NetApp driver changes to accommodate human readable
share location. Export path is updated with
human frendly value if present else use share-id.
partially-implements: bp human-readable-export-locations
Depends-On: I72ac7e24ddd4330d76cafd5e7f78bac2b0174883
Change-Id: I2f5bfdbc9d0458c7b9198a3eb94b3b095d5b5e04
Implement the share backup feature for NetApp driver.
NetApp SnapVault technology is used to create and restore
the backup for NetApp ONTAP share. backup delete workflow
just delete the transferred snapshot from destination
backup volume.
Depends-On: Ifb88ec096674ea8bc010c1c3f6dea1b51be3beaa
Change-Id: I5a4edbf547e7886fb4fa9c1bed90110a33f9bf3b
Instead of using the identifier the migration methods are deriving
the vserver name from the share server id. This causes failure for
migrate a share server that had been migrated before.
Closes-bug: #2037109
Change-Id: Ida13bacab960761bb7cd0708017d864db0d7358f
Add the new scheduler weigher NetAppAIQWeigher that relies on
the NetApp Acitve IQ software to weigh the hosts. It only
works with NetApp only hosts.
It is also adding a new NetApp specific pool information
called ``netapp_cluster_name`` that contains the name
of the cluster where the pool is located.
Implements: netapp-active-iq-scheduler-weigher
Signed-off-by Felipe Rodrigues <felipefuty01@gmail.com>
Change-Id: I36b08066545afdaa37e053eee319bc9cd489efdc
Implement method share_server_migration_get_progress to get the
share server migration percent based in the total size of shares
(GB) tranfered from source to destination.
Depends-On: I9eae95ff3f66a3497b00ca582491afec58ae6dc3
Closes-bug: #2030969
Change-Id: If4bf3378388cc0d9ea03f58b0ab5abd9a268bfdd
SVM Migration was failing using NetApp driver after changes on share server structure,
since now the share server can have more than one subnet.
This patch fix all the errors related to this change.
Closes-bug: #2018300
Change-Id: I9eae95ff3f66a3497b00ca582491afec58ae6dc3
The certificate is automatically created on NetApp with 1 year i.e. 365
days of expiration time, and admin needs to manually extend it. It would
be nice Manila can take care to create certs with admin configuable
expiration time. Manila should first create the new cert with given
expiration time and if successful, delete the old cert.
Closes-bug: #2011693
Change-Id: I37e52b94dc492e91fe9e673b3619e6716737d39a
Changes were done in create_share_from_snapshot
method so that a scoped account does not need to get the
source and the destination cluster names and does not have the
permissions.
Closes-Bug: #1922512
Change-Id: Ib36c81c213a374a918378854ce0a89ce70acf1d0
This patch fixes #1928241 checking if the share pool name
is in vserver aggregates list, if it is not, the share server
cannot be reused and a new one is created. This fix also
includes NetApp Flexgroup and Flexvol.
Closes-Bug: #1928241
Change-Id: I24bf98f6d7c962ff9430748ff0bc88c647b9946c
The NetApp driver can setup a share server VLAN segmentation
and MTU based on the subnet metadata. If the subnet metadata has
`set_vlan`, the driver will configure the segmentation
following the metadata fields. If the subnet metadata has the
`set_mtu` field, the MTU is configured according its value.
If share network subnet does not have those metadata fields,
the segmentation configuration keeps working as before, that's it,
it is set according to the values provided by Manila network plugin.
Change-Id: I69731b187527d8d443893dcc94c604688d73e696
From version 2.76, 'default_ad_site' which if provided set domain
controller discovery mode to 'site'.
Related-bug: #1988146
Depends-On: I8e21e9170eace134a51efed84de1ccc58eb7eaaa
Change-Id: I251e4f94ef04e9ad2fe24844fb8ce1947f42d752
The NetApp driver is not reporting the home state of the aggregate
pools. This information is useful during maintenance tasks, since
not home aggregate cannot create shares.
This patch adds to the report netapp capabilities the boolean
`netapp_is_home`.
Closes-Bug: #1927823
Change-Id: I8e98541d8e457e9e4609410853b50d6156465f61
'reserved_share_extend_percentage' backend config option allows Manila
to consider different reservation percentage for share extend
operation. With this option, under existing limit of
'reserved_share_percentage', we do not want user to create new share if
limit is hit, but allow user to extend existing share.
DocImpact
Closes-Bug: #1961087
Change-Id: I000a7f530569ff80495b1df62a91981dc5865023
This patch adds support to multiple subnets in a same network
segment (and AZ). All subnets assigned to a share must have the
same VLAN id, otherwise the ONTAP driver will fail on share server
creation.
Depends-On: I7de9de4ae509182e9494bba604979cce03acceec
Implements: blueprint ontap-multiple-subnets-same-segment-id
Change-Id: If5db09627a2a9a98951a972e15b8af0857598d1e
The NetApp driver has been working with FlexVol ONTAP volumes.
