Yoga Series Release Notes¶
14.2.0-4¶
Bug Fixes¶
NetApp driver bug #2069125: Fixed the issue for the NetApp ONTAP driver in the ZAPI workflow, where certain vserver accounts failed to add access rules for a share when the vserver network interface was not configured with kerberos.
default route for service subnet wouldn’t be created if connect_share_server_to_tenant_network is on
14.2.0¶
Bug Fixes¶
Changed the error and status code that was raised when share types are not handled in shares api
Make snapshot names in CephFS drivers shorter to avoid limitation in Ceph clusters which truncates the subvolume name and makes the snapshots inaccesible.
NetApp driver bug #1982808: Fixed issue preventing the storage system from proper clean up unused SnapMirror snapshots after a replica promote, significantly increasing the amount of space consumed in ONTAP volumes by snapshots.
Metadata APIs have been fixed to respond with HTTP 404 / Not Found when the requester does not have access to a resource that the metadata pertains to.
Share replicas in state error_deleting are now skipped during periodic updates. For more details, please refer to launchpad bug #2024556
Share server backend details set function adds db records without checking existing entries. This results in duplicate records for the combination of given share server id and key. Fixed it by updating records if already exist else creating new. See the launchpad bug 2024658 for more details.
The “manage” API for snapshots now validates the format of “provider_location” and “share_id” fields and handles errors appropriately. These fields are expected to contain string values.
The
updated_atfield is correctly set on share and snapshot access rules when an update has been made on the database.
The CephFS driver uses a RemoveExport DBUS API call to the NFS/Ganesha service when a user deletes an access rule, or when deleting the share. If this call fails, the driver now provides a log of the failure, and continues cleaning up. Prior to this change, share deletion could fail if the service failed the DBUS command to drop the export. This would leave the share with an “error_deleting” status, needing administrator intervention. See bug #2035572 for more information.
bug #2025649: Fixed share server API error message.
14.1.1¶
Bug Fixes¶
Fixed several Manila API error messages with their contents. For more details, please refer to launchpad bug #2007060
14.1.0¶
New Features¶
The special .snapshot directories for shares created by the Infinidat driver can now be controlled through configuration options: infinidat_snapdir_accessible and infinidat_snapdir_visible. By default, each share allows access to its own .snapshot directory, which contains files and directories of each snapshot taken. To restrict access to the .snapshot directory, the infinidat_snapdir_accessible should be set to False. The infinidat_snapdir_visible option controls visibility of the .snapshot directory. By default, the .snapshot directory is hidden. To make the .snapshot directory visible on the client side, this option should be set to True.
Bug Fixes¶
Launchpad bug 1968891 has been fixed. scheduler will use size increase rather than share size to calculate provisioned_ratio when extending share.
Infinidat Driver bug #1989283: Incremented driver version to 1.1, where SSL support was added. For more details on enabling SSL, please check the Infinidat driver documentation.
Add the filesystem info in the exports created by the CephFS NFS driver. This fixes inconsistencies when deploying Manila with CephFS NFS with multiple filesystems.
Infinidat Driver bug #1992443: Fixed an issue in Infinidat driver to support host assisted migration. The snapdir_visible filesystem property must be disabled to hide .snapshot directory on the client side. However, this behavior can be changed using the infinidat_snapdir_visible configuration option.
Fixed an issue that made the CephFS driver to override the permissions in a share. After a bugfix, Ceph’s idempotent creation of shares had a change on its behavior. If a share mode was modified outside of Manila, or the configuration value for cephfs_volume_mode was changed in Manila when shares had already been created, these shares would have their mode changed while Manila attempted to ensure that such share exists using the idempotent creation, potentially breaking clients. The CephFS driver will no longer send create calls to the backend when ensuring a share exists. For more details, please refer to Bug #2002394
14.0.1¶
Security Issues¶
The SSH utility module no longer logs usernames and passwords as debug information.
