This new feature gives the user the ability to allow and
deny access to the snapshots, so that they could be mounted in
read-only mode to retrieve files.
APIImpact
DocImpact
Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@fit-tecnologia.org.br>
Co-Authored-By: Alyson Rosa <alyson.rosa@fit-tecnologia.org.br>
Co-Authored-By: Miriam Yumi <miriam.peixoto@fit-tecnologia.org.br>
Partially-implements: blueprint manila-mountable-snapshots
Change-Id: I65f398a05f82eef31ec317d70dfa101483b44b30
Remove the experimental consistency group APIs and
replace them with the experimental Share Group APIs.
DocImpact
APIImpact
Partially-implements-blueprint: manila-share-groups
Change-Id: I79a80a62ae4e0015d6161edc2b93fd1f9ba69537
This commit adds the ability for Manila to revert a
share to the latest available snapshot.
The feature is implemented in the LVM driver, for
testing purposes.
APIImpact
DocImpact
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
Co-Authored-By: Andrew Kerr <andrew.kerr@netapp.com>
Implements: blueprint manila-share-revert-to-snapshot
Change-Id: Id497e13070e0003db2db951526a52de6c2182cca
Added support for manage/unmanage in GPFS NFS driver.
This patch added functions that allow share on Spectrum Scale
node to be managed by OpenStack if existing fileset is an
independent fileset and doesn't have any NFS export
over the fileset path. Also, share can be unmanaged from
OpenStack but still left in Spectrum Scale cluster.
Implements: blueprint gpfs-manage-support
Change-Id: I9134408b59c30ac4bc593f287294741f6e996136
Reportedly [1], the kernel-nfs-server has a bug where we have overlap of
filesystem identifiers using LVM volumes and their snapshots.
We face this bug in manila LVM driver and Generic driver when we use
cinder LVM driver. So, fix it generating unique UUID for all
snapshots (only for LVM, because we cannot do it in Generic driver
while we do not have "mount-snapshot" feature support there) and
child volumes that will be exported as child shares.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1071733
Change-Id: Ib93bfb0d4184da1e70ecece6fde6931e44d05a30
Closes-Bug: #1645751
Add support of share migration feature to ZFsonLinux driver.
Implements BP zfsonlinux-share-migration
Change-Id: If9e1fec9a6d4f96d2bb5c176c6249fafc7e3e891
At Austin 2016 summit there were several improvements to
Share migration feature discussed. This patch implements
these changes.
Changes are:
- Added 'Writable' API parameter: user chooses whether share must
remain writable during migration.
- Added 'Preserve Metadata' API parameter: user chooses whether
share must preserve all file metadata on migration.
- Added 'Non-disruptive' API parameter: user chooses whether
migration of share must be performed non-disruptively.
- Removed existing 'Notify', thus removing 1-phase migration
possibility.
- Renamed existing 'Force Host Copy' parameter to 'Force
Host-assisted Migration'.
- Renamed all 'migration_info' and 'migration_get_info' entries to
'connection_info' and 'connection_get_info'.
- Updated driver interfaces with the new API parameters, drivers
must respect them.
- Changed share/api => scheduler RPCAPI back to asynchronous.
- Added optional SHA-256 validation to perform additional check if
bytes were corrupted during copying.
- Added mount options configuration to Data Service so CIFS shares
can be mounted.
- Driver may override _get_access_mapping if supports a different
access_type/protocol combination than what is defined by default.
- Added CIFS share protocol support and 'user' access type
support to Data Service.
- Reset Task State API now allows task_state to be unset using
'None' value.
- Added possibility to change share-network when migrating a share.
- Bumped microversion to 2.22.
- Removed support of all previous versions of Share Migration APIs.
APIImpact
DocImpact
Implements: blueprint newton-migration-improvements
Change-Id: Ief49a46c86ed3c22d3b31021aff86a9ce0ecbe3b
This driver exploits a Docker container as a share server instead
of a virtual machine. The container acts as a CIFS server
and shares logical volume attached to it. The volume gets created
simultaneously to the container on a host in a volume group
specified by the user.
DocImpact
Change-Id: I711813a2022d765ab7a70ed670e34f68f9cf1399
Implements: blueprint manila-container-driver
Spectrum Scale supports NFS ganesha through CES protocol services. This
change replaces the current NFS ganesha support with the Spectrum Scale
CES infrastructure.
Implements: blueprint gpfs-ces-support
Change-Id: I8eb307c19761788ea71c15c889794f8b5f110253
The ssl middleware from oslo.middleware is deprecated in favor of
http_proxy_to_wsgi, which is used by nova, cinder, glance and several
other services.
