This patch implements managing and unmanaging of share
servers and shares functionality to the Container driver.
Depends-On: I452c2a99b186f53d737cb7fbd7eabfcfd9b249d6
Implements: bp container-driver-manage-unmanage-with-share-servers
Change-Id: I623c88dd1155740f0a444d2063236d91efd3bd1e
We assign a random UUID with tune2fs to snapshots
and shares created from snapshots so that they
don't conflict with the parent shares/snapshots
when both of them are being mounted.
tune2fs requires that a filesystem check be
performed "recently" before UUID assignments.
So, perform a filesystem check right away to
allow tune2fs to assign a random UUID.
Change-Id: I858a318f7a83e033cc3f2699859e38b6b74c8d24
Related-Bug: #1645751
Closes-Bug: #1798219
The /etc/mtab file may have mount information such as 'nfsd'
that if copied to /etc/fstab will cause the share server to
hang when rebooted.
Update /etc/fstab with exactly the newly mounted or unmounted
shares rather than simply overwriting /etc/fstab with /etc/mtab.
Change-Id: I67602bae1f928769d768008deca7bd0f2fef1ac2
Close-Bug: #1639662
Reverts with the LVM driver were happening asynchronously
which resulted in unreliable behavior. This change makes
the reverts synchronous.
Also, the driver now unexports and unmounts both the share and
the snapshot during the revert (required to make the operation
synchronous) which requires changing the driver interface to
include the snapshot access rules in addition to the share access
rules.
Closes-bug: #1707943
Change-Id: Ifea1799e1d2e3963fec7e90ce3f9cb47b9f02f4f
You can dynamically update access lists of exports with Ganesha
version >= 2.4. Make ganesha library use this feature in a new helper
class, GaneshaNASHelper2, to cleanly implement share access rules
changes without undesired interruptions.
When updating a share's access rules, the new helper class differs
from the older GaneshaNASHelper class as follows:
* Looks for an existing export and edits its client access list;
creates a new export if it can't find one; and removes an export if
the access list ends up empty. Rather than awkwardly create or
remove an export per addition or removal of an access rule.
* Issues DBUS UpdateAccess command to dynamically update an export.
Implements: bp ganesha-dynamic-update-export
Co-Authored-By: Csaba Henk <chenk@redhat.com>
Change-Id: I01ec100c0afe28a84e9afa8e0660d299e4b3d160
This commit adds the ability for Manila to revert a
share to the latest available snapshot.
The feature is implemented in the LVM driver, for
testing purposes.
APIImpact
DocImpact
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
Co-Authored-By: Andrew Kerr <andrew.kerr@netapp.com>
Implements: blueprint manila-share-revert-to-snapshot
Change-Id: Id497e13070e0003db2db951526a52de6c2182cca
Added support for manage/unmanage in GPFS NFS driver.
This patch added functions that allow share on Spectrum Scale
node to be managed by OpenStack if existing fileset is an
independent fileset and doesn't have any NFS export
over the fileset path. Also, share can be unmanaged from
OpenStack but still left in Spectrum Scale cluster.
Implements: blueprint gpfs-manage-support
Change-Id: I9134408b59c30ac4bc593f287294741f6e996136
Reportedly [1], the kernel-nfs-server has a bug where we have overlap of
filesystem identifiers using LVM volumes and their snapshots.
We face this bug in manila LVM driver and Generic driver when we use
cinder LVM driver. So, fix it generating unique UUID for all
snapshots (only for LVM, because we cannot do it in Generic driver
while we do not have "mount-snapshot" feature support there) and
child volumes that will be exported as child shares.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1071733
Change-Id: Ib93bfb0d4184da1e70ecece6fde6931e44d05a30
Closes-Bug: #1645751
Add support of share migration feature to ZFsonLinux driver.
Implements BP zfsonlinux-share-migration
Change-Id: If9e1fec9a6d4f96d2bb5c176c6249fafc7e3e891
At Austin 2016 summit there were several improvements to
Share migration feature discussed. This patch implements
these changes.
Changes are:
- Added 'Writable' API parameter: user chooses whether share must
remain writable during migration.