Bug Fixes¶
The GET /shares/{share_id} API now responds with HTTP 404 (Not Found) for inaccessible resources. See bug 1901210 for further information.
Adds a check when associating a security service to a share network, so that both resources must have the same project_id. If not, HTTP Bad Request is raised.
Fixed an issue that caused Manila to return all projects’ share replicas even when the user was not an administrator. Now, when the user is not an administrator, only the replicas in the project perspective are going to be displayed. For more details, please refer to Launchpad Bug #1922243
Fix the bug of TypeError with JsonFilter. If the scheduler_hints value is None, the TypeError exception may occur when creating share with JsonFilter. The TypeError exception is added to solve this problem.
Bug #1964696: Fix calling the GaneshaNASHelper update_access method from the gluster GaneshaNFSHelper with the wrong signature.
Fixes regression for show_metadata and the response dictionary. The correct response is: {meta: {‘key’: ‘value}}.
The CephFS driver no longer fails to delete access rules that were never applied or were missing from the back end storage. See LP #1971530 for more details.
During share network create API, if either share network or share network subnet db creation fails, manila raises an exception. However quota is not rolled back and its usable only after quota reservations timed out (waiting conf.reservation_expire seconds). Fixed by introducing immediate quota rollback in case any db create api fails.
Goodness_function expects integer or float else raise parseException. This causes example such as “(share.share_proto == ‘CIFS’) ? 100 : 50” to fail during evaluation. Fix it by adding support of string evalution.
Drivers using DHSS True mode has the server creation phase. This phase tries to reuse one of available share servers, however, the Manila code is considering all share servers states as available, rather than considering only the active or creating ones. Now, only the correct share servers are passed to drivers as available to be reused.
Bug #1983125: Fixed the remaining reference to a deprecated quota option in code, which was causing a warning message.
Infinidat Driver bug #1986653: Fixed Infinidat driver to use TLS/SSL communication between the Manila share service and the storage backend. Admin can set True or False for the infinidat_use_ssl and infinidat_suppress_ssl_warnings options in the driver section of manila.conf to enable or disable these features.
Deployers now can specify
[glance]endpoint_typeconfiguration option (defaults topublicURLfor backward compatibility) so that Manila uses Glance endpoint other than the public one (see bug 1991396).
Bug 1991776 was fixed within the CephFS driver. The driver no longer emits repeated warnings concerning supported IP versions when using the NFS protocol.
Fix creating from snapshot operation with server limits. If the new share and parent are in the same host, the share server must be resued, so the limits must be ignored. For more details, please refer to launchpad bug #1918845
Some neutron integrations might not have the network type, so the neutron network plugin is fixed by taking that scenario in consideration. Launchpad bug #1987315 for more details.
14.0.0¶
New Features¶
Add support for multiple subnet per availability zone. The multiple configuration can be done either on share server deployment or updating a pre-existent share server.
The new field
network_allocation_update_supportwas added to share server’s model This field defaults toFalse, and all of the already deployed share servers are going to get the default value even if their backend support it. Administrators will be able to update the field value usingmanila-managecommands.The driver will report its support for adding a subnet on a pre-existent share server through
network_allocation_update_support. Also, it will report the support for creating the server with multiple subnets with theshare_server_multiple_subnet_support. The scheduler will filter out backend that does not handle this request during some operations. Example, creating a share with a share network containing multiple subnets, only hosts that support this deployment will be selected.
Share group types can now be filtered with its group_specs.
The Container driver is now able to:
Create shares using share networks that have multiple share network subnets in the same availability zone.
Add more network interfaces into share servers that are already deployed based on the share network subnets within the share network.
Add OnlyHostFilter to manila’s scheduler. This filter needs admin to specify host@backend#pool to “share.scheduler_hints.only_host” in the request payload when creating a manila share. The hint is used only for share creation and not stored as share metadata. For non-admin users the OnlyHostFilter will always be ignored.
