Network port host can be totally different than manila host,
So it's weird to force binding host to only manila host.
`service_network_host` allow we specify host for network ports
when `dhss` is True.
Change-Id: I3d9a3bbc81f18d60a0710d9336ad6f97176875be
When creating port bindings for ports inside Neutron, Manila
just uses the hostname using "socket.gethostname()" rather
than the one provided via CONF.host
The default behaviour of CONF.host is "socket.gethostname()"
anyways, so it should work just fine.
Closes-Bug: #2037580
Change-Id: I4181a6f1527c80bf356d6363300b2d420921e7fa
currently a local lock is used when creating a service network,
which is only valid for processes on the same host.
Thus, when several instances of manila-share with generic driver
start for the first time in parallel on different hosts or as k8s pods,
they race for creating of the service network,
sometimes creating several of them,
and then stuck on ambiguity of the network to choose.
This patch instead used tooz-backed distributed lock,
so that only one service network will ever be created.
Change-Id: Id6627fd6e9cceda0528f5f7e3810950e927f9621
... instead of executing the cat command as an external process.
One benefit of using an external process is that we could avoid
eventlet threads being blocked, but ssh public keys are usually tiny
and is not expected to cause huge blocking.
Change-Id: I5b03e26df36d6cc7564625b16d613b001b6dee0b
This uses the method _get_service_instance_name to generate the name
of the share service instance, instead of using directly the share
service id.
Note that it changes the default value of the
service_instance_name_template option to match the current default and
keep backwards compatibility.
Closes-Bug: #1945463
Change-Id: I3ee10f53315a37b47bd66eba082502b4209f4d95
Signed-off-by: David Caro <me@dcaro.es>
When the image count is over 25, there might not get
manila-service-image, because current manila shares
creation is using novaclient to get image info, but
novaclient can only get 25 images due to pagination
of glance server, So this change is to switch to use
glanceclient instead of novaclient to get image info,
because glanceclient can iter all image info, while
novaclient is rarely maintained with stuff of image
API.
Change-Id: Id1715d0b9cb3a4aeedeb23d9b1d9924a78d18dc6
Closes-Bug: #1741425
Neutron can filter ports by subnet-id by itself, so:
- Don't send all ports in Neutron on every share-server removal
- Don't send fixed-ips fields (which are nearly half of total data)
Closes-Bug: #1879754
Change-Id: If42c9a0a662a62bbe2a02b6baee6ae13eedd8c97
Signed-off-by: George Melikov <mail@gmelikov.ru>
The `interface_driver` option needs some clarification.
While we only support three interface mechanisms,
it's possible that deployers can use their own
interface driver, so using oslo_config's choices
for this option does not make sense.
Depends-On: I2c3d6e4234bf7185b8da3c8e1701069c3a165ffc
Change-Id: I1cc710dbe87e9e23fbed63dcd5f1017978393c66
The code for clearing routes currently lives inside the
service_instance module but it belongs better inside the linux
interface ones.
This patch refactors it into there, which can allow for a true
noop driver as all network operations would happen inside that
section.
Change-Id: I9fa29e9e5ed7dd2c620b56efab559f4cec25aced
This patch refactors the code which clears routes into another
function which already gets all of the subnets to avoid hitting
the Neutron API twice, and allowing us to eventually refactor
all of this code into the linux interface management API.
Change-Id: I6e1debce1ac379d15190db82299bdd92c9ff7734
There's a few functions which are used inside service_instance
which do networking that can live inside the linux interface
driver code.
This patch refactors them into there as this helps allow for
the noop driver.
Change-Id: Ib79ae3f08843414a552c89cd9a254b5e562123b8
Glance image list API supports pagination, but `_get_service_image`
uses novaclient.glance.list() that only return images in one page.
When the image needed by share server is not returned in the first
page, the exception occurs. This patch uses `find_image` method
to get the image.
Since latest novaclient has no proxy to lookup image, so only
novaclient.glance.
Change-Id: I57b15b7ebb29c545c9780a90734988565fa1f6b7
Closes-Bug: #1844046
When set 'reclaim_instance_interval' larger than 0, share server
was deleted cause that the server exists until
reclaim_instance_interval. This patch checks status 'soft_deleted'
of instance to avoid the timeout.
