We joyfully announce the release of: manila 11.1.0: Shared Storage for OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/manila Download the package from: https://tarballs.openstack.org/manila/ Please report issues through: https://bugs.launchpad.net/manila/+bugs For more details, please see below. 11.1.0 ^^^^^^ Upgrade Notes ************* * Added a new config option *netapp_ssl_cert_path* for NetApp driver. This option enables the user to choose the directory with certificates of trusted CA or the CA bundle. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla's carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates. Security Issues *************** * An RBAC policy check has been enforced against the GET /share- access-rules API to ensure that users are permitted to access the share that the access rule belongs to. See bug 1917417 (https://launchpad.net/bugs/1917417) for more details. Bug Fixes ********* * Fixed an issue on ONTAP NetApp driver that was forcing the location of CA certificates for SSL verification during HTTPS requests. It adds the *netapp_ssl_cert_path* configuration, enabling the user to choose the directory with certificates of trusted CA or the CA bundle. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla's carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates. Please refer to the Launchpad bug #1900191 (https://bugs.launchpad.net/manila/+bug/1900191) for more details. * An issue with RPC handling on service restart was addressed by ensuring proper initialization before creating the RPC consumer. See bug 1271568 (https://bugs.launchpad.net/manila/+bug/1271568) for more details. * A bug with storage protocol filtering in the scheduler has been fixed. See bug (https://launchpad.net/bugs/1783736) for more details. * Fixed bug #1883506 (https://bugs.launchpad.net/manila/+bug/18835060) that caused a quota error when delete or unmanage a share that failed to manage. * New user messages now alert users of possible remediations during access rule creation errors with CephFS shares. This includes hints to users to not use cephx client users that are prohibited by CephFS or the share driver. See CVE-2020-27781 (https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2020-27781) and bug #1904015 <https://launchpad.net/bugs/1904015>`_ for more details. * Fixed a bug that if extend a volume after shrink it under generic driver, it may have a wrong real size. Please see Launchpad bug #1909951 (https://bugs.launchpad.net/manila/+bug/1909951) for more details. * Resizing 0.0.0.0/24 accessible NFS shares with generic driver * The scheduler stats resource APIs (/scheduler-stats/pools and /scheduler-stats/pools/detail) have been fixed to not return an arbitrary traceback in the error message body to the caller when access to the resource has been denied. * Authentication errors when loading service clients of OpenStack Compute (nova), OpenStack Image (glance), OpenStack Volume (cinder) and OpenStack Networking (neutron) services are now handled in a better manner. * Fixed bug #1922075 (https://bugs.launchpad.net/manila/+bug/1922075) Fixed the problem that "gluster volume set nfs.rpc-auth-reject '*'" failed when the glusterfs driver created an instance from a snapshot. * Fixed NotFound error in share replica periodic tasks. It could happen that the parent share of the replica that was being worked on had already been deleted. * Corrected an error message for attempts to create snapshots from shares that do not support this operation. The message said that the share backend has no such support but that is not always true. The original share for the snapshot does not support snapshots because it was created with a share type without the "snapshot_support" extra-spec set, irrespective of whether the back end used can itself support snapshots or not. * Fixed an issue that made migrated shares with replication support to do not have a share instance with its *replica_state* set to active. Now, when the share supports replication, the destination share instance will have its replica state set as active right after the migration gets completed. For more details, please refer to bug 1927060 (https://bugs.launchpad.net/manila/+bug/1927060) * Filtering shares by share-type "extra_specs" as key=value now returns the expected output. * The Infinidat driver's been fixed to process single IP Addresses (/32) correctly. See bug 1934345 (https://launchpad.net/bugs/1934345) for more details. * NetApp driver: fixed an issue with the ONTAP 9.8 and older, for scoped account users, where the operation of deleting a replica was not working, but