Commit Graph

137 Commits

Author SHA1 Message Date
Zuul
e450aca33b Merge "Enable healthcheck middleware" 2021-02-08 23:41:57 +00:00
Goutham Pacha Ravi
263d5438f0 Advertise v2 API routes without project_id
Manila APIs have had the requirement to include
project_id in the URLs since the very beginning.
This comes from an old assumption that our APIs
would be differentiated per-tenant on the cloud,
and we would allow different kinds of API endpoints
(public, admin, internal, etc). While it is possible
to set up different endpoints against the API
service, the same and complete API is exposed at
each of these endpoints.

We don't _need_ the project_id information that
we receive in the URL for any of our APIs to
function. We rather authorize tenants by gathering
information from the Identity service (Keystone)
and wrapping that into a RequestContext object
that we then rely on to ensure namespace isolation.

Removing the requirement for "project_id" simplifies
our API endpoint structure in the service catalog
as well as provides a way for system scoped users
to interact with manila without having to declare
their project.

In order to make project_id optional in urls, the
possible values of project_id have to be constrained.
This change introduces a new configuration option
so deployers may control that. This configuration
option defaults to accepting UUIDs with and without
dashes.

Since manila can be used in standalone deployments
without the need for Keystone, this change introduces
a noauth middleware that can work without project_id
in the URL paths.

The API version has been incremented to signal this
change to end users. When 2.60 is available, deployments
may drop "project_id" in the service catalog endpoint
for Manila and end users applications can stop needing
it as well (if they don't already rely on the service
catalog for this data).

APIImpact
Implements: bp remove-project-id-from-urls
Change-Id: I5127e150e8a71e621890f30dba6720b3932cf583
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2021-02-04 23:20:19 -08:00
Takashi Kajinami
1c17ca4382 Enable healthcheck middleware
This change makes healtcheck middleware enabled by default, so that
operators can use the middleware to monitor service availability for
various purpose like healthcheck by load balancers.

Change-Id: I47e65d23ebfe310643896e1de3396cd627a3def3
2021-02-03 14:51:38 -08:00
Rodrigo Barbieri
edf227ee27 Add manage/unmanage implementation to Container Driver
This patch implements managing and unmanaging of share
servers and shares functionality to the Container driver.

Depends-On: I452c2a99b186f53d737cb7fbd7eabfcfd9b249d6
Implements: bp container-driver-manage-unmanage-with-share-servers
Change-Id: I623c88dd1155740f0a444d2063236d91efd3bd1e
2019-03-04 18:35:06 +00:00
Goutham Pacha Ravi
817cce347a [LVM] Run filesystem check before assigning UUID
We assign a random UUID with tune2fs to snapshots
and shares created from snapshots so that they
don't conflict with the parent shares/snapshots
when both of them are being mounted.

tune2fs requires that a filesystem check be
performed "recently" before UUID assignments.
So, perform a filesystem check right away to
allow tune2fs to assign a random UUID.

Change-Id: I858a318f7a83e033cc3f2699859e38b6b74c8d24
Related-Bug: #1645751
Closes-Bug: #1798219
2018-10-16 16:52:04 -07:00
Xiaoyang Zhang
b76934770b Fix share-service VM restart problem
The /etc/mtab file may have mount information such as 'nfsd'
that if copied to /etc/fstab will cause the share server to
hang when rebooted.

Update /etc/fstab with exactly the newly mounted or unmounted
shares rather than simply overwriting /etc/fstab with /etc/mtab.

Change-Id: I67602bae1f928769d768008deca7bd0f2fef1ac2
Close-Bug: #1639662
2018-05-22 11:43:29 +08:00
Zuul
0d8a426f54 Merge "Add utils methods to write files" 2018-01-02 20:05:19 +00:00
zhongjun
64eaeae6bd [policy in code] Add support for AZ, scheduler and message resource [9/10]
This patch adds policy in code support for availability_zone,
scheduler_stats and message resources.

Change-Id: I9a79b5ececc583e85149cc920321e461e832b245
Partial-Implements: blueprint policy-in-code
2017-12-20 06:22:02 +00:00
zhongjun
5ac4310e0e [policy in code] Add support for share and type extra resource [8/10]
This patch adds policy in code support for share instance,
share export location and share type extra specs resources.

Change-Id: I9a89b4ececc583e85249cc925950e462e805b215
Partial-Implements: blueprint policy-in-code
2017-12-20 01:34:28 +00:00
zhongjun
a23d09eb01 [policy in code] Add support for replicas, networks and security services [7/10]
This patch adds policy in code support for replica, network
and security service resources.