Change-Id: Id33a0f7eeb8ced77d09f9edd6b1d65697d8bcfe7
Rather complex logic was added to ZFS driver to cope with
mount-namespace-related problems caused by neutron. A better
solution is to ensure mounts (and unmount) propagate to
namespaces.
Closes-Bug: 1552552
Change-Id: Id952cb110c0187021a46ed5de02308b10ddf1239
Nova [1], Neutron [2,3] and Cinder's [4] rootwrap exec dirs include
/usr/local/{sbin,bin} which are a standardised locations for admins to
install non-distro executables, and these executables are no less
"trustworthy" than /usr/bin and friends. See Neutron and Cinder's
rootwrap.conf (and probably others), and typical distro default values
for sudoers/secure_path for extremely similar precedents that all
include /usr/local/*bin.
Brief discussion of doing this via devstack available at [5].
Also, remove absolute paths from existing filters
to make this fix useful.
[1] I6a0a4b7f952193ce0f4ed2594613188854d36bf1
[2] Ib3646933744ca6b20ecd5ad0cedcedb4f1fa5f12
[3] Id7aebb50e60b1cc64c113be63c599387be5f1765
[4] I577e10df25181c7d4ca8189b10640a8e6e39b047
[5] I710cf142b834381c00e651cfc062299ae755c33f
Change-Id: Ie7177778a247a687ced846bb11030cb72344c93f
Closes-Bug: #1551956
The default values needed for manila's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to the default initialization procedure. This ensures
that if a value remains unset in the configuration file, it will
fallback to using sane defaults. It also ensures that an operator
modifying the configuration will be presented with that same
set of defaults.
Change-Id: Ie4adc39866a4ee6132eab6a111660218b3e6e5bd
Closes-Bug: #1551836
Removed functionality of Share Migration relying on Manila Share
Service node, moved code to Data Service node for copy phase.
Added parameter 'notify' and share/api methods for future
implementation (see dependent patches).
Added new copy operation statuses, in order to implement future
API calls to obtain progress and cancel migration.
Added possibility of 2-phase migration for driver migration and
generic (fallback) migration.
Added admin export location support and removed approach of
replacing IP with config parameter.
Added Admin-only API entry points to:
- Migration Cancel (only during copying)
- Reset Task State field
- Migration Get Progress (only during copying)
- Migration Complete (2nd phase migration)
- Notify parameter on Migrate Share
APIImpact
DocImpact
Implements: blueprint data-service-migration
Change-Id: I1d65aac2f36942cd70eb214be561d59a15a4ba26
This driver exploits a container as a share server instead
of a virtual machine. The container acts as a NFS/CIFS server
and shares logical volume attached to it. The volume gets created
simultaneously to the container on a host in a volume group
specified by the user. Currently NFS is limited to v3 since the
only userspace NFS server that works in a container out of the box
seems to be unfs3. Later it will be replaced with nfs-ganesha.
Co-Authored-By: Alexey Ovchinnikov <aovchinnikov@mirantis.com>
Implements: blueprint lxc-driver
Depends-On: Ib1896997f2e7a505b5bf8ec0c9e5ee35942f79a6
Change-Id: Iea73bd34b94919d77ebe17cf054dde1f580384be
Add support for ZFS (on Linux) filesystem.
Following features are supported:
- Create/delete share
- Create/delete snapshot
- Create share from snapshot
- Extend/shrink share
- Update NFS IP-based access rules using new interface.
(SMB support planned for future).
- create/delete/update/promote share replica
ZFS-related notes:
- Any amount of ZFS zpools can be used by share driver.
- Allowed to configure default options for ZFS datasets that are used
for share creation.
- Any amount of nested datasets is allowed to be used.
- All share replicas are read-only.
- All share replicas are synched periodically, not continuously.
So, status 'in_sync' means latest sync was successful.
Time range between syncs equals to value of
config global opt 'replica_state_update_interval'.
Driver-related notes:
- Able to use remote ZFSonLinux storage as well as local.
Other made changes:
- updated driver private data DB methods removing filtering by host
as redundant operation. Replication requires some common metadata
storage and filtering by host breaks it. It is safe to do so, because
if driver gets some ID of entity then it is allowed to read its info
too.
Implements bp zfsonlinux-driver
DocImpact
Change-Id: I3ddd3767184e4843037de0ac75ff18dce709b6dc
Having a driver in the top level of the drivers
directory was against source tree placement
conventions. It was especially weird because
all other GlusterFS related code lived in
a dedicated subdirectory.
