Pure uses the version number of the driver to identify which
customers are using which versions of OpenStack.
This will help granular analysis of which driver is being
used in each OpenStack version.
Additionally, change ``user_agent`` string to report
operating system name and version, rather than the kernel
version.
Change-Id: I26e01621d3de5eb4edc647f82f0582a4de6744dc
We don't need it anymore as we don't support python < 3.8
Also it was removed from global requirements so it breaks the
requirements check.
Change-Id: Ic558c0a55aff8a0a4f762177a7188069f2baa1fe
These block usage of methods that no longer
exist in oslo.utils 6.0.0+. Since they have
been removed, we don't need a hacking check
for this.
Change-Id: If0345c863b1750eaca3097f240fde9b976ac442e
sqlalchemy-migrate does not (and will not) support sqlalchemy 2.0. We
need to drop these migrations to ensure we can upgrade our sqlalchemy
version.
Change-Id: I39448af0eb8f4c557d591057760c27b1d40d3593
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This release of tooz contains
54448e9d Replace md5 with oslo version
which is needed for FIPS support.
Change-Id: I506968a245afa2a17be343d1e923d21f0b298cd7
As a new feature, os-brick now supports setting the location of file
locks in a different location from the locks of the service.
The functionality is intended for HCI deployments and hosts that are
running Cinder and Glance using Cinder backend. In those scenarios the
service can use a service specific location for its file locks while
only sharing the location of os-brick with the other services.
To leverage this functionality the new os-brick code is needed and
method ``os_brick.setup`` needs to be called once the service
configuration options have been loaded.
The default value of the os-brick ``lock_path`` is the one set in
``oslo_concurrency``.
This patch adds support for this new feature in a non backward
compatible way, so it requires an os-brick version bump in the
requirements.
The patch also ensures that ``tox -egenconfig`` includes the os-brick
configuration options when generating the sample config.
Change-Id: I9f3e46c262f5b2b72fed5a4927165b3834a1c383
The cinder requirements job is failing because our restriction
of importlib_metadata to py<3.8 is conflicting with change
I5febaed02e95 to global-requirements.
The cinder restriction to py<3.8 was originally made by
change I45d0851cdb5f (merged 21 Aug 2020).
Change-Id: I0293ae0e178c6b30edf38a0b31e60de4a4f6e21e
Some of the yoga backend drivers require the yoga os-brick release.
Also update other requirements to match the minima requested by
os-brick (since that's what we'll have to use anyway).
The os-brick requirements were updated by change Iec14833ab502.
Change-Id: I694d01bcdd2ea83627d375cc4501bff774fa82c2
Older versions have a dependency that is no longer satisfiable
on all supported test platforms. See discussion on I5925d1d8cbaad6
and bug #1946340.
Depends-on: I2a06f0d302325425e67f4ca3dcca14fd73d41c3e
Change-Id: Icfe49cd2303b5d7091bc1f24c09bde0bc624ab6a
Related-bug: #1946340
Raise minimum version of os-brick to 5.0.1, which contains a
fix for a critical regression.
Depends-on: I372deff54040083e0d2cafee59161c101a2535e4
Change-Id: I8aaaa058c6ec5d383fefb61206854e64049f7e99
Related-bug: #1945323
Our current min is the victoria release of oslo.db; let's update
to the xena series (which we've been testing with anyway).
Change-Id: I55575f65531887647d8481a2a8efcc52490bf02b
We get test failures with the current requirements, so raise
them to the current allowable for stable/xena.
Change-Id: I6cb38cc72a9d85076a79f2499171dfb593e5f419
All the tests added recently to cinder/tests/unit/policies were
validated using oslo.policy 3.8.1 (tagged on 2021-06-15), so it
would be wise to require at least that release for use with cinder.
Change-Id: I6d8768de52e302f620645f58dba1309036e09d9f
The cinder/policies/base.py file makes reference to
versionutils.deprecated.XENA, so we need to make sure we're using
a release of oslo.log where that's available, which will be
any release containing change I6bf6997899f6c95e.
Change-Id: I292dc5fd764dae1a59f9d8f3d14c523aff92ca88
Update the minimum os-brick version to include a fix addressing
a potential data loss issue.
Change-Id: If28cf471aaeef8207d530dd914d0f63a19bb5941
Related-Bug: #1921381
Update min brick version to the wallaby brick release, and adjust
requirements files and lower constraints to accommodate the versions
of dependencies requested by os-brick 4.3.0.
Change-Id: I74b897a6ec27ca2ef00811fbbc2e6c43d31e307f
The SMBFS driver stores volumes as VHD/x image files. This change
will set the unique id VHD field using the volume id.
Hyper-V propagates this id to the guest through the SCSI VPD,
which allows it to safely identify the disk. The kubernetes openstack
provider will also benefit from this change.
Here's an example: http://paste.openstack.org/raw/801011/
This operation requires os-win 5.4.0, for which reason we're bumping
the requirement.