Change-Id: I9a79b5ececc583e85149cc920950e462e805b245
Partial-Implements: blueprint policy-in-code
2017-12-19 12:22:18 +00:00
zhongjun
4f959eeaf7 [policy in code] Add support for group resource [6/10]
This patch adds policy in code support for group
resources.

Change-Id: I9a79b5ececc583e80149cc920950e462e805b142
Partial-Implements: blueprint policy-in-code
2017-12-19 11:59:59 +00:00
zhongjun
9a201768ae [policy in code] Add support for service and quota resource [5/10]
This patch adds policy in code support for service and quota
resources.

Change-Id: I9a79b5ececc583e80149cc980930e162e805b143
Partial-Implements: blueprint policy-in-code
2017-12-14 01:37:19 +00:00
zhongjun
dd160df611 [policy in code] Add support for snapshot resource [4/10]
This patch adds policy in code support for snapshot
resources.

Change-Id: I8a29b5ececc583e80129cc981930e162e805b246
Partial-Implements: blueprint policy-in-code
2017-12-13 06:56:11 +00:00
zhongjun
6184063a4c [policy in code] Add support for share resource [3/10]
This patch adds policy in code support for share
resources.

Change-Id: I9a79b5ececc583e80129cc980930e162e805b246
Partial-Implements: blueprint policy-in-code
2017-12-11 06:33:17 +00:00
zhongjun
d7161e38bb [policy in code] Add support for share type resource [2/10]
This patch adds policy in code support for share type
resources and depends on the basic patch [1].

[1]: https://review.openstack.org/#/c/507054/

Change-Id: I9a79b5ececc587e80129cc980930e168e805b246
Partial-Implements: blueprint policy-in-code
2017-12-11 01:07:39 +00:00
Ben Swartzlander
103a8233b1 Add utils methods to write files
Add utils methods for writing local and remote files.

Change-Id: I8f74909e9e4842668f41fc74452fbcb8e3350b59
2017-12-01 13:20:36 -05:00
zhongjun
b21c3d68a4 [policy in code] Add support for share instance export location resource
This is the basic patch which consits of the framework
code for default policy in code feature as well as
share instance export location resource.

Partial-Implements: blueprint policy-in-code
Change-Id: Iedde7a4a674a60e760b47d5eb2973f42d79226d8
2017-11-16 04:39:00 +00:00
Ben Swartzlander
5cb87d5dc3 Fix multiple issues with revert to snapshot in LVM
Reverts with the LVM driver were happening asynchronously
which resulted in unreliable behavior. This change makes
the reverts synchronous.

Also, the driver now unexports and unmounts both the share and
the snapshot during the revert (required to make the operation
synchronous) which requires changing the driver interface to
include the snapshot access rules in addition to the share access
rules.

Closes-bug: #1707943

Change-Id: Ifea1799e1d2e3963fec7e90ce3f9cb47b9f02f4f
2017-08-02 16:48:40 -04:00
Alex Meade
dd630c3929 User Messages
For quite some time, OpenStack services have wanted to be able to send
messages to API end users (by user I do not mean the operator, but the
user that is interacting with the client).

This patch implements basic user messages with the following APIs.
GET /messages
GET /messages/<message_id>
DELETE /messages/<message_id>

Implements the basic /messages resource and tempest tests
The patch is aligned with related cinder patch where possible:
I8a635a07ed6ff93ccb71df8c404c927d1ecef005

DocImpact
APIImpact

Needed-By: I5ffb840a271c518f62ee1accfd8e20a97f45594d
Needed-By: I9ce096eebda3249687268e361b7141dea4032b57
Needed-By: Ic7d25a144905a39c56ababe8bd666b01bc0d0aef

Partially-implements: blueprint user-messages
Co-Authored-By: Jan Provaznik <jprovazn@redhat.com>
Change-Id: Ia0cc524e0bfb2ca5e495e575e17e9911c746690b
2017-07-13 13:05:57 +02:00
Ramana Raja
a8e522961c ganesha: dynamically update access of share
You can dynamically update access lists of exports with Ganesha
version >= 2.4. Make ganesha library use this feature in a new helper
class, GaneshaNASHelper2, to cleanly implement share access rules
changes without undesired interruptions.

When updating a share's access rules, the new helper class differs
from the older GaneshaNASHelper class as follows:
* Looks for an existing export and edits its client access list;
  creates a new export if it can't find one; and removes an export if
  the access list ends up empty. Rather than awkwardly create or
  remove an export per addition or removal of an access rule.
* Issues DBUS UpdateAccess command to dynamically update an export.

