  • The “root_helper” configuration option from the [DEFAULT] section got removed. This option was not used anywhere in the codebase. Manila uses “sudo” together with “rootwrap” to allow unprivileged users running actions as root.