- Added 'Preserve Metadata' API parameter: user chooses whether
share must preserve all file metadata on migration.
- Added 'Non-disruptive' API parameter: user chooses whether
migration of share must be performed non-disruptively.
- Removed existing 'Notify', thus removing 1-phase migration
possibility.
- Renamed existing 'Force Host Copy' parameter to 'Force
Host-assisted Migration'.
- Renamed all 'migration_info' and 'migration_get_info' entries to
'connection_info' and 'connection_get_info'.
- Updated driver interfaces with the new API parameters, drivers
must respect them.
- Changed share/api => scheduler RPCAPI back to asynchronous.
- Added optional SHA-256 validation to perform additional check if
bytes were corrupted during copying.
- Added mount options configuration to Data Service so CIFS shares
can be mounted.
- Driver may override _get_access_mapping if supports a different
access_type/protocol combination than what is defined by default.
- Added CIFS share protocol support and 'user' access type
support to Data Service.
- Reset Task State API now allows task_state to be unset using
'None' value.
- Added possibility to change share-network when migrating a share.
- Bumped microversion to 2.22.
- Removed support of all previous versions of Share Migration APIs.
APIImpact
DocImpact
Implements: blueprint newton-migration-improvements
Change-Id: Ief49a46c86ed3c22d3b31021aff86a9ce0ecbe3b
This driver exploits a Docker container as a share server instead
of a virtual machine. The container acts as a CIFS server
and shares logical volume attached to it. The volume gets created
simultaneously to the container on a host in a volume group
specified by the user.
DocImpact
Change-Id: I711813a2022d765ab7a70ed670e34f68f9cf1399
Implements: blueprint manila-container-driver
Spectrum Scale supports NFS ganesha through CES protocol services. This
change replaces the current NFS ganesha support with the Spectrum Scale
CES infrastructure.
Implements: blueprint gpfs-ces-support
Change-Id: I8eb307c19761788ea71c15c889794f8b5f110253
Rather complex logic was added to ZFS driver to cope with
mount-namespace-related problems caused by neutron. A better
solution is to ensure mounts (and unmount) propagate to
namespaces.
Closes-Bug: 1552552
Change-Id: Id952cb110c0187021a46ed5de02308b10ddf1239
Nova [1], Neutron [2,3] and Cinder's [4] rootwrap exec dirs include
/usr/local/{sbin,bin} which are a standardised locations for admins to
install non-distro executables, and these executables are no less
"trustworthy" than /usr/bin and friends. See Neutron and Cinder's
rootwrap.conf (and probably others), and typical distro default values
for sudoers/secure_path for extremely similar precedents that all
include /usr/local/*bin.
Brief discussion of doing this via devstack available at [5].
Also, remove absolute paths from existing filters
to make this fix useful.
[1] I6a0a4b7f952193ce0f4ed2594613188854d36bf1
[2] Ib3646933744ca6b20ecd5ad0cedcedb4f1fa5f12
[3] Id7aebb50e60b1cc64c113be63c599387be5f1765
[4] I577e10df25181c7d4ca8189b10640a8e6e39b047
[5] I710cf142b834381c00e651cfc062299ae755c33f
Change-Id: Ie7177778a247a687ced846bb11030cb72344c93f
Closes-Bug: #1551956
Removed functionality of Share Migration relying on Manila Share
Service node, moved code to Data Service node for copy phase.
Added parameter 'notify' and share/api methods for future
implementation (see dependent patches).
Added new copy operation statuses, in order to implement future
API calls to obtain progress and cancel migration.
Added possibility of 2-phase migration for driver migration and
generic (fallback) migration.
Added admin export location support and removed approach of
replacing IP with config parameter.
Added Admin-only API entry points to:
- Migration Cancel (only during copying)
- Reset Task State field
- Migration Get Progress (only during copying)
- Migration Complete (2nd phase migration)
- Notify parameter on Migrate Share
APIImpact
DocImpact
Implements: blueprint data-service-migration
Change-Id: I1d65aac2f36942cd70eb214be561d59a15a4ba26
This driver exploits a container as a share server instead
of a virtual machine. The container acts as a NFS/CIFS server
and shares logical volume attached to it. The volume gets created
simultaneously to the container on a host in a volume group
specified by the user. Currently NFS is limited to v3 since the
only userspace NFS server that works in a container out of the box
seems to be unfs3. Later it will be replaced with nfs-ganesha.