Implements: bp ganesha-dynamic-update-export

Co-Authored-By: Csaba Henk <chenk@redhat.com>

Change-Id: I01ec100c0afe28a84e9afa8e0660d299e4b3d160
2017-06-05 22:36:15 +05:30
Jenkins
3f2ad74c58 Merge "Align policy.json with code" 2017-03-26 04:03:28 +00:00
Valeriy Ponomaryov
9ea065ebea Enable share groups back
This feature was disabled by default in Ocata.
Now, enable it back to ease further work and updates of this feaure.

Change-Id: Ib57b55ce77df1b8e6481057014f2e9f6d743e34d
2017-03-14 16:51:12 +02:00
Marc Koderer
87f9a81b75 Align policy.json with code
Snapshot policy is named inconsistently. Fixing this in the code
would cause a migration conflict since both "share:create_snapshot"
and "share_snapshot:create_snapshot" need to be supported. Instead
this fixes only policy.json

Change-Id: I5869f53ac5086d7411dc3553b4cf88423b7524f5
Closes-bug: #1666498
2017-02-23 08:43:37 +01:00
Ben Swartzlander
15b27e8fbe Only return share host for admins using shares API
Also, allow filtering by host based on policy 'list_by_host' that
defaults to 'admin only'.

Do not bump API, because it is not considered as expected behavior,
hence should not be kept for old microversions.

Co-Authored-By: Valeriy Ponomaryov <vponomaryov@mirantis.com>
APIImpact
Change-Id: I799bb7378927b6c3ee0f9fe88fd9876a03dd85b5
Closes bug: 1664370
2017-02-16 18:13:31 +00:00
Valeriy Ponomaryov
8ac4f0a913 Disable share groups APIs by default
as of Ocata because feature has not been completed.
Revert this change back in Pike.

Change-Id: Ibe2f7fba436e298b720a492594579d64b2e81a47
Closes-Bug: #1661639
2017-02-06 14:11:27 +02:00
tpsilva
8d71932c69 Add mountable snapshots support
This new feature gives the user the ability to allow and
deny access to the snapshots, so that they could be mounted in
read-only mode to retrieve files.

APIImpact
DocImpact

Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@fit-tecnologia.org.br>
Co-Authored-By: Alyson Rosa <alyson.rosa@fit-tecnologia.org.br>
Co-Authored-By: Miriam Yumi <miriam.peixoto@fit-tecnologia.org.br>

Partially-implements: blueprint manila-mountable-snapshots
Change-Id: I65f398a05f82eef31ec317d70dfa101483b44b30
2017-01-24 17:26:45 -02:00
Alex Meade
d25f101ab4 Manila Share Groups
Remove the experimental consistency group APIs and
replace them with the experimental Share Group APIs.

DocImpact
APIImpact
Partially-implements-blueprint: manila-share-groups

Change-Id: I79a80a62ae4e0015d6161edc2b93fd1f9ba69537
2017-01-23 21:29:12 +02:00
Clinton Knight
d4a379d083 Implement share revert to snapshot
This commit adds the ability for Manila to revert a
share to the latest available snapshot.

The feature is implemented in the LVM driver, for
testing purposes.

APIImpact
DocImpact
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
Co-Authored-By: Andrew Kerr <andrew.kerr@netapp.com>
Implements: blueprint manila-share-revert-to-snapshot
Change-Id: Id497e13070e0003db2db951526a52de6c2182cca
2017-01-17 15:06:01 -05:00
digvijay2016
fb4b0b86e9 Add support for manage/unmanage in GPFS driver
Added support for manage/unmanage in GPFS NFS driver.
This patch added functions that allow share on Spectrum Scale
node to be managed by OpenStack if existing fileset is an
independent fileset and doesn't have any NFS export
over the fileset path. Also, share can be unmanaged from
OpenStack but still left in Spectrum Scale cluster.

Implements: blueprint gpfs-manage-support

Change-Id: I9134408b59c30ac4bc593f287294741f6e996136
2016-12-28 15:06:42 +05:30
Ha Van Tu
dfd92fc390 Fix typo in rootwrap.conf
This patch replaces a typo "explicitely" by "explicitly".
TrivialFix

Change-Id: I81b5c41ea015609dfbcb6d6adcb79ad1e005191a
2016-12-20 10:06:44 +00:00
Valeriy Ponomaryov
c93e812a58 [LVM,Generic drivers] Fix relationships between parent and child shares
Reportedly [1], the kernel-nfs-server has a bug where we have overlap of
filesystem identifiers using LVM volumes and their snapshots.