Partially implements bp gluster-code-cleanup
Change-Id: I52d717ab6396454c2e7a9b62aa00ea443b26d5cc
Add APIs to support manage and unmanage share snapshots.
Also add support in the Generic driver.
This only supports for DHSS=False driver mode.
Add provider_location column to the share_snapshots table
to save data used to identify the snapshot on the backend.
Also need to bump microversion.
APIImpact
DocImpact
Change-Id: I87a066173c85d969607d132accd9f0e9bd49c235
Implements: blueprint manage-unmanage-snapshot
The LVM driver was using sudo for one command instead
of proper rootwrap usage. This caused failures when the
user running manila-share didn't have passwordless sudo
access.
Depends-On: Ib1896997f2e7a505b5bf8ec0c9e5ee35942f79a6
Change-Id: I48ea946c2b8de2ebf0e067ef4829b81cabd1464f
Closes-Bug: 1550121
Add admin-only /share-replicas/replica-id/action APIs:
+---------------------+----------------------------------------+
| reset_state | To reset the 'status' attribute of |
| | a replica |
+---------------------+----------------------------------------+
| reset_replica_state | To reset the 'replica_state' attribute |
| | of a replica. |
+---------------------+----------------------------------------+
| force_delete | To delete from the DB and attempt |
| | to remove it from the backend. |
+---------------------+----------------------------------------+
| resync | To attempt update of a replica |
+---------------------+----------------------------------------+
Modify the driver interface for create_replica, delete_replica
and update_replica to hand down more information to the driver
during replica operations.
Implements bp: share-replication-admin-actions
APIImpact
DocImpact
Change-Id: I1352f112f3627af4424eb2e3be428b1d13c1d2d5
This patch provides the scheduler support to filter share
backends matching replication capabilities reported by the
hosts and the replication_type extra_spec provided via the
share_type during share creation.
It also adds wsgi routes, API endpoints and driver entry
routines to support the actions: list, show, create, delete
and promote share replicas. It augments the ShareInstance
DB model with a 'replica_state' attribute and the Share DB
Model with 'replication_type' attribute to support these
workflows.
Replica states are periodically updated from the respective
backends that the replicas are created on.
APIImpact
Impact on existing APIs:
In Microversion 2.11, the /shares APIs return 2 additional
fields during index and show calls for each share: 'has_replicas'
and 'replication_type'. Similarly, the field 'replica_state' is
added to the API response for /share-instances.
Also, deletion of a share that has replicas is forbidden,
returning error code 403.
DocImpact
Co-Authored-By: Alex Meade <mr.alex.meade@gmail.com>
Implements: blueprint manila-share-replication
Change-Id: I10515d55b1291c34777a31d8c6a3a1954f551235
CORS middleware's latent configuration feature, new in 3.0.0,
allows adding headers that apply to all valid origins.
This patch adds headers commonly used in openstack to manila's
paste pipeline, so that operators do not have to be aware of
additional configuration magic to ensure that browsers can talk
to the API.
For more information:
http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy
Change-Id: I7d60cade04f2c9f3ed4517ab26c6151ff25c9531
Reuse code of old LVM share driver.
LVM Driver is 1st party Manila driver with NFS and CIFS support
and no share server support.
LVM Driver doesn't rely on Neutron, Nova, or Cinder. As such, it
is ideal for testing purposes and, after a period of maturation,
it should be useful in production environments.
Move generic driver's helpers to manila/share/drivers/helpers.py
and reuse them in LVM driver.
Implement 'ro' access, user access, extend_share function for
LVM driver.
Implements bp lvm-driver
Change-Id: Ia46c51ed400dbb0f1d87a758fb165ca711ed3d7c
Some upcoming features require more than one export location and
possibility to mark them with specific labels like fast/slow or
rw/ro.
So, implement 'export locations metadata' feature:
- It allows to set any key-value pairs for each export location.
- These key-value pairs can be set only by share manager using
response from various share driver methods.
- Example of update is implemented using Generic driver
"create_instance" method.
- Metadata can be updated for any export location in any place
of share manager where db function "share_export_locations_update"
is called.
- Keys from export location metadata table will be added to 'share' and
'share instances' views as export location attributes.
Also:
- Add new attr 'is_admin_only' for existing export locations model.
If set to True, then only admins will be able to see them. Unless
policy is changed.
- Add APIs for reading export locations by share and share instance IDs.
- Remove 'export_location' and 'export_locations' attrs
from 'share' and 'share instance' views.
- Bump microversion as new APIs implemented.