returned a message of success. For more details, please refer to launchpad bug #1934889 (https://bugs.launchpad.net/manila/+bug/1934889) * New user message now alerts users when attempting to create a new share without identifying a share type, either through request body or by setting a default share type. See bug #1870280 (https://bugs.launchpad.net/manila/+bug/1870280) for more details. Changes in manila 11.0.1..11.1.0 -------------------------------- faec95de Add missing share-type user message 4f45cd00 handle replica state on migration complete 4e7bf1c3 [NetApp] Fixed scoped account replica delete 7e91df69 Add missing [oslo_reports] options 857d01d2 Add missing oslo.service options 5187f246 Use oslo-config-generator conf to load options from libraries 9b19b17e Handle service client authorization errors d3481f5c init_host should be called before RPC consumer is created 21d5b1b2 Filter shares by share type "extra_specs" 90241eb4 fixes availability zone filter when creating a share from snapshot 28f6e02d TrivialFix: Fix the filter name in config helper 783c0777 Fix ipaddress issues in the infinidat driver 21102351 Update IRC references 1ae67eb0 Reuse _set_instances_share_data for replicas. fa9ac6d7 Fix api error message for snapshot creation failure 19767c4f fix unmange share with manage_error status will lead to quota error a04e1319 [Glusterfs] Fix create share from snapshot failed 32db6382 [stable/victoria-only] Set max api version via plugin.sh 177ce7e9 Fix traceback in scheduler-stats API 06d380c2 Filter storage protocol in the scheduler 1286806e Fix generic share resize with 0.0.0.0/24 access 3b372323 RBAC tightening for share access rule 8f969689 [Native CephFS] Add messages for async ACL ops 57edaada [NetApp] Fix hard-coded CA cert path for SSL a0f11f88 Always use new_size when extend Diffstat (except docs and test files) ------------------------------------- contrib/ci/post_test_hook.sh | 17 --- devstack/plugin.sh | 4 + etc/oslo-config-generator/manila.conf | 13 ++- manila/api/v1/scheduler_stats.py | 8 +- manila/api/v1/share_snapshots.py | 4 +- manila/api/v1/shares.py | 11 +- manila/common/client_auth.py | 5 +- manila/common/constants.py | 1 + manila/compute/nova.py | 4 +- manila/db/sqlalchemy/api.py | 26 ++--- manila/exception.py | 4 + manila/image/glance.py | 5 +- manila/manager.py | 14 ++- manila/message/message_field.py | 80 +++++++++------ manila/network/neutron/api.py | 4 +- manila/opts.py | 11 -- manila/scheduler/drivers/filter.py | 34 ++++-- manila/scheduler/filters/capabilities.py | 3 - manila/scheduler/manager.py | 11 +- manila/service.py | 4 +- manila/share/api.py | 14 ++- manila/share/drivers/cephfs/driver.py | 66 ++++++++++-- manila/share/drivers/generic.py | 2 +- manila/share/drivers/glusterfs/layout_volume.py | 33 +++++- manila/share/drivers/helpers.py | 5 +- manila/share/drivers/infinidat/infinibox.py | 2 +- .../share/drivers/netapp/dataontap/client/api.py | 11 +- .../drivers/netapp/dataontap/client/client_base.py | 1 + .../netapp/dataontap/client/client_cmode.py | 57 +++++++---- .../netapp/dataontap/cluster_mode/data_motion.py | 1 + .../netapp/dataontap/cluster_mode/lib_base.py | 1 + manila/share/drivers/netapp/options.py | 10 +- manila/share/manager.py | 94 +++++++++-------- .../share/drivers/glusterfs/test_layout_volume.py | 13 +-- .../share/drivers/netapp/dataontap/client/fakes.py | 1 + .../netapp/dataontap/client/test_client_cmode.py | 60 +++++++---- .../dataontap/cluster_mode/test_data_motion.py | 7 +- manila/volume/cinder.py | 4 +- ...-fix-ssl-cert-path-option-35354c9b7a9c37e6.yaml | 20 ++++ ...ix-rpc-init-host-with-rpc-6e76afa553b4f2af.yaml | 6 ++ ...he-capabilities-scheduler-d8391183335def9f.yaml | 5 + ...-will-lead-to-quota-error-085fd3b7d15ae109.yaml | 6 ++ ...1-cephx-asynchronous-msgs-6a683076a1fb5a54.yaml | 9 ++ ...ix-extend-have-wrong-size-7938eaa6591bd2ad.yaml | 7 ++ ...ze-share-world-accessable-b444d88b67b05af0.yaml | 4 + ...eck-on-share-access-rules-efdddaf9e6f68fdf.yaml | 7 ++ ...-user-if-action-forbidden-0da51825756fd5fc.yaml | 7 ++ ...t-unauthorized-exceptions-b2ebc08a072f7e12.yaml | 6 ++ ...hare-from-snapshot-failed-053a583522a6fc0e.yaml | 6 ++ ...ound-replica-parent-share-d8e50659c02b941a.yaml | 5 + ...hot-support-api-error-msg-eaf5fd2b1df97d15.yaml | 10 ++ ...ate-on-migration-complete-4fb4d8ba59b58505.yaml | 9 ++ ...ing-shares-by-extra-specs-b79235301306bcf2.yaml | 5 + ...paddress-hosts-invocation-80d419d7e62a5f51.yaml | 6 ++ ...delete-for-scoped-account-8fa193c0424af9b1.yaml | 7 ++ ...0-share-type-user-message-902275047410bdbf.yaml | 7 ++ 75 files changed, 858 insertions(+), 297 deletions(-)