We face this bug in manila LVM driver and Generic driver when we use
cinder LVM driver. So, fix it generating unique UUID for all
snapshots (only for LVM, because we cannot do it in Generic driver
while we do not have "mount-snapshot" feature support there) and
child volumes that will be exported as child shares.

[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1071733

Change-Id: Ib93bfb0d4184da1e70ecece6fde6931e44d05a30
Closes-Bug: #1645751
2016-12-09 20:23:26 +03:00
Valeriy Ponomaryov
976e2d58cb [ZFSonLinux] Add share migration support
Add support of share migration feature to ZFsonLinux driver.

Implements BP zfsonlinux-share-migration

Change-Id: If9e1fec9a6d4f96d2bb5c176c6249fafc7e3e891
2016-09-01 05:45:18 +00:00
Rodrigo Barbieri
9639e72692 Share migration Newton improvements
At Austin 2016 summit there were several improvements to
Share migration feature discussed. This patch implements
these changes.

Changes are:
- Added 'Writable' API parameter: user chooses whether share must
remain writable during migration.
- Added 'Preserve Metadata' API parameter: user chooses whether
share must preserve all file metadata on migration.
- Added 'Non-disruptive' API parameter: user chooses whether
migration of share must be performed non-disruptively.
- Removed existing 'Notify', thus removing 1-phase migration
possibility.
- Renamed existing 'Force Host Copy' parameter to 'Force
Host-assisted Migration'.
- Renamed all 'migration_info' and 'migration_get_info' entries to
'connection_info' and 'connection_get_info'.
- Updated driver interfaces with the new API parameters, drivers
must respect them.
- Changed share/api => scheduler RPCAPI back to asynchronous.
- Added optional SHA-256 validation to perform additional check if
bytes were corrupted during copying.
- Added mount options configuration to Data Service so CIFS shares
can be mounted.
- Driver may override _get_access_mapping if supports a different
access_type/protocol combination than what is defined by default.
- Added CIFS share protocol support and 'user' access type
support to Data Service.
- Reset Task State API now allows task_state to be unset using
'None' value.
- Added possibility to change share-network when migrating a share.
- Bumped microversion to 2.22.
- Removed support of all previous versions of Share Migration APIs.

APIImpact
DocImpact

Implements: blueprint newton-migration-improvements
Change-Id: Ief49a46c86ed3c22d3b31021aff86a9ce0ecbe3b
2016-08-31 12:38:14 -03:00
Jenkins
2f047eb25a Merge "Container driver" 2016-08-15 21:04:11 +00:00
Alexey Ovchinnikov
ddf960a2d9 Container driver
This driver exploits a Docker container as a share server instead
of a virtual machine. The container acts as a CIFS server
and shares logical volume attached to it. The volume gets created
simultaneously to the container on a host in a volume group
specified by the user.

DocImpact
Change-Id: I711813a2022d765ab7a70ed670e34f68f9cf1399
Implements: blueprint manila-container-driver
2016-08-15 16:30:23 +03:00
Jenkins
6bae3006d9 Merge "Refactor GPFS driver for NFS ganesha support" 2016-08-12 13:02:40 +00:00
Gaurang Tapase
a91fa6e154 Refactor GPFS driver for NFS ganesha support
Spectrum Scale supports NFS ganesha through CES protocol services. This
change replaces the current NFS ganesha support with the Spectrum Scale
CES infrastructure.

Implements: blueprint gpfs-ces-support

Change-Id: I8eb307c19761788ea71c15c889794f8b5f110253
2016-08-10 04:47:20 -04:00
Jenkins
930a3fb921 Merge "Add snapshot instances admin APIs" 2016-08-01 16:39:18 +00:00
zhongjun
8a487bf95d Add snapshot instances admin APIs
Add new API entry points for share snapshot instances:
- share-snapshot-instance-list
- share-snapshot-instance-show
- share-snapshot-instance-reset-status

APIImpact
DocImpact

Implements: blueprint snapshot-instances
Change-Id: Ica1e81012f19926e0f1ba9cd6d8eecc5fbbf40b5
2016-07-29 11:21:35 +08:00
Juan Antonio Osorio Robles
8208841513 Use http_proxy_to_wsgi instead of ssl middleware
The ssl middleware from oslo.middleware is deprecated in favor of
http_proxy_to_wsgi, which is used by nova, cinder, glance and several
other services.

Change-Id: Id33a0f7eeb8ced77d09f9edd6b1d65697d8bcfe7
2016-07-18 09:26:14 +03:00
Alexey Ovchinnikov
5dfbef4f95 Revert "LXC/LXD driver"
This reverts commit 466a19f18f.
Also this reverts commit 4f74b224fa.

