From Fedora Project Wiki
(Created page with "= Stratis 3.0.0 = == Summary == Stratis 3.0.0 includes many internal improvements, bug fixes, and user-visible changes. == Owner == * Name: Dennis Keefe, ...")
 
m (Fix a formatting error)
 
(14 intermediate revisions by 3 users not shown)
Line 11: Line 11:


== Current status ==
== Current status ==
[[Category:ChangePageIncomplete]]
[[Category:ChangeAcceptedF36]]
[[Category:SelfContainedChange]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
Line 17: Line 18:
<!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->
<!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->


* Targeted release: [[Releases/36 | Fedora 36]]
* Targeted release: [[Releases/36 | Fedora Linux 36]]
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
Line 25: Line 26:
ON_QA -> change is fully code complete
ON_QA -> change is fully code complete
-->
-->
* FESCo issue: <will be assigned by the Wrangler>
* FESCo issue: [https://pagure.io/fesco/issue/2691 #2691]
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2023360 #2023360]
* Release notes tracker: <will be assigned by the Wrangler>
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/768 #768]


== Detailed Description ==
== Detailed Description ==
Line 56: Line 57:
* `stratisd` was sending an incorrect D-Bus signal on a pool name change; this
* `stratisd` was sending an incorrect D-Bus signal on a pool name change; this
has been fixed.
has been fixed.
* Previously, when `stratisd-min`, which runs during boot before D-Bus
* Previously, when stratisd-min, which runs during boot before D-Bus functionality is available, gave way to stratisd when the D-Bus had been set up, it was possible for inconsistencies to arise if the Stratis engine was performing an operation which required invoking a distinct executable. The executable might be terminated during its execution, and stratisd-min would take the action appropriate to the command failure before exiting. Now, systemd is instructed to send a kill signal only to stratisd-min and not to any of stratisd-min's child processes when shutting down stratisd-min.
functionality is available, gave way to `stratisd` when the D-Bus had been set
* Previously, if the same device was specified using two different paths when creating or extending a pool the different paths would be interpreted as two different devices and an error would be returned when stratisd attempted to initialize the device a second time. Now, the different paths are canonicalized eagerly, and converted into a single canonical representation of the device, stratisd initializes the device only once, and no error is returned.
up, it was possible for inconsistencies to arise if the Stratis engine was
* Previously, stratisd did not report all existing object paths in the result of a D-Bus Introspect() call. This was due to a bug in version 0.9.1 and previous of stratisd's dbus-tree dependency.  stratisd now requires dbus-tree 0.9.2, so all nodes are reported.
performing an operation which required invoking a distinct executable. The
 
executable might be terminated during its execution, and `stratisd-min` would
take the action appropriate to the command failure before exiting. Now, systemd
is instructed to send a kill signal only to `stratisd-min` and not to any of
`stratisd-min`'s child processes when shutting down `stratisd-min`.


Other `stratisd` improvements:
Other `stratisd` improvements:
* Previously, stratisd relied entirely on udev information when deciding whether a storage device was not in use by another application and could safely be overwritten with Stratis metadata. Now it performs a supplementary check using libblkid and exits with an error if libblkid reports that the device is in use.
* Handling of errors returned by internal methods is improved; a chaining
* Handling of errors returned by internal methods is improved; a chaining
mechanism has been introduced and the error chains can be scrutinized
mechanism has been introduced and the error chains can be scrutinized
Line 104: Line 102:
pool had been created. Now the display of the block device paths is consistent
pool had been created. Now the display of the block device paths is consistent
across `stratisd` restarts.
across `stratisd` restarts.
* Previously, if a user specified the same device using two different paths
when creating or extending a pool the different paths would be
interpreted as two different devices and an error would be returned when
`stratisd` attempted to initialize the device a second time. Now, the
different paths are canonicalized eagerly, and converted into a single
canonical representation of the device, `stratisd` initializes the device only
once, and no error is returned.


== Feedback ==
== Feedback ==
Line 129: Line 120:


== Upgrade/compatibility impact ==
== Upgrade/compatibility impact ==
* Reviewing information on this topic
* Users of the CLI will not be impacted
* Developers that consume stratisd's D-Bus API will need to review the most recent changes make appropriate adjustments 


== How To Test ==
== How To Test ==
* Reviewing details about testing the filesystem size
* To test setting filesystem size:
* Reviewing details about testing the rebind command
  * Create a Stratis pool, either encrypted or not.
  * Create a Stratis filesystem on the pool, specifying a filesystem size:
    > stratis fs create <poolname> new-filesystem --size 256GiB
  * Verify that the size was set correctly:
    > stratis fs list <poolname>
    Verify the size of new-filesystem is 256 GiB by checking the first
    item in the size triple in the "Size" column.
* To test rebinding with a key in the kernel keyring:
  * Create an encrypted pool, specifying a key in the kernel keyring:
    > stratis key set old-key
    > stratis pool create <poolname> --key-desc old-key <blockdevs>
  * Add an additional key to the kernel keyring, entering the value at the command-line:
    > stratis key set new-key --capture-key
  * Rebind the pool using the new key:
    > stratis pool rebind keyring <poolname> new-key
  * Verify that the pool has been rebound to the new keyring by rebooting your machine:
    * Reboot, make sure that stratisd is running.
    * Remove the old key from the kernel keyring, using stratis:
      > stratis key unset old-key
    * Verify that the old key is gone, by listing all the keys:
      > stratis key list
    * Unlock all the pools using the keyring:
      > stratis pool unlock keyring
    * Verify that the rebound pool is unlocked by listing the pools and verifying that it appears in the pool listing:
      > stratis pool list
   


== User Experience ==
== User Experience ==
Line 139: Line 156:


== Dependencies ==
== Dependencies ==
Still reviewing package requirements
None
* ibblkid-rs
* stratisd_proc_macros
* libblkid-rs


== Contingency Plan ==
== Contingency Plan ==
Line 151: Line 165:


== Documentation ==
== Documentation ==
This content can be viewed on our Developer’s blog - not complete yet -
* Developers blog draft is here:  
* Waiting for developer's blog to be posted, draft is here:  
** https://github.com/stratis-storage/stratis-docs/pull/246
** https://github.com/stratis-storage/stratis-docs/pull/246
* Changelogs for stratisd
* Changelog for stratisd
** https://github.com/stratis-storage/stratisd/pull/2821/files
** https://github.com/stratis-storage/stratisd/pull/2821/files
* Changelogs for stratis-cli
* Changelog for stratis-cli
** https://github.com/stratis-storage/stratis-cli/pull/775/files
** https://github.com/stratis-storage/stratis-cli/pull/775/files


== Release Notes ==
== Release Notes ==
Includes recent version of