Yoga Series Release Notes

14.0.0-29

Security Issues

  • The SSH utility module no longer logs usernames and passwords as debug information.

Bug Fixes

  • The GET /shares/{share_id} API now responds with HTTP 404 (Not Found) for inaccessible resources. See bug 1901210 for further information.

  • Adds a check when associating a security service to a share network, so that both resources must have the same project_id. If not, HTTP Bad Request is raised.

  • Fixed an issue that caused Manila to return all projects’ share replicas even when the user was not an administrator. Now, when the user is not an administrator, only the replicas in the project perspective are going to be displayed. For more details, please refer to Launchpad Bug #1922243

  • Fix the bug of TypeError with JsonFilter. If the scheduler_hints value is None, the TypeError exception may occur when creating share with JsonFilter. The TypeError exception is added to solve this problem.

  • Bug #1964696: Fix calling the GaneshaNASHelper update_access method from the gluster GaneshaNFSHelper with the wrong signature.

  • Fixes regression for show_metadata and the response dictionary. The correct response is: {meta: {‘key’: ‘value}}.

  • The CephFS driver no longer fails to delete access rules that were never applied or were missing from the back end storage. See LP #1971530 for more details.

  • During share network create API, if either share network or share network subnet db creation fails, manila raises an exception. However quota is not rolled back and its usable only after quota reservations timed out (waiting conf.reservation_expire seconds). Fixed by introducing immediate quota rollback in case any db create api fails.

  • Goodness_function expects integer or float else raise parseException. This causes example such as “(share.share_proto == ‘CIFS’) ? 100 : 50” to fail during evaluation. Fix it by adding support of string evalution.

  • Drivers using DHSS True mode has the server creation phase. This phase tries to reuse one of available share servers, however, the Manila code is considering all share servers states as available, rather than considering only the active or creating ones. Now, only the correct share servers are passed to drivers as available to be reused.

  • Bug #1983125: Fixed the remaining reference to a deprecated quota option in code, which was causing a warning message.

  • Infinidat Driver bug #1986653: Fixed Infinidat driver to use TLS/SSL communication between the Manila share service and the storage backend. Admin can set True or False for the infinidat_use_ssl and infinidat_suppress_ssl_warnings options in the driver section of manila.conf to enable or disable these features.

  • Deployers now can specify [glance]endpoint_type configuration option (defaults to publicURL for backward compatibility) so that Manila uses Glance endpoint other than the public one (see bug 1991396).

  • Bug 1991776 was fixed within the CephFS driver. The driver no longer emits repeated warnings concerning supported IP versions when using the NFS protocol.

  • Fix creating from snapshot operation with server limits. If the new share and parent are in the same host, the share server must be resued, so the limits must be ignored. For more details, please refer to launchpad bug #1918845

  • Some neutron integrations might not have the network type, so the neutron network plugin is fixed by taking that scenario in consideration. Launchpad bug #1987315 for more details.

14.0.0

New Features

  • Add support for multiple subnet per availability zone. The multiple configuration can be done either on share server deployment or updating a pre-existent share server.

    The new field network_allocation_update_support was added to share server’s model This field defaults to False, and all of the already deployed share servers are going to get the default value even if their backend support it. Administrators will be able to update the field value using manila-manage commands.

    The driver will report its support for adding a subnet on a pre-existent share server through network_allocation_update_support. Also, it will report the support for creating the server with multiple subnets with the share_server_multiple_subnet_support. The scheduler will filter out backend that does not handle this request during some operations. Example, creating a share with a share network containing multiple subnets, only hosts that support this deployment will be selected.

  • Share group types can now be filtered with its group_specs.

  • The Container driver is now able to:

    • Create shares using share networks that have multiple share network subnets in the same availability zone.

    • Add more network interfaces into share servers that are already deployed based on the share network subnets within the share network.

  • Add OnlyHostFilter to manila’s scheduler. This filter needs admin to specify host@backend#pool to “share.scheduler_hints.only_host” in the request payload when creating a manila share. The hint is used only for share creation and not stored as share metadata. For non-admin users the OnlyHostFilter will always be ignored.