Manila now supports a “recycle bin” for shares. End users can soft-delete their shares and have the ability to restore them for a specified interval. This interval defaults to 7 days and is configurable via “soft_deleted_share_retention_time”. After this time has elapsed, soft-deleted shares are automatically cleaned up.
NetApp ONTAP: Add support for multiple subnets per availability zone when in the same network segment. In addition, new share network subnets can now be added to share networks with in-use share servers (that has one or more shares in place).
Added option “scheduler_hints” to share replica create API. For now, the onlyHostFilter will be supported using this option. The filter needs admin to specify host@backend#pool to “share_replica.scheduler_hints.only_host” in the request payload when creating a manila share replica. For non-admin users the onlyHostFilter will always be ignored.
Known Issues¶
User specified scheduler hints such as “same_host” and “different_host” are stored as share metadata with keys such as “__affinity_same_host” and “__affinity_different_host” respectively. These can be manipulated or deleted by end users like all metadata unless prevented by RBAC policy. In a future release, the service will restrict the deletion or manipulation of these specific metadata items.
Upgrade Notes¶
The option
service_instance_name_templatewill start being honored by the Generic driver, so review your configuration and revert to the default if you don’t want it to be taken into account.
To add OnlyHostFilter to an active deployment, its reference must be enabled in manila.conf.
The share entity now contains two new fields:
is_soft_deletedandscheduled_to_be_deleted_at. Theis_soft_deletedwill be used to identify shares in the recycle bin.. Thescheduled_to_be_deleted_atfield to show when the share will be deleted automatically. A new parameter calledis_soft_deletedwas added to the share list API, and users will be able to query shares and filter out the ones that are currently in the recycle bin.
Deprecation Notes¶
Remove ‘share_network_subnet_id’ attribute from share server view and add ‘share_network_subnet_ids’ starting with microversion ‘2.70’. The share server has a list of subnets.
The
[neutron] url_timeoutoption and the[neutron] auth_strategyoption have been deprecated and will be removed in a future release. These two options have had no effect since 2.0.0 .
Security Issues¶
Privsep transitions. Manila is transitioning from using the older style rootwrap privilege escalation path to the new style Oslo privsep path. This should improve performance and security of Manila in the long term.
Bug Fixes¶
User specified scheduler hints such as “affinity_same_host” and “affinity_different_host” are stored as share metadata. These are stored as admin-only metadata keys that cannot be deleted or manipulated by nonadmin users.
Fixed an issue during snapshot creation where a database error was being mishandled with dead code. See Launchpad bug 1475351 for more details.
Fixed a manila issue while updating quotas. Now manila requires at least a quota value to be updated.
When a quota value greater than 2147483647 is set, the error message “ERROR: Invalid input received:Quota limit should not exceed 2147483647. (HTTP 400)” is communicated to the user.
NetApp OnTap driver Bug #1915237: Fixed encryption compatibility check on manila share migrate.
Non-disruptive share migration will no longer choose a different destination server even if limits of shares or gigabytes were exceeded in the source. For more details, please see bug #1920942.
Fixed an issue with ONTAP AFF platforms while creating shares that forced volumes to have efficient data saving even when the contrary was specified. For more details, please refer to launchpad bug #1929421
Changes the list of security services required for CIFS share creation when the NetApp driver is being used. For more details, please refer to launchpad bug #1942124
NetApp cDOT driver Custom port configuration using
netapp_server_portwas accidentally ignored after a refactor. This option should now be properly read. See Launchpad bug 1945365 for more details.
The
service_instance_name_templateoption was not being taken into account by the Generic driver, this issue is now addressed. See bug #1945463 for more information.
Bug #1946990: Fix the ignored
[neutron] urloption. Now the parameter overrides the endpoint url which Manila uses to access Neutron API.
When
cephfs_ganesha_server_ipis not set, the current hostname is used as a default for such config option. The driver was treating this value as an IP address and trying to perform validations on it. The CEPH NFS driver will no longer treat hostnames as ip addresses and try to validate them as such.
