Zed Series Release Notes

15.1.0-1

Bug Fixes

  • When deploying Manila CephFS NFS with cephadm, the manila share service fails to start with the error “Backend cephfsnfs supports neither IPv4 nor IPv6”. This happens because the NFS Ganesha daemon fails to start for some reason, and therefore the driver never gets the location of the NFS Ganesha service that will be used as the backend. We rely on the operator to make sure the CephFS NFS cluster is available when initializing the driver. With this fix in place, we raise an exception to explicitly notify the operator and allow them to take further action.

15.1.0

Bug Fixes

  • The GET /shares/{share_id} API now responds with HTTP 404 (Not Found) for inaccessible resources. See bug 1901210 for further information.

  • The CephFS NFS driver, specifically the NFSProtocolHelper implementation, was passing a wrong param to the Ceph backend and this was preventing users to add and deny access to the created shares. With this fix, users of the CephFS NFS NFSProtocolHelper can normally create and remove access to their shares.

  • Deployers now can specify [glance]endpoint_type configuration option (defaults to publicURL for backward compatibility) so that Manila uses Glance endpoint other than the public one (see bug 1991396).

  • Bug 1991776 was fixed within the CephFS driver. The driver no longer emits repeated warnings concerning supported IP versions when using the NFS protocol.

  • Some neutron integrations might not have the network type, so the neutron network plugin is fixed by taking that scenario in consideration. Launchpad bug #1987315 for more details.

15.0.0

Prelude

RBAC defaults of all Shared File System service (manila) APIs have been updated to remove “system” scope personas. This is being done in concert with other OpenStack services, and in reaction to operator feedback that the use of system “scope” introduces backwards incompatibility in existing workflows. The new defaults support the use of “scope”, however, no RBAC rule by default includes “system” scope. At this time, we do not recommend the use of system scoped personas to interact with the Shared File Systems service (manila) APIs since it is largely un-tested. “reader” role from the OpenStack Identity service (keystone) is fully supported with this release. Currently, these new “defaults” are available as “opt-in” only to prevent breaking existing deployments. To enforce default RBAC rules, set [oslo_policy]/enforce_new_defaults to True in your deployment. This option will be set to True by default in a future release. See the OpenStack TC Secure RBAC goal for more information regarding these changes.

New Features

  • Adds snapshot metadata capabilities inlcuding, create, update all, update single, show, and delete metadata. Snapshots may be filtered using metadata keys. Snapshot metadata is available to admin and nonadmin users.

  • ‘reserved_share_extend_percentage’ backend config option allows Manila to consider different reservation percentage for share extend operation. This distinct option is useful if operators want to prevent provisioning of new shares but allow extensions of existing shares on storage pools beyond their reserved space.

  • Added Manila driver for Macrosan storage system.

  • NetApp driver now considers last-transfer-size and last-transfer-error fields of the snapmirror in addition to existing last-transfer-end-timestamp to decide whether replica is in_sync or out_of_sync. Added new config option netapp_snapmirror_last_transfer_size_limit (default 1MB). If value of last-transfer-size field is greater than config value or if last-transfer-error field is present, then replica is out_of_sync.

  • If user is configuring ‘Servers’ in AD Server in the security service then, for NetApp ONTAP, the discovery mode should be changed to ‘none’. Value of ‘none’ indicates that domain controller discovery will not be done, and it will depend only on preferred DC’s configured.

  • NFSClusterProtocolHelper has been added to allow users to consume to export CephFS shares over a clustered NFS gateway. This presents many advantages, since the operator no longer needs to maintain their own instances of NFS Ganesha apart of the Ceph cluster. For this, we now communicate with ceph mgr using the nfs plugin. Read more about this plugin in https://docs.ceph.com/en/latest/cephfs/nfs/

Upgrade Notes

  • When using scheduler filters during share extend, only few filters are necessary. To provide those configurable list of filters for share extend, added new option scheduler_default_extend_filters.

  • Python 3.6 & 3.7 support has been dropped. The minimum version of Python now supported is Python 3.8.