Manila has decided to remove LXD from the Mitaka release.
http://lists.openstack.org/pipermail/openstack-dev/2016-March/089522.html

Change-Id: I3c4b15e8c9d92c874be754205b0b981151809cc1
2016-03-16 18:48:17 +04:00
Jenkins
e3b4639edb Merge "Remove nsenter dependency" 2016-03-10 04:28:31 +00:00
Ben Swartzlander
fad7709ed2 Remove nsenter dependency
Rather complex logic was added to ZFS driver to cope with
mount-namespace-related problems caused by neutron. A better
solution is to ensure mounts (and unmount) propagate to
namespaces.

Closes-Bug: 1552552
Change-Id: Id952cb110c0187021a46ed5de02308b10ddf1239
2016-03-09 10:37:50 -05:00
Jenkins
77f48dae33 Merge "Add /usr/local/{sbin,bin} to rootwrap exec_dirs" 2016-03-08 21:02:30 +00:00
Jenkins
3a7c796296 Merge "Moved CORS middleware configuration into oslo-config-generator" 2016-03-07 20:32:44 +00:00
Chaozhe.Chen
71f8d0f3df Add /usr/local/{sbin,bin} to rootwrap exec_dirs
Nova [1], Neutron [2,3] and Cinder's [4] rootwrap exec dirs include
/usr/local/{sbin,bin} which are a standardised locations for admins to
install non-distro executables, and these executables are no less
"trustworthy" than /usr/bin and friends.  See Neutron and Cinder's
rootwrap.conf (and probably others), and typical distro default values
for sudoers/secure_path for extremely similar precedents that all
include /usr/local/*bin.
Brief discussion of doing this via devstack available at [5].

Also, remove absolute paths from existing filters
to make this fix useful.

[1] I6a0a4b7f952193ce0f4ed2594613188854d36bf1
[2] Ib3646933744ca6b20ecd5ad0cedcedb4f1fa5f12
[3] Id7aebb50e60b1cc64c113be63c599387be5f1765
[4] I577e10df25181c7d4ca8189b10640a8e6e39b047
[5] I710cf142b834381c00e651cfc062299ae755c33f

Change-Id: Ie7177778a247a687ced846bb11030cb72344c93f
Closes-Bug: #1551956
2016-03-07 12:53:51 +02:00
Tin Lam
75d85aab3c Moved CORS middleware configuration into oslo-config-generator
The default values needed for manila's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to the default initialization procedure. This ensures
that if a value remains unset in the configuration file, it will
fallback to using sane defaults. It also ensures that an operator
modifying the configuration will be presented with that same
set of defaults.

Change-Id: Ie4adc39866a4ee6132eab6a111660218b3e6e5bd
Closes-Bug: #1551836
2016-03-03 16:13:20 +00:00
Rodrigo Barbieri
cae5a0152c Move Share Migration code to Data Service
Removed functionality of Share Migration relying on Manila Share
Service node, moved code to Data Service node for copy phase.

Added parameter 'notify' and share/api methods for future
implementation (see dependent patches).

Added new copy operation statuses, in order to implement future
API calls to obtain progress and cancel migration.

Added possibility of 2-phase migration for driver migration and
generic (fallback) migration.

Added admin export location support and removed approach of
replacing IP with config parameter.

Added Admin-only API entry points to:
- Migration Cancel (only during copying)
- Reset Task State field
- Migration Get Progress (only during copying)
- Migration Complete (2nd phase migration)
- Notify parameter on Migrate Share

APIImpact
DocImpact

Implements: blueprint data-service-migration
Change-Id: I1d65aac2f36942cd70eb214be561d59a15a4ba26
2016-03-03 09:34:29 -03:00
Igor Malinovskiy
4f74b224fa LXC/LXD driver
This driver exploits a container as a share server instead
of a virtual machine. The container acts as a NFS/CIFS server
and shares logical volume attached to it. The volume gets created
simultaneously to the container  on a host in a volume group
specified by the user. Currently NFS is limited to v3 since the
only userspace NFS server that works in a container out of the box
seems to be unfs3. Later it will be replaced with nfs-ganesha.

Co-Authored-By: Alexey Ovchinnikov <aovchinnikov@mirantis.com>

Implements: blueprint lxc-driver

Depends-On: Ib1896997f2e7a505b5bf8ec0c9e5ee35942f79a6

Change-Id: Iea73bd34b94919d77ebe17cf054dde1f580384be
2016-03-02 18:55:22 +04:00
Jenkins
afed146346 Merge "Add ZFSonLinux share driver" 2016-03-01 19:39:25 +00:00