Add file to the reno documentation build to show release notes for
stable/wallaby.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.
Sem-Ver: feature
Change-Id: I49803f627c4c580b41e7408b2b7e0452f3758831
This policy governs manila APIs that are meant to
be cross tenant - so it should default to system
scope in the new secure rbac system.
Also reformat the policy.py file so that we are
consistent with using "rules" as we were doing in
the older releases. Rules abstract keystone
concepts such as roles and scopes.
Change-Id: I31b8eb5232a5cd286db18c2b14833c0682574958
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
https://review.opendev.org/768137 fixed
bug #1908963 by adding a timestamp field to
the "update_service_capabilities" rpc API
call to the scheduler service.
It's possible that during an upgrade, the
share service is upgraded before a given
scheduler service, and an updated client
could start sending messages with this
extra data that wasn't expected. Lets
bump the version so that the client
messages are just waiting for an updated
scheduler to show up and consume the
messages rather than raise syntax
errors.
Partial-Bug: #1908963
Change-Id: I0d9fc311ffd296bd6153b7190f8f5c42f494a39d
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This patch is a follow up of [1] to address some comments
added in the review process. It also adds more unit tests to
validate the new code added.
[1] https://review.opendev.org/c/openstack/manila/+/775032
Change-Id: If7b8628fa05200363a129eb19d9dc80fb7e3bc36
Signed-off-by: Douglas Viroel <viroel@gmail.com>
When trying to create a share using a security
service while having insufficient privileges or
providing wrong credentials, manila raises a
generic user message that provides little
information to the end user on what exactly went
wrong.
Added a driver-agnostic exception for when this
happens, accompanied with a user message to
provide more useful information to end users.
Partial-Bug: #1900755
Change-Id: I2b0bc5c0715c225cd5b38b55fb3967ff7fc86fa8
This bugfix [1] modified the totalcount returned by pagination
query when the argument 'limit' was specified. It caused
manila to do not return precise count of shares in a query that
satisfied the conditions.
This bug has been fixed and now manila is returning the precise
values of shares matched in a given query. Also, manila is now
performing filtering actions in the database to have more
performatic results.
[1] https://review.opendev.org/#/c/688542/
Closes-Bug: #1860061
Co-Authored-By: Carlos Eduardo <ces.eduardo98@gmail.com>
Change-Id: I6ddd919bbd5180593cc52bf986912f65a2dab3a7
Adds create share from snapshot functionality to
CephFS drivers.
Depends-On: https://review.opendev.org/c/openstack/manila-tempest-plugin/+/778188
Co-Authored-By: Victoria Martinez de la Cruz <victoria@redhat.com>
Co-Authored-By: Ramana Raja <rraja@redhat.com>
Co-Authored-By: Tom Barron <tpb@dyncloud.net>
DocImpact
Partially-Implements: blueprint create-share-from-snapshot-cephfs
Change-Id: I825ab15af934cb37dfda48ea26ec1af9de8dd293
Use python rados client to talk to the ceph-mgr service.
A python rados client is created by the driver that lasts
during the driver's lifecycle.
The drivers can now work with multiple filesystem clusters.
The filesystem to be used by manila can be specified by the
driver option 'cephfs_filesystem_name'.
The removal of a share will be quicker for the manila user.
The ceph-mgr volumes module moves the share's content to
a trash folder and purges the trash's contents
(`rm -rf` of the backend CephFS subvolume/subtree) aysnchronously,
whereas the ceph_volume_client library moves the share's content
and purges the content synchronously.
Implements: bp update-cephfs-drivers
Co-Authored-By: Victoria Martinez de la Cruz <victoria@redhat.com>
Co-Authored-By: Ramana Raja <rraja@redhat.com>
Co-Authored-By: Tom Barron <tpb@dyncloud.net>
DocImpact
Change-Id: I1f81db1ba7724c0784d87f9cb92bb696f6778806
Oslo policy moved "deprecated_*" parameters to the
DeprecatedRule object in [1] and deprecated it in
DocumentedRuleDefault object. Also bump oslo_policy
to the 3.7.0.
Similar change in neutron: https://review.opendev.org/781561
[1] https://review.opendev.org/766628
Change-Id: I14b215cdcd6458d67622360e4c910b3da1ae9848
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This is a follow up patch for [1] which removes some unused model
properties and add more unit tests to increase coverage.
[1] https://review.opendev.org/c/openstack/manila/+/774728
Change-Id: I10af132203cb07cea62839014925c7e4c99499e4
Signed-off-by: Douglas Viroel <viroel@gmail.com>
when we need to start or restart manila share service, will call
init_host().
and call ensure_driver_resources() in init_host(),
will call self.driver.ensure_shares or self.driver.ensure_share to
update all share instances in that host. Currently, only NetApp and LVM
implement self.driver.ensure_shares, Other manufacturers are using
self.driver.ensure_share.
in large-scale environment, there are lot of share instances in one
host. this will lead to take much time to ensure_share.
so we can put this operation into the thread pool to speed up the
startup of the service.