Depends-On: Ied73997e6f5f3ded9827703867f059ef3dfca159
Change-Id: I459ff3c8798e218919b6b2f9e1c2200203efeeff
Now that we're starting to set scope_types on default policies, we
should make sure we handle InvalidScope exceptions from oslo.policy in
the event enforce_scope=True. Operators won't use this switch for a
while, but it prepares us for when cinder will be system-scope aware.
This commit also bumps the minimum version of oslo.policy to 3.6.2,
which is safer when running tests in parallel with different
policy configurations.
Change-Id: I680cb8c4be13bcd3ac6785a7afa81ce5d3477f91
Update requirements to use the wallaby intermediate brick release
containing the updated nvmeof connector and other bugfixes.
Depends-on: https://review.opendev.org/c/openstack/requirements/+/775792
Change-Id: Id0128baa36f995e4dd74090bc30dd2dbbd2a21e9
As per the community goal of migrating the policy file
format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on project side
via warning in doc and format releasenotes.
1st item if already done by cinder in Stein so this commit
only cover the 2nd item.
Since oslo.policy 3.6.0, by default oslo policy will
fallback to existing policy.json file to give operator some
time to migrate it to new default policy.yaml. But cinder
already changed the default value to policy.yaml long back
since Stein so no need to fallback to default JSON file. To
do that it disable this fallback via flag to oslo.policy.
Also convert the tests/unit/policy.json to policy.yaml file.
Additionally, made some corrections to outdated documentation
when removing references to a "policy.json" file.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Co-Authored-By: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Change-Id: Iaf8a454e60d1e4b66981b61175f89203cc15e439
Bring the versions specified in requirements.txt and test-req.txt
closer to what's actually being used in the py36 and py38 testenvs,
and update lower-constraints to reflect the updated requirements.
What has made this necessary right now is that the latest pip has
introduced a much stricter resolver, and the cinder lower-constraints
job is failing because cinder is imposing some constraints which are
too low for some dependencies, and we can't get away with that under
the stricter resolver.
Change-Id: I42af21b1c4247d04d479f1fc1ecd6f9baac0cfc9
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.
Reviewers need to pay particular attention as to whether the keyword
parameter (usedforsecurity) is set correctly. Almost all instances
of md5 usage appear to be to refer to etags, to do checksums, or to
generate uuids for paths.
I had hoped to update the bandit config to enable scanning for instances
of md5 and bad algorithms, so that instances would not creep in in future,
but I couldn't find the bandit config.
With this patch (and the corresponding os-brick and oslo-versioned_object
dependent changes) all the functional tests and alnmost all the unit tests
pass on a FIPS enabled system.
Issues I found were as follows:
- Cinder appears to be using md5 in a security context in
cinder/volume/drivers/synology/synology_common.py. If this is really
the case, then we'll need to consider how to replace md5 in this usage.
This case did not appear to exercised in the unit or functional tests I ran.
- Cinder appears to use md5 in a security context in
cinder/volume/drivers/stx/client.py, which resulted in the failed unit test
cinder.tests.unit.volume.drivers.test_seagate.TestSeagateClient.test_login
This was the only unit test that failed.
Change-Id: I57ec3e7e99c78535fa8051d011d970adb7fb89ab
Depends-On: https://review.opendev.org/#/c/756151
As per victoria cycle testing runtime and community goal,
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).
Bump lower constraints to make testing work for Focal.
Co-Author: tushargite96 <tushargite96@gmail.com>
Story: #2007865
Task: #40179
Change-Id: I5f37fb5611362e550610e2094d9cb3778548bf47
Require victoria os-brick for the upcoming victoria cinder release.
Contains a fix related to OSSN-0086, among other things.
Change-Id: I81b49aaa5dd0a157b1c29244b9923186c2c2f610
Several version specified in our lower-constraints files had conflicting
dependencies. This updates a few packages to avoid those conflicts. It
also removes the linters that are tracked in the global requirements
blocklist since we do not need to enforce lower-constraints for linters.
Change-Id: Iaa2b3e1518614caf8664af017b2a2e1a7c005b07
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Importing pkg_resources scans all of the installed modules for data
that won't be used. Switch to using importlib.metdata, which more
efficiently loads the metadata for a package.
Since the name of the module where importlib.metadata is found depends
on the version of python, mocking a function in the library is more
complicated. Provide a wrapper in the module that uses
importlib.metadata.version() so its tests can examine behavior using
different versions via mocks.
The distutils package in the standard library is deprecated. Use the
packaging library for parsing version strings into something that can
be compared.
Change-Id: I45d0851cdb5f241ff8dc774dc22123b410502cd9
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
VxFlex OS password is not stored in block_device_mapping table. Instead of this
passwords are stored in separate file and are retrieved during each attach/detach
operation.
Closes-Bug: #1823200
Change-Id: Ia7cc17472677a693c6162f0b8b0529df62eed7cf