Co-Authored-By: Alexey Ovchinnikov <aovchinnikov@mirantis.com>
Implements: blueprint lxc-driver
Depends-On: Ib1896997f2e7a505b5bf8ec0c9e5ee35942f79a6
Change-Id: Iea73bd34b94919d77ebe17cf054dde1f580384be
Add support for ZFS (on Linux) filesystem.
Following features are supported:
- Create/delete share
- Create/delete snapshot
- Create share from snapshot
- Extend/shrink share
- Update NFS IP-based access rules using new interface.
(SMB support planned for future).
- create/delete/update/promote share replica
ZFS-related notes:
- Any amount of ZFS zpools can be used by share driver.
- Allowed to configure default options for ZFS datasets that are used
for share creation.
- Any amount of nested datasets is allowed to be used.
- All share replicas are read-only.
- All share replicas are synched periodically, not continuously.
So, status 'in_sync' means latest sync was successful.
Time range between syncs equals to value of
config global opt 'replica_state_update_interval'.
Driver-related notes:
- Able to use remote ZFSonLinux storage as well as local.
Other made changes:
- updated driver private data DB methods removing filtering by host
as redundant operation. Replication requires some common metadata
storage and filtering by host breaks it. It is safe to do so, because
if driver gets some ID of entity then it is allowed to read its info
too.
Implements bp zfsonlinux-driver
DocImpact
Change-Id: I3ddd3767184e4843037de0ac75ff18dce709b6dc
Having a driver in the top level of the drivers
directory was against source tree placement
conventions. It was especially weird because
all other GlusterFS related code lived in
a dedicated subdirectory.
Partially implements bp gluster-code-cleanup
Change-Id: I52d717ab6396454c2e7a9b62aa00ea443b26d5cc
The LVM driver was using sudo for one command instead
of proper rootwrap usage. This caused failures when the
user running manila-share didn't have passwordless sudo
access.
Depends-On: Ib1896997f2e7a505b5bf8ec0c9e5ee35942f79a6
Change-Id: I48ea946c2b8de2ebf0e067ef4829b81cabd1464f
Closes-Bug: 1550121
Reuse code of old LVM share driver.
LVM Driver is 1st party Manila driver with NFS and CIFS support
and no share server support.
LVM Driver doesn't rely on Neutron, Nova, or Cinder. As such, it
is ideal for testing purposes and, after a period of maturation,
it should be useful in production environments.
Move generic driver's helpers to manila/share/drivers/helpers.py
and reuse them in LVM driver.
Implement 'ro' access, user access, extend_share function for
LVM driver.
Implements bp lvm-driver
Change-Id: Ia46c51ed400dbb0f1d87a758fb165ca711ed3d7c
Adding GPFS driver back as the third party CI system
for GPFS driver is up and running.
This is a revert of commit 720ec90445
Change-Id: I86f9b7da21716346f96bae3ce30446589e4c4c37
The Manila community set a deadline of 3 Sep 2015 for all drivers
to have reporting CI systems, and there is no CI system for the
IBM GPFS driver. As agreed, the driver will be removed until such
time that a CI system exists.
Change-Id: I76f238a1a6eb039e4ddc1cb189115ab3e686c56b
With GlusterFS 3.7.x versions, the delete share operation fails when
deleting the contents of a GlusterFS volume, a share. This is because
two directories are auto-created within a GlusterFS volume when it's
started and GlusterFS refuses to unlink their paths. Fix this issue, by
not trying to remove the two directory paths, but remove their contents
and the rest of the contents of the volume.
Change-Id: I1675bbf593bf578301d6899ee3f9860320080956
Closes-Bug: #1473324
An execute call in the ganesha manager module that writes ganesha
export config files is made with 'process_input' argument. This
argument is invalid for processutils's ssh_execute() method which is
used by the execute call to write config files to a remote ganesha
server node. Fix this by not using the 'process_input' argument instead
use other arguments that would still enable the execute call to write
ganesha config files.