Closes-Bug: #1909847
Change-Id: I295d0de0958ebfedd89441f1a2c1b447b74693a0
if we failed to manage a share, we don't need to commit the quota usages. so
we should skip quota usages cuts when delete or unmange the share with
status of "error_manage". and the size of error_manage share should be
zero.
Closes-Bug:#1883506
Change-Id: I5c81dd6780890c55c8c6a92491c3f4f507531fdb
Recently, we updated the default check strings
for all API RBAC policies in manila. These policy
changes cause a lot of deprecation warnings in
the logs. In case a deployer never modified their
defaults and accepted service defaults, these
warnings aren't really helpful. If the deployer
did modify the default, these warnings are not
emitted. So we're in a bit of a pickle whether
these are helpful.
Other services [1][2][3] have made the decision
that these deprecated default check string
warnings aren't really helpful and actionable.
Further, any kind of oslo_policy deprecation
warnings aren't helpful during unit tests.
They fill up the logs and cause unnecessary
noise.
[1] openstack/nova: Iaa6baf6877890babb6205bdb3ee2e1a2b28ebd9c
[2] openstack/neutron: Iab3966bad81b469eccf1050f0e0e48b9e2573750
[3] openstack/placement: I2853c7bd7c0afdeeed89ef412fc8830f04381d7b
Change-Id: I08de69312016389f2b4c88f2adbd749dbe4d3261
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Add missing quotes to exportfs command to protect <world> being
interpreted as file redirect
Closes-Bug: #1911695
Change-Id: Ie95a476e9a81c58df998c3f44da137b023b53cc6
The share protocol requested was being
ignored by the scheduler and this would
cause shares to get scheduled to hosts
that don't support the specified protocol.
Change-Id: I2e87264865b645781c481383c039fecbfd7c6eb1
Closes-Bug: #1783736
In order to optimize the NetApp ONTAP driver, this patch is caching
the status of driver pools and reusing for the each share server,
given that the pool is not separated by share server.
The option `netapp_cached_aggregates_status_lifetime` is added
for controlling the time that the cached values is considered
valid.
Closes-Bug: #1900469
Change-Id: I14a059615fc29c7c173c035bb51d39e0bbb8b70a
We were missing a join on the share network
subnets table to be able to affect a lookup
by share network ID.
Change-Id: Id121ba942c7840a7cd7574f08a524fd4dbe06f64
The low datetime precision of created_at, updated_at,
deleted_at fields on MySQL can lead to inconsistent list
of returned items when used with --limit.
Change-Id: I6e4b3a38defc1d916556c7cdddfaaab854432ea1
Closes-Bug: #1859474
if rabbitmq is too much pressure or blockage.scheduler
will not received service capabilities, but once the
message queue(rabbitmq) returns to normal, scheduler
will received many service capabilities, these service
capabilities are acquired by manila share at different
times, so the timestamp of service capabilities shoud
added at share manage layer(before rpc), but not
scheduler layer(after rpc), once scheduler get an newer
service capabilities, there is no need to update an
earlier service capabilities.
Closes-Bug: #1908963
Change-Id: I6ce99ed4451c5d02cb4446861fa59e55a94951a5
This patch implements support for security service updates
for in use share networks. It works with all three security
service types. For 'active_directory' and 'kerberos', the 'domain'
attribute update isn't supported, since it can might affect
user's access to all related shares.
Change-Id: I8556e4e2e05deb9b116eacbd5afe2f7c5d77b44b
Depends-On: I129a794dfd2d179fa2b9a2fed050459d6f00b0de
Depends-On: I5fef50a17bc72ba66a3a9d6f786742bcb5745d7b
Implements: bp netapp-security-service-update
Co-Authored-By: Carlos Eduardo <ces.eduardo98@gmail.com>
Signed-off-by: Douglas Viroel <viroel@gmail.com>
This implementation adds the functionality to add/update security services
to in use share networks using the container driver. The container driver will
also try to setup security services while creating share servers. Currently, the
only supported security service type is LDAP.
Co-Authored-By: Carlos Eduardo <ces.eduardo98@gmail.com>
Partially Implements: bp add-security-service-in-use-share-networks
Depends-On: I129a794dfd2d179fa2b9a2fed050459d6f00b0de
Change-Id: Ifb8b9ebe6eb0661844c794ca1a32e35105652f72
This patch implements the update of security service's association
with in-use share networks. The following changes were added:
- New share network APIs: `share_network_security_service_update`
and `share_network_reset_state`.
- A new `status` attribute was added to share network model to
identify when it's in a modification state, called 'network_change'.
Other supported status that were added: 'active' and 'error'.
- New 'security_service_update_support' property was added to both
share server and share network models, to identify when this resources
are able to process security service update for in-use share networks.
- New driver interface was added to support update of security service's
configuration of a given share server.
DocImpact
APIImpact
Partially Implements: bp add-security-service-in-use-share-networks
Co-Authored-By: Carlos Eduardo <ces.eduardo98@gmail.com>
Co-Authored-By: Douglas Viroel <viroel@gmail.com>
Co-Authored-By: Andre Beltrami <debeltrami@gmail.com>
Change-Id: I129a794dfd2d179fa2b9a2fed050459d6f00b0de