The driver does not support scaling FlexVol volumes higher than
100 TiB, which was a theoretical limit for the large namespace that
these containers were meant to handle. ONTAP's Flexgroup volumes
eliminate such limitations. So, added the support for provisioning
share as FlexGroup in the NetApp driver.
The FlexGroup provision is enabled by new option
`netapp_enable_flexgroup`, which will make the driver report a single
pool represeting all aggregates. The selection on which aggregates the
FlexGroup share will reside is up to ONTAP. If the administrator desires
to control that selection through Manila scheduler, it must inform the set
of aggregates that formss FlexGroup pool in the new option
`netapp_flexgroup_pool`.
Each NetApp pool will report now the capability: `netapp_flexgroup`
informing which type the pool is.
The following operations are allowed with FlexGroup shares (DHSS
True/False and NFS/CIFS):
- Create/Delete share;
- Shrink/Extend share;
- Create/Delete snapshot;
- Revert to snapshot;
- Manage/Unmanage snapshots;
- Create from snapshot;
- Replication[1]
- Manage/Unmanage shares;
The backend with one FlexGroup pool configured will drop the consistent
snapshot support for all pools.
The driver FlexGroup support requires ONTAP version 9.8 or greater.
[1] FlexGroup is limited to one single replica for ONTAP version
lower than 9.9.1.
DocImpact
Depends-On: If525e97a5d456d6ddebb4bf9bc8ff6190c95a555
Depends-On: I646f782c3e2be5ac799254f08a248a22cb9e0358
Implements: bp netapp-flexgroup-support
Change-Id: I4f68a9bb33be85f9a22e0be4ccf673647e713459
Signed-off-by: Felipe Rodrigues <felipefuty01@gmail.com>
A series of enhancements can be performed in the share server
migration operation, and share backends might support
nondisruptive share server migrations, which was not covered
in the previous approach.
- Skip the destination share server network allocation if the
driver is capable of reusing the source share server allocation.
Manila will switch the allocations in the migration complete phase.
- Allow share backends to reuse the share servers in case they
are able to do so in a share server migration scenario.
- Nondisruptive migration is now feasible depending on whether the
share driver supports it and if the share network parameters have
not changed.
- Share servers will be always deleted whe the share server
migration complete operation is finished.
Depends-On: I43bd3fdafea02eb8e853114a57bfb863a441f3ed
Co-Authored-By: Fabio Oliveira <fabioaurelio1269@gmail.com>
Change-Id: I48bafd92fe7a4d4ae0bafd5bf1961dace56b6005
Implements share server migration using a proper mechanism
provided by ONTAP. In case the driver identifies that the ONTAP
version matches the version where this mechanism is available,
ONTAP will automatically chose to use this instead of SVM DR.
- Implemented new methods for migrating a share server using a
new mechanism provided by ONTAP, when both source and destination
clusters have versions >= 9.10. This new migration mechanism
supports nondisruptive migrations in case there aren't network
changes in the migration.
- The NetApp now does not need to create an actual share server in
the backend prior to the migration, in case SVM Migrate is being
used.
- The NetApp ONTAP driver can now reuse network allocations from
the source share server in case a share network change wasn't
identified.
Change-Id: Idf1581d933d11280287f6801fd4aa886a627f66f
Depends-On: I48bafd92fe7a4d4ae0bafd5bf1961dace56b6005
This config option allows different value for reservation percentage,
mostly useful on the platforms, where shares can only be created from
the snapshot on the host where snapshot was taken. The lower value of
this config option against existing (reserved_share_percentage) allows
to create shares from the snapshot on the same host up to a higher
threshold even though non-snapshot/regular share create fails.
In case this config option is not set, the shares created from snapshot
will use reservation percentage value set in 'reserved_share_percentage'.
This will be useful for users who want to keep same reservation percentage
for both non-snapshot/regular and snapshot shares.
DocImpact
Closes-Bug: #1938060
Change-Id: I390da933fe92875e3c7ee40709eacacc030278dc
This patch implements support for security service updates
for in use share networks. It works with all three security
service types. For 'active_directory' and 'kerberos', the 'domain'
attribute update isn't supported, since it can might affect
user's access to all related shares.
Change-Id: I8556e4e2e05deb9b116eacbd5afe2f7c5d77b44b
Depends-On: I129a794dfd2d179fa2b9a2fed050459d6f00b0de
Depends-On: I5fef50a17bc72ba66a3a9d6f786742bcb5745d7b
Implements: bp netapp-security-service-update
Co-Authored-By: Carlos Eduardo <ces.eduardo98@gmail.com>
Signed-off-by: Douglas Viroel <viroel@gmail.com>
This patch adds support for automated creation of FPolicy policies
and association to a share. The FPolicy configuration can be added using
the extra-specs 'netapp:fpolicy_extensions_to_include',
'netapp:fpolicy_extensions_to_exclude' and 'netapp:fpolicy_file_operations'.