Change-Id: Ib481c1699b19ee8c37473081f1aec780ed384e9d
Closes-Bug: #1844596
"storage_availability_zone" in the [DEFAULT] section of
manila's configuration file has allowed deployers to configure
and manage both service (scheduler, share manager) and storage
system availability. However, quite often manila's services
(api, scheduler, share and data managers) are run on a dedicated
control plane that is a different failure domain from that of
the storage that manila manages.
Also, when using share replication, deployers would need to
run multiple manila share manager services with different
configuration files, each with their own
"storage_availability_zone".
To allow flexibility of separating service and storage
availability zones, we introduce a new configuration option
"backend_availability_zone" within the share driver/backend
section. When this option is used, it will override the value
of the "storage_availability_zone" from the [DEFAULT] section.
Change-Id: Ice99a880dd7be7af94dea86b31a6db88be3d7d9b
Implements: bp per-backend-availability-zones
Added new config option limit_ssh_access. If set to true the
neutron security groups are set up to block port 22 from other
subnets than service network in service instance.
Change-Id: I3c247ac2c55e5c74dbb0c8e31144bb865fd48710
Closes-bug: #1714288
Use "driver_handles_share_servers=True" backend driver.
When create service neutron port to connect with service instances,
we should set the port security group is disable, to prevent be added
the default security group in neutron. Because some cases the default
security group would lead to the port can not connect with the service
instances.
Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
Closes-Bug:#1720283
When the image count is over 25, there might not get
manila-service-image, because current manila shares
creation is using novaclient to get image info, but
novaclient can only get 25 images due to pagination
of glance server, So this change is to switch to use
glanceclient instead of novaclient to get image info,
because glanceclient can iter all image info, while
novaclient is rarely maintained with stuff of image
API.
Change-Id: Id905d47600bda9923cebae617749c8286552ec94
Closes-Bug: #1741425
when the image is not active status, it should be raise
error, because there is no need to take an error status
image to create share server.
Change-Id: Ib31b9a627a9bbd413e46bfc09775e0c6d30ac084
Closes-Bug: #1740010
Fixed creation of security group and security group rule via
neutronclient api mapping.
There was a switch from novaclient to neutronclient
for creating a security groups and rules in change
5d5666b10e but
the argument mapping for this function has not been changed.
Change-Id: I1774b73c61adb3b44a61f3f56f99e85f278deb83
Closes-Bug: 1716922
Some of the available checks are disabled by default, like:
[H106] Don't put vim configuration in source files
[H203] Use assertIs(Not)None to check for None
[H904] Use ',' instead of '%', String interpolation should be
delayed to be handled by the logging code, rather than
being done at the point of the logging call.
Change-Id: Ie985fcf78997a86d41e40eacbb4a5ace8592a348
Please read spec for design detail [1].
Support IPv6 in IP drivers, networks and share
type extra specs.
Co-Authored-By: TommyLikeHu(tommylikehu@gmail.com)
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
[1] f7202a6cfe32a057f752a4e393f848f8a0211c36
DocImpact
Partial-Implements: blueprint support-ipv6-access
Change-Id: I96d3389262e9829b8b4344870cdf5c76abd22828
Novaclient has removed lots of proxies to other clients such as
'images' [1], 'networks' [2] and 'security_groups' [3].
So, fix incompatibilities the way we can work with old and
new novaclient versions.
[1] I2d9fd0243d42538bd1417a42357c17b09368d2a5
[2] I8c520100a0016eed3959619c71dae037ebd72939
[3] I6fa14f43d48f1e035ef54bd2d0078506f0c6d6e0
Change-Id: Id7383329b2491f76579f042cbed06585c2214815
Closes-Bug: #1691445
It is no longer used and was deprecated [1] in the previous
release.
TrivialFix
[1] I14768a237b9d7ebc5aa55733bc6bc0531ec3fbb4
Change-Id: If6375322e254fa6f13649411aef2c92bf368e7ed
Some configuration options were accepting both IP addresses
and hostnames. Since there was no specific OSLO opt type to
support this, we were using ``StrOpt``. The change [1] that
added support for ``HostAddressOpt`` type was merged in Ocata
and became available for use with oslo version 3.22.
This patch changes the opt type of configuration options to use
this more relevant opt type - HostAddressOpt.
