Kurt Martin [Wed, 21 Aug 2013 16:38:54 +0000 (09:38 -0700)]
3PAR driver terminate connection host validation
The 3PAR backend does not allow FQDN host names (i.e. foo.rose.hp.com),
instead it requires just foo without the rose.hp.com. This patch will
now validate the host name in terminate connection by calling
_safe_host just as it was doing in initialize connection when creating
the host on the 3PAR backend.
This patch adds the ability to pass in a custom
root_helper for executing commands. This is needed
for other projects that need a custom root-wrapper,
such as nova.
John Griffith [Mon, 19 Aug 2013 21:04:15 +0000 (15:04 -0600)]
Standardize on ID for log messages
We have some places where logs use name to identify
a volume and others where we use ID. Let's standardize
on the UUID here as that's typically the unique identifier
we use in most places anyway. Even though name is a
derviative it seems better to be consistent with this
and use the UUID by itself.
Joshua Harlow [Mon, 19 Aug 2013 18:31:56 +0000 (11:31 -0700)]
Reduce hidden effects of sqlalchemy objects
The flows are currently holding onto sqlalchemy
due to bug #1214083 and this is causing a problem
with gettextutils which appears to be deepcopying
the raw objects, of which one of those is sqlalchemy
objects, which can't seem to be deepcopied.
Kurt Martin [Mon, 19 Aug 2013 18:14:42 +0000 (11:14 -0700)]
Removed need for domain in 3PAR drivers
The 3PAR drivers need to support CPGs that are not part of a
virtual domain on the 3PAR backend. This patch removes the need
for the CPG to be part of a domain and changes a few of the commands
that took the domain as an option.
Avishay Traeger [Sun, 11 Aug 2013 16:40:10 +0000 (19:40 +0300)]
Allow Cinder to call Nova client
This code allows Cinder to call Nova client functions. This will be used
for online migration and guest-assisted snapshots, which are both in
progress.
Kurt Martin [Fri, 16 Aug 2013 15:48:03 +0000 (08:48 -0700)]
Fixes SSH injection threat in 3PAR driver
The setqos ssh command was not built up correctly when the following
patch https://review.openstack.org/#/c/37697/ landed for cleaning up
the SSH calls from injection attacks in the 3PAR driver.
The command was in the following format causing the injection threat
due to the spaces in the second item in the list:
['setqos', '-io 5000 -bw 500M vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
When it should actually be in the following format:
['setqos', '-io', '5000', '-bw', '500M', 'vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
This patch fixes an append vs. extend that was introduced in patch
https://review.openstack.org/#/c/42241
Kurt Martin [Thu, 15 Aug 2013 23:22:31 +0000 (16:22 -0700)]
Fix SSH injection threat in 3PAR driver
The setqos ssh command was not built up correctly when the following
patch https://review.openstack.org/#/c/37697/ landed for cleaning up
the SSH calls from injection attacks in the 3PAR driver.
The command was in the following format causing the injection threat
due to the spaces in the second item in the list:
['setqos', '-io 5000 -bw 500M vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
When it should actually be in the following format:
['setqos', '-io', '5000', '-bw', '500M', 'vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
This patch updates each driver to provide
the same mechanism for reporting the version
of the driver. It also includes fixing the
reported driver version at get_volume_stats()
time to be the version set in the driver.
When the manager starts the driver it now
logs the driver's name and version in the log file.
Victor Rodionov [Fri, 9 Aug 2013 05:40:02 +0000 (09:40 +0400)]
Refactor Nexenta driver
Moving NEXENTA_OPTIONS out of nexenta/volume.py and splitting the
options. This change is to avoid duplication as the iSCSI and NFS driver
will use the same configuration options.
The usage of this option occurred only in that module.
Rename this options to num_volume_device_scan_tries,
according to discussion on IRC.
The old one marked as depricated option.
Luis A. Garcia [Wed, 10 Jul 2013 00:50:12 +0000 (00:50 +0000)]
Externalize error messages in the v2 API
This patch does more internationalization for the REST API error
messages that don't currently have it to take advantage of the new
support added by bp user-locale-api to show error messages in the locale
requested by the user through the Accept-Language HTTP header.
We only do v2 because consumers have used the response error message in
the past for error checks, so changing it in v1 too would break them.
John Griffith [Thu, 15 Aug 2013 02:06:05 +0000 (20:06 -0600)]
Replace os.unlink with delete_if_exists
Shouldn't care when doing unlink on our temp files
if they exist or not. In fact this causes problems
when you do things like with tempfile/dir and happen
to try and unlink after it's already been removed.
This replaces these calls with the safer
common.fileutils.delete_if_exists which will
ignore the os exception of the object DNE.
Joel Coffman [Wed, 14 Aug 2013 14:00:15 +0000 (10:00 -0400)]
Add support for encrypted volumes
This modification adds an encryption key UUID field to the volume
table, which is sufficient to make Cinder "aware" of encrypted volumes
as designated by predefined volume types. Integration with a key
manager is necessary to obtain an actual encryption key UUID (the
current implementation generates a random UUID when an encrypted
volumes is created). Cinder should *not* presume that it necessarily
will have access to the key itself -- this decision depends upon the
design, implementation, and policy for encrypted volumes. The key's
UUID is stored in Cinder because it is metadata about the volume.