  • Manila now supports a “recycle bin” for shares. End users can soft-delete their shares and have the ability to restore them for a specified interval. This interval defaults to 7 days and is configurable via “soft_deleted_share_retention_time”. After this time has elapsed, soft-deleted shares are automatically cleaned up.

  • NetApp ONTAP: Add support for multiple subnets per availability zone when in the same network segment. In addition, new share network subnets can now be added to share networks with in-use share servers (that has one or more shares in place).

  • Added option “scheduler_hints” to share replica create API. For now, the onlyHostFilter will be supported using this option. The filter needs admin to specify host@backend#pool to “share_replica.scheduler_hints.only_host” in the request payload when creating a manila share replica. For non-admin users the onlyHostFilter will always be ignored.

Known Issues

  • User specified scheduler hints such as “same_host” and “different_host” are stored as share metadata with keys such as “__affinity_same_host” and “__affinity_different_host” respectively. These can be manipulated or deleted by end users like all metadata unless prevented by RBAC policy. In a future release, the service will restrict the deletion or manipulation of these specific metadata items.

Upgrade Notes

  • The option service_instance_name_template will start being honored by the Generic driver, so review your configuration and revert to the default if you don’t want it to be taken into account.

  • To add OnlyHostFilter to an active deployment, its reference must be enabled in manila.conf.

  • The share entity now contains two new fields: is_soft_deleted and scheduled_to_be_deleted_at. The is_soft_deleted will be used to identify shares in the recycle bin.. The scheduled_to_be_deleted_at field to show when the share will be deleted automatically. A new parameter called is_soft_deleted was added to the share list API, and users will be able to query shares and filter out the ones that are currently in the recycle bin.

Deprecation Notes

  • Remove ‘share_network_subnet_id’ attribute from share server view and add ‘share_network_subnet_ids’ starting with microversion ‘2.70’. The share server has a list of subnets.

  • The [neutron] url_timeout option and the [neutron] auth_strategy option have been deprecated and will be removed in a future release. These two options have had no effect since 2.0.0 .

Security Issues

  • Privsep transitions. Manila is transitioning from using the older style rootwrap privilege escalation path to the new style Oslo privsep path. This should improve performance and security of Manila in the long term.

Bug Fixes

  • User specified scheduler hints such as “affinity_same_host” and “affinity_different_host” are stored as share metadata. These are stored as admin-only metadata keys that cannot be deleted or manipulated by nonadmin users.

  • Fixed an issue during snapshot creation where a database error was being mishandled with dead code. See Launchpad bug 1475351 for more details.

  • Fixed a manila issue while updating quotas. Now manila requires at least a quota value to be updated.

  • When a quota value greater than 2147483647 is set, the error message “ERROR: Invalid input received:Quota limit should not exceed 2147483647. (HTTP 400)” is communicated to the user.

  • NetApp OnTap driver Bug #1915237: Fixed encryption compatibility check on manila share migrate.

  • Non-disruptive share migration will no longer choose a different destination server even if limits of shares or gigabytes were exceeded in the source. For more details, please see bug #1920942.

  • Fixed an issue with ONTAP AFF platforms while creating shares that forced volumes to have efficient data saving even when the contrary was specified. For more details, please refer to launchpad bug #1929421

  • Changes the list of security services required for CIFS share creation when the NetApp driver is being used. For more details, please refer to launchpad bug #1942124

  • NetApp cDOT driver Custom port configuration using netapp_server_port was accidentally ignored after a refactor. This option should now be properly read. See Launchpad bug 1945365 for more details.

  • The service_instance_name_template option was not being taken into account by the Generic driver, this issue is now addressed. See bug #1945463 for more information.

  • Bug #1946990: Fix the ignored [neutron] url option. Now the parameter overrides the endpoint url which Manila uses to access Neutron API.

  • When cephfs_ganesha_server_ip is not set, the current hostname is used as a default for such config option. The driver was treating this value as an IP address and trying to perform validations on it. The CEPH NFS driver will no longer treat hostnames as ip addresses and try to validate them as such.