[1] I77bdb64b7e6e56ce761d76696bc4448a9bd325eb
TrivialFix
Change-Id: I44ba478ff14a6184434dd030efd9b7fa92458c7a
Change [1] removed the ``service_instance_network_helper_type``
option as part of the removal of nova network helper support
for the service instance module.
Put the option back in but deprecate it so that operators with
this configuration can see that it is no longer used.
TrivialFix
[1] I846b760fa7c01f7f86768399a2bfad9ced7e57cd
Change-Id: I14768a237b9d7ebc5aa55733bc6bc0531ec3fbb4
Nova network was deprecated in Newton and is no longer supported for
regular deployments in Ocata [1].
As a first step towards removal and cleanup of nova network plugin
from manila, remove support for it from the service instance module.
[1] http://docs.openstack.org/releasenotes/nova/unreleased.html
Partially-implements: bp remove-nova-net-plugin
Change-Id: I846b760fa7c01f7f86768399a2bfad9ced7e57cd
Generic driver updates routes on host according to the tap
interfaces created for use by share servers. That code
should be within a lock to prevent a thread failing to delete
a route previously listed and already deleted by another thread.
This change moves an existing lock to the function that
performs route changes while also covering the function
that had the lock before.
Closes-bug: #1617461
Change-Id: I798e5d9b0bc9ebefc8661d0ade720c60303cf484
In module netaddr valid_ipv4/valid_ipv6 raise exception
AddrFormatError if address is specified as empty string.
Methods is_valid_ipv4/is_valid_ipv6 catch the exception
and return boolean value. So we'd better use them from
oslo.utils. This commit also adds empty string case in
unit test.
Change-Id: If58889bb322686c252b4fe89a4ddf9469121028c
Manila share manager has possibility to save share servers
details even if it failed to be created on some step.
To use it, share driver should attach 'detail_data' attr
to exception with dict of share server details.
But, if such data not provided or has unexpected type, then
manager writes "warnings" to LOG. So, make it have "debug" level
of logging because here is nothing to do for admin/operator.
Also, fix Generic driver's case when it does not provide information
when has it - on negative result of
share server network availability check.
Change-Id: If8926ad383669fd5ccbe69cf13b574bc044f19be
Closes-Bug: #1547076
Implemented admin network support in generic driver
by creating extra ports in service instance.
In order to implement admin export location, Admin must
specify admin_network_id and admin_subnet_id
in driver configuration in manila.conf to create ports
between host and network of choice.
Possible scenarios are covered by this change:
*1: service network.
*2: service network and tenant network.
*3: service network and admin network.
*4: tenant network and admin network.
Admin network and tenant network configurations have
higher priority than service network. If both are
present, service network is not used.
Only admin network export locations are
is_admin_only = True.
Included additional admin_only export location
when creating shares and creating shares from
snapshots.
Removed deprecated 'service_ip' property of
server backend details.
Implements: blueprint admin-network-generic-driver
Change-Id: I8d8694ac3d83aa12a756112dfefebd7e17e32383
As observed in several failed gate tests, there is a concurrency
issue between nova+neutron and Manila in generic driver.
This patch addresses this.
Change-Id: Ie5f01c937f30d994dc3c2df3f647cc90f29245ff
Closes-bug: #1548350
There are cases where the server details don't have an instance_id
set but we need to check for that so we can avoid a KeyError. We
also log this case as a warning like the InstanceNotFound in the same
method. Ideally we'd log the share server ID for context but we don't
have that available in this method which is given ShareServerBackendDetails
key/values.
Change-Id: I8cabf7f3a5a3480a1f55a19fbdcebfc272906332
Closes-Bug: #1542365
When setting the default for path_to_private_key to "~/.ssh/id_rsa"
it's impossible to disable private_key usage within a driver section.
So set the default to "None".
Change-Id: I17f6b24fc6581dde2b1784b9cdb7778d251145c1
Closes-Bug: #1522074
Currently, after getting the list of ports from neutron,
we filter based on the device_id. In HA, two nodes will
share the same device_id. Hence, ports on different HA
backends are reported together causing a
ServiceInstanceException, not allowing for port creation
on the required backend.
This patch will use both device_id and binding:host_id
properties to filter neutron port lists to check for
valid port clashes if any.
Closes-Bug: #1519326
Change-Id: I81a16c360b1e8fffccddef5f358136e5fbde81e4