Zhiteng Huang [Tue, 13 Aug 2013 04:57:17 +0000 (12:57 +0800)]
Raise exception when Glance metadata not found.
It'd be better to raise exception when trying to copy Glance metadata
from source (volume/snapshot) to destination (volume/snapshot) rather
than silent failure, which is exactly the reason there's unspotted error
inside glance_meta unittest but it was able to pass.
With this fix, one should _not_ directly call glance_metadata_copy()
without looking at source's bootable flags. This patch also refactors
_create_volume_from_snapshot() and _create_from_source_volume() to only
do Glance metadata copy when needed (bootable is True).
XueChendi [Mon, 12 Aug 2013 16:25:43 +0000 (00:25 +0800)]
Interprete scoped key as nested tags
Current codes in xml_util.py does not support REST xml
so well when one tagname contains delimiter, it fails
to be interpreted. So this patch is to interprete one
tagname like "<a:b>1</a:b>" as a nested tag like
"<a><b>1</a></b>".
Kurt Martin [Tue, 13 Aug 2013 20:51:15 +0000 (13:51 -0700)]
Adding the -online option to the 3PAR clone
The 3PAR drivers had to wait while the clone was being performed
and this would take a considerable amount of time for large volumes.
This patch takes advantage of the 3PAR backend by using the -online
option in the command that we were calling to perform the copy. This
allows us to remove the sleep in the driver. Using the -online
option forced us to change some of the delete_volume code because
the 3PAR backend will not allow a volume that was copied to be added
to a virtual volume set.
This patch removes the brick iser.py's dependency
on cinder exceptions and volume_utils.
This required moving some exceptions out of cinder's
exception.py that the iser.py raises. Also had
to create a BrickException and refactor existing
brick exceptions to use the new BrickException model.
Jay S. Bryant [Mon, 12 Aug 2013 16:46:06 +0000 (11:46 -0500)]
Fix handling ImageUnacceptable in create_volume
In the create_volume flow ImageUnacceptable exceptions are
not properly handled. _copy_image_to_volume can receive an
ImageUnacceptable exception from copy_image_to_volume if fetch_to_raw
is used. Currently the ImageUnacceptable exception is changed to
a generic ImageCopyFailure exception which does not make the cause
of the excpetion clear.
This change adds handling and raising ImageUnacceptable exceptions
in _copy_image_to_volume. It also adds the exception to
no_reschedule_types as it doesn't make sense to keep retrying the
copy if the image was found to be unacceptable.
Eric Harney [Sat, 10 Aug 2013 20:12:59 +0000 (16:12 -0400)]
Fix signature of _create_volume() in ThinLVMVolumeDriver
create_volume_from_snapshot will call _create_volume() with the
wrong parameters when using ThinLVMVolumeDriver. It should be
compatible with LVMVolumeDriver's _create_volume() method.
Seif Lotfy [Fri, 9 Aug 2013 13:37:38 +0000 (13:37 +0000)]
Fix ratelimiting
Current master does now respect ratelimiting, since parsing of the
api-paste.ini was faulty. api-paste.ini limited user limiting by
setting a line as follows:
user:<user-id>:(GET, *, ".*", 4, minute) which was passed to the
Limiter as kwargs with "user" as a key. Thus multiple user limiting
was not possible as well as extracting the id of the user was bound
to fail, since we checked on the key with startswith("user:")
An example config in the api-paste.ini has to look as follows:
limits = (POST, "*", .*, 10, MINUTE)
limits.<user-id1>:(GET, "*", .*, 4, minute)
limits.<user-id2>:(GET, "*", .*, 2, minute)
Specify the following attributes when creating a new volume:
* The storage pool on which the volume is placed
* Number of block-level replicas
* Whether the physical blocks should be allocated locally on the node issuing
the IO or striped across the cluster
* Whether writes to the volume should use direct IO
* Number of file system blocks to be laid out sequentially on disk to behave
like a single large block
* Local storage attached to specific node(s) where the replicas of the
volume should be allocated
Ignore purge_props for v2 Glance api and fix upload
The V2 Glance API image schema does not contain
purge_props. While this may be a bug in Glance,
we will ignore this property in cinder when
glance_api_version=2. This will not change behaviour
since Glance defaults this property to True, Cinder
never sets it to False and the v2 client appears to
ignore it anyway.
Also fixed image upload which is a seperate client
call to update in v2 (v1 update does both).
Luis A. Garcia [Mon, 8 Jul 2013 23:11:05 +0000 (23:11 +0000)]
Add support for API message localization
Add support for doing language resolution for a request, based on the
Accept-Language HTTP header.
Using the lazy gettext functionality from oslo gettextutils, it is now
possible to use the resolved language to translate an exception message
to the user requested language and return that translation from the API.
Kurt Martin [Thu, 8 Aug 2013 21:14:56 +0000 (14:14 -0700)]
3PAR drivers creating incorrect comment data
The 3PAR volumes created from a shapshot had incorrect comment data
that gets added in the comment section of the volumes on the backend.
This patch fixes the display name and description by getting the correct
data when the volume is created. This patch also fixes the inconsistency
in how the keys (name vs. display_name) were used in the comments.