Change-Id: I58369468ac7be1de38364a1c1bf6cbf8695b9a1d
Closes-Bug: #1422235
When resetting exports, i.e., remove files present in the ganesha
export directory, during manager service initalization, ignore if the
directory is already empty. This allows ganesha manage service to
initialize even if the ganesha export directory is empty.
Change-Id: Iabe3f36d4f05b0fc451695b261a538b2e87be7a5
Closes-Bug: #1416958
The rootwrap filters for commands 'df' and 'stat', which were part
of the volume.filters before, were recently removed considering those
to be unused. But, GPFS manila driver uses those and fails while
performing certain operations, in their absence.
Hence, adding those back.
Change-Id: Ib736385f15058028b2bc0e38d325d0c256f6dd93
Closes-Bug: #1413544
There is no need to keep rootwrap filters in separate files
with 'volume' and 'share' prefixes.
So, merge it and remove unused filters.
Change-Id: I2fbea254faed5d8fc668cba58211d1df0e0e82f3
Rootwrap supports for a configurable set of trusted
directories to search executables in (exec_dirs),
which defaults to system PATH.
Make the rootwrap filters more portable by removing
the explicit exec_dirs prefix from them. This allows
a binary to be installed in any of the exec_dirs and
still be used by rootwrap, which improves cross-distro
portability.
Change-Id: I9a346c0fcddc7ac8af50f72df6d401b5079e4d58
Closes-Bug: #1405068
Introduce the ganesha share driver helper module
which provides the GaneshaNASHelper class from which
share drivers can derive NFS-Ganesha backed protocol
helpers.
Some utility functions are also added to ease
integration.
Partially implements blueprint gateway-mediated-with-ganesha
Change-Id: I8683ea5eb43d7a8eaf0dfa6af3791782d32b944a
Supporing GPFS exports over kernel NFS and Ganesha NFS
Supporting following Manila functionality:
1. Create, List, Delete Shares
2. Create, List, Delete Share Snapshots
3. Create Share from a Share Snapshot
4. Allow, Deny access to a share based on IP
Supports, local and remote GPFS nodes to the Manila service node,
in a GPFS cluster
Limitation:
1. While using remote GPFS node, with Ganesha NFS, 'gpfs_private_key'
for remote login to the GPFS node must be specified and there must be
a passwordless authentication already setup between the Manila and the
remote GPFS node.
DocImpact
Implements: blueprint gpfs-driver
Change-Id: I6664054ba52d03814cea846cb0d79cd853632814
This patch adds support for working with multiple glusterfs volumes
for the GlusterFS native protocol driver. Since the semantics and
mapping for native driver is different compared to GlusterFS NFS
driver, this patch refactors the native driver as a standalone
driver and fixes some flows to fit the native driver with the
Manila share flows.
A more recent version of glusterfs having SSL support is needed.
Change-Id: I567c7602e97c9d55551baa29f121c05da2985007
Closes-Bug: #1368669
Support of LVM driver is planned to be dropped as it is duplicates
functionality from Cinder. Default driver is Generic driver, that uses Cinder.
Changes:
- removed LVM driver
- removed related stuff to LVM driver
Partially implements blueprint remove-lvm-driver
Change-Id: If2df592db082fdc5d609a5ce644106fee7d0583d
Adds modules for creating and managing
logical interfaces. This modules create logical
interface and attach it to OVS or Linux bridge
to associate with neutron port.
Module manila.network.linux.ip_lib.py executes
linux 'ip' command for logical interface setup.
Module manila.network.linux.interface.py
is responsible for plugging logical interface
into OVS or Linux bridge.
Class in module manila.network.linux.ovs_lib.py
represents OVS bridge and allows to manage it.
Partially implements: bp generic-driver
Change-Id: Iaa97e961f1670479a59a2f9adba5953d271b1818
Added class GlusterfsShareDriver,
derived from manila.share.driver.ShareDriver,
implementing create and delete share capabilities
and access control.
Change-Id: I909ad28d316d071dd1a4790843eae25ade4a9c95