Change-Id: I661de95bfb6f8e68b3a8c58663bb6055e9b809f6
Implements: bp netapp-fpolicy-support
Signed-off-by: Douglas Viroel <viroel@gmail.com>
NetApp driver is hard-coding the location of CA certificates for SSL
verification during HTTPS requests. This location may change depending
on the environment or/and backend.
This patch adds the `netapp_ssl_cert_path` configuration, enabling
each backend to choose the directory with certificates of trusted CA
or the CA bundle. If set to a directory, it must have been processed
using the c_rehash utility supplied with OpenSSL. If not informed,
it will use the Mozilla's carefully curated collection of Root
Certificates for validating the trustworthiness of SSL certificates.
Closes-Bug: #1900191
Change-Id: Idbed4745104de26af99bb16e07c6890637dfcfd1
This patch is a follow up from the main change[1] that adds support
for Adaptive QoS policies that have been pre-created in the storage.
Improvements added in this patch:
- Fail earlier when using this configuration with DHSS=True mode
and for shares that support replication.
- Fail earlier if no cluster credentials where provided to configure
volumes with QoS.
- Add support for migration and manage share operations.
Closes-Bug: #1895361
[1] https://review.opendev.org/#/c/740532/
Change-Id: I210994b84548ed6857e338c8e1f41667fa844614
Signed-off-by: Douglas Viroel <viroel@gmail.com>
This patch is a follow up patch of the main change[1] that adds
support for share server migration in NetApp driver.
It fixes two issues:
- Data motion 'get_backend_configuration' now avoids sending vserver
configuration, available only in DHSS=False mode, when driver is
configured with DHSS=True.
- After migrating a share server, all volumes appears with different
autosize configuration and need to be manually updated to the
original values. Provisioning options are also being updated in the
same method.
[1] https://review.opendev.org/#/c/747048/
Change-Id: I28a47417ec5dda0ed1f6c64fae37f5af6ca057e6
Signed-off-by: Douglas Viroel <viroel@gmail.com>
Added support for Adaptive QoS policies that have been pre-created on
the storage system, with clustered ONTAP version 9.4 or higher. To use
this feature, configure a Manila share type with the extra-spec
"netapp:adaptive_qos_policy_group" and value set to the qos policy
group on the ONTAP storage system, for example:
netapp:adaptive_qos_policy_group=platform3
Note that a cluster scoped account must be used in the driver
configuration in order to use QoS in clustered ONTAP. Other notes:
-This only works for backends without share server management.
-This does not work for share replicas or share migration.
Partially-Implements: bp netapp-adaptive-qos-support
Change-Id: I3cc1d2fa2a8380ca925538cab5a3414ac2141d70
This patch adds support for share server migration between NetApp
ONTAP drivers. This operation is now supported for migrating a share
server and all its resources between two different clusters.
Share server migration relies on ONTAP features available only in
versions equal and greater than ``9.4``. Also, in order to have share
server migration working across ONTAP clusters, they must be peered in
advance.
At this moment, share server migration doesn't support migrate a share
server without disrupting the access to shares, since the export locations
are updated at the migration complete phase.
The driver doesn't support changing security services while changing the
destination share network. This functionality can be added in the future.
Co-Authored-By: Andre Beltrami <debeltrami@gmail.com>
Implements: bp netapp-share-server-migration
Depends-On: Ic0751027d2c3f1ef7ab0f7836baff3070a230cfd
Change-Id: Idfac890c034cf8cbb65abf685ab6cab5ef13a4b1
Signed-off-by: Douglas Viroel <viroel@gmail.com>
From this this change, shares and share groups can be created
upon share servers configured with specific NFS max transfer
limits. An administrator is now able to set the share type
extra-specs `netapp:udp_max_xfer_size` and
`netapp:tcp_max_xfer_size`. While creating a share server or
providing a share server to a share or a share group, the NetApp
driver will consider these extra-specs to decide whether to create
or reuse a share server.
Share server now contains the details:nfs_config field, which
stores the server NFS configuration dictionary. In case the server
does not have a NFS configuration requirement, it saves the
default NFS values, retrieved at the driver startup. A server
without details:nfs_config is considered as using the default one.
The share server manage operation was modified to also retrieve
its NFS max transfer configurations.
The share manage operation was modified to check whether the NFS
max transfer extra-specs are matching the share server configured
values.
It relies on ONTAP features available only in versions equal and
greater than ``9.4``.