APIImpact
Implements bp export-location-metadata
Change-Id: I36d1aa8d9302e097ffb08d239cf7a81101d2c1cb
After port of extensions to core API we need to rename their URLs.
So, rename URLs and bump microversion for it.
Make new URLs work only with new microversion(s) 2.7+
and old with old microversions 1.0-2.6.
Add separate API router for v2 API as now we should split v1 and v2
logic.
Also, move updated APIs under v2 directory that will be used by both
API routers - v1 and v2.
List of updated collections is following:
- os-availability-zone -> availability-zones
- os-services -> services
- os-quota-sets -> quota-sets
- os-quota-class-sets -> quota-class-sets
- os-share-manage -> shares/manage
- os-share-unmanage -> shares/%s/action
List of updated member actions is following:
- os-share-unmanage/%(share_id)s/unmanage -> shares/%(share_id)s/action
- types/%(id)s/os-share-type-access -> types/%(id)s/share_type_access
List of updated action names is following:
- os-access_allow -> access_allow
- os-access_deny -> access_deny
- os-access_list -> access_list
- os-reset_status -> reset_status
- os-force_delete -> force_delete
- os-migrate_share -> migrate_share
- os-extend -> extend
- os-shrink -> shrink
List of updated attribute names is following:
- os-share-type-access -> share-type-access
Partially implements bp ext-to-core
Change-Id: I82f00114db985b4b3bf4db0a64191559508ac600
Almost every API method written in Manila performs
a policy check against relevant policies in etc/policy.json.
A method - authorize() was introduced in
manila/api/openstack/wsgi.py
in commit e4428f5e6c
to perform these policy checks.
This patch refactors the authorize() method as a decorator
for consistency and easy usage in APIs that choose to
implement the policy check prior to any core logic.
Prior unit tests are modified for the APIs impacted through
this change.
The Cgsnapshots controller's policies are corrected for
name consistency without impacting behavior.
Change-Id: Ib34e166ab65513f8f02215c6569175fc9a913244
Closes-Bug: #1515397
Changes:
- Register share type APIs as core API.
- Remove extensions code for share types.
- Leave rename of API 'post' data for future update which
will be done with bump of microversion
after port of all extensions to core API.
Partially implements bp ext-to-core
Change-Id: I334cc0fa8e69c2f9b5226f247149a0b9b748dd60
Changes:
- Register admin actions API as core API.
- Remove extension code for admin actions.
- Leave rename of admin actions API 'post' data for future update which
will be done with bump of microversion
after port of all extensions to core API.
Partially implements bp ext-to-core
Closes-Bug: #1510620
Change-Id: Ic8804cff5fa46003d2991372c6eb2a854b886dec
This adds the CORS support middleware to Manila, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.
For Manila, the paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate error responses
created by other middlewares. If one such middleware throws an
error - such as an auth error from keystone - that error response
must still have CORS headers in order to be readable by the
user agent.
OpenStack CrossProject Spec:
http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
Change-Id: I9d4b6d0eb380da3eae3867fcebe30fdd5824978d
Changes:
- Register quota and quota class sets API as core API using old links.
- Remove extensions code for quota and quota class sets.
- Leave rename of API urls for future update which will be done with
bump of microversion after port of all extensions to core API.
Partially implements bp ext-to-core
Change-Id: I642e6dc78fd908a4850afc61505dcf34d330acca
Changes:
- Register services API as core API using old link.
- Remove extension code for services.
- Leave rename of API url for future update which will be done with
bump of microversion after port of all extensions to core API.
Partially implements bp ext-to-core
Change-Id: I06005e8339f16c404d3f1ff9917480603801d44f
Changes:
- Register manage/unmanage API extension as core API using old links.
- Remove extensions code.
- Leave rename of API urls for future update which will be done with
bump of microversion after port of all extensions to core API.
Partially implements bp ext-to-core
Change-Id: I773398f13f4b3e4637599cb482a5a2c189958656
Changes:
- Register availability zones API as core API using old link.
- Remove extension code for availability zones.
- Leave rename of API url for future update which will be done with
bump of microversion after port of all extensions to core API.
Partially implements bp ext-to-core
Change-Id: Ifc75ef2d16121634ad12e5e12960c928e4d24b90
Adding GPFS driver back as the third party CI system
for GPFS driver is up and running.
This is a revert of commit 720ec90445
Change-Id: I86f9b7da21716346f96bae3ce30446589e4c4c37
manila.openstack.common.log.LegacyFormatter no longer exists.
This change removes it from logging_sample.conf.
Change-Id: I67daa0e11458272c0a67bd0754c00902d36e27ef
Closes-Bug: #1499263