  • The CephFS driver now supports a new configuration option: * cephfs_nfs_cluster_id (string option): name of the nfs cluster to use. This option can be used to specify which NFS cluster to use.

Deprecation Notes

  • The [DEFAULT] use_forwarded_for parameter has been deprecated. Instead of using this parameter, add the HTTPProxyToWSGI middleware to api pipelines, and [oslo_middleware] enable_proxy_headers_parsing = True to manila.conf.

Security Issues

  • The SSH utility module no longer logs usernames and passwords as debug information.

Bug Fixes

  • In order to let user know when was the last time share instance updated, a field updated_at is added in the response of share instance show API.

  • Decoupled the RBAC share:get_all_security_services from context_is_admin, potentially allowing the use of the all_tenants query by non-administrators.

  • Adds a check when associating a security service to a share network, so that both resources must have the same project_id. If not, HTTP Bad Request is raised.

  • Fixed an issue that caused Manila to return all projects’ share replicas even when the user was not an administrator. Now, when the user is not an administrator, only the replicas in the project perspective are going to be displayed. For more details, please refer to Launchpad Bug #1922243

  • Bug #1925486 Share replica create API does not support share network option and uses parent share’s share network. Fixed it to allow any share network by providing option share-network. Added in API microversion starting with ‘2.72’.

  • Fix the bug of TypeError with JsonFilter. If the scheduler_hints value is None, the TypeError exception may occur when creating share with JsonFilter. The TypeError exception is added to solve this problem.

  • Bug #1964696: Fix calling the GaneshaNASHelper update_access method from the gluster GaneshaNFSHelper with the wrong signature.

  • Fixes regression for show_metadata and the response dictionary. The correct response is: {meta: {‘key’: ‘value}}.

  • The CephFS driver no longer fails to delete access rules that were never applied or were missing from the back end storage. See LP #1971530 for more details.

  • During share network create API, if either share network or share network subnet db creation fails, manila raises an exception. However quota is not rolled back and its usable only after quota reservations timed out (waiting conf.reservation_expire seconds). Fixed by introducing immediate quota rollback in case any db create api fails.

  • Goodness_function expects integer or float else raise parseException. This causes example such as “(share.share_proto == ‘CIFS’) ? 100 : 50” to fail during evaluation. Fix it by adding support of string evalution.

  • Drivers using DHSS True mode has the server creation phase. This phase tries to reuse one of available share servers, however, the Manila code is considering all share servers states as available, rather than considering only the active or creating ones. Now, only the correct share servers are passed to drivers as available to be reused.

  • Bug #1983125: Fixed the remaining reference to a deprecated quota option in code, which was causing a warning message.

  • Infinidat Driver bug #1986653: Fixed Infinidat driver to use TLS/SSL communication between the Manila share service and the storage backend. Admin can set True or False for the infinidat_use_ssl and infinidat_suppress_ssl_warnings options in the driver section of manila.conf to enable or disable these features.

  • default route for service subnet wouldn’t be created if connect_share_server_to_tenant_network is on

  • Fix creating from snapshot operation with server limits. If the new share and parent are in the same host, the share server must be resued, so the limits must be ignored. For more details, please refer to launchpad bug #1918845

  • Sometimes NetApp API call fails due to name resolution(DNS) issue. In such case, a client will now make 5 retries on connect and 2 on read calls. Also, the connection retry will be visible in the log. For more details, please refer to launchpad bug #1971542

Other Notes

  • Pure Storage FlashBlade driver - Version number incremented for tracking purposes.

  • Since the CephFS driver is now capable of using ceph manager commands to manage NFS exports, we would like to deprecate and remove support for managing exports with the help of DBUS in a future release. Please use cephadm deployed NFS ganesha clusters in greenfield deployments with OpenStack Manila and refrain from using a standalone non-clustered nfs-ganesha service with this driver. As this solution is hardened for HA within Ceph, we expect to provide code to help migrate existing nfs-ganesha exports to the nfs-ganesha clusters in a future release.