Implements: bp netapp-share-server-nfs-modify
Change-Id: Iaddb771ae28ec59dd125af0bf638f591f5662bfc
Depends-On: I8daf919a764075998be95c5845807bec37104c78
When the NetApp backend starts, it needs to know whether the
`revert_to_snapshot` support exist. So, it was retrieving the
licenses and checking if the `SnapRestore` is included. Using a
scoped account, the backend cannot retrieve that information,
though. So, this patch solves it by sending a fake operation
`revert_to_snapshot` that must fail. Analyzing the given error, it
sets the backend support field.
Closes-Bug: #1882590
Change-Id: Ib71a6cec939288498e48736f129fbfdacaabe9da
The max_over_subscription_ratio configuration, which can be set per
share back end, is now visible in scheduler-stats/pools/detail API.
Change-Id: Idc0eb39d91cf572a480443a5f68f9d3bac8a6342
Closes-Bug: #1877063
This patch improves the operation of creating share from snapshot
to accept new destinations that can be different pools or
back ends.
Change-Id: Id3b3d5860d6325f368cbebfe7f97c98d64554d72
This patch adds support for replication with DHSS=True on
NetApp driver. It now handles peering operations between
share servers and shares.
Change-Id: I93888bcc6a0ca672671cf2aa254ceb23c4cbf692
This patch implements the functionality of managing and
unmanaging of share servers to the NetApp driver,
allowing for shares and snapshots to be managed
and unmanaged in DHSS=True driver mode.
Implements: bp netapp-driver-manage-unmanage-with-share-servers
Change-Id: I6051cf038dcf9f175e0610fff0adf360230dc23c
Depends-On: I452c2a99b186f53d737cb7fbd7eabfcfd9b249d6
NetApp ONTAP Multi-SVM driver was raising an error while trying to
create shares on multiple subnets that belong to the same neutron
network, as it was trying to map multiple ipspaces to the same VLAN
port.
This fix allows the driver to use the same ipspace and VLAN port across
all subnets belonging to the same neutron network.
Change-Id: If9cbb34a890ee44806c404085e40cc924a1296a7
Closes-Bug: #1774159
By default, every share created allows access of its .snapshot
where files of each taken snapshot can be accessed. As per
some use-cases, it is desirable to not allow access to
the .snapshot folder.
This can now be done by using the extra_spec netapp:hide_snapdir.
When set to True, it will hide the .snapshot directory for every
newly created share.
Also, for existing shares, a config option named
netapp_reset_snapdir_visibility can be used to reset
all existing shares' setting to either hide or display
the .snapshot visibility on driver restarts.
Implements blueprint: netapp-snapdir-visibility
Change-Id: I30619bb13de528538b9887b00f39482f91a8db49
NVE is a software-based technology for encrypting
data at rest one volume at a time. An encryption
key, accessible only to the storage system,
ensures that volume data cannot be read if the
underlying device is repurposed, returned,
misplaced or stolen.
Signed-off-by: Erlon R. Cruz <erlon@netapp.com>
Signed-off-by: Tiago Pasqualini <tiagod@netapp.com>
Change-Id: Ib622c3d64cbec5a7254f6074f07d6f56f6492ca4
Implements: blueprint netapp-encrypted-shares
The ONTAP driver was ignoring the size requested when
creating a share from an existing snapshot.
Closes-Bug: #1717263
Change-Id: I335f72a8dea49d5855201fc63a7ac22240b60bbf
API Tracing is valuable when diagnosing problems or
unexpected behaviors with the ONTAP Manila driver.
However, turning it on may spam logs and make it rather
harder to trace through specific API calls.
Change-Id: I3c91638138ec1a2652efdadbc86176afa295abd8
Override the new create_share_group_snapshot() method in the driver class
and call the old CG snapshot code if the share group specifies CG
support, otherwise fall back on the new (existing) code.
This patch also removes dead code from the old CG feature from Newton and
earlier releases.
Change-Id: Ief71b9900c2c84e0df1d12d303517fa20ff7908b
Closes-bug: #1659023
ONTAP supports assigning QoS policy groups to storage
objects and workloads. [1]
Expose this functionality through the ONTAP manila
drivers (DHSS=True/False, NFS, CIFS).
The drivers will set the capability "qos" to True if the
configured credentials have access to create qos policy
groups on the configured ONTAP backend. When 'qos'
extra-spec is set in share types, scoped extra-specs can
be used to specify QoS ceiling values in iops or bps.
The drivers support the following QoS specs:
'netapp:maxiops', 'netapp:maxiopspergib', 'netapp:maxbps',
'netapp:maxbpspergib'. Policies are created on-demand
and manipulated as and when shares are manipulated
through manila.
[1] http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-perf-mon%2FGUID-38357C43-FB36-419D-B31F-6FD75B47254D.html
Implements: blueprint netapp-cdot-qos
Change-Id: I6f82c012ea60cfb1e9f82a696e2346ee95c60df3
jayaanand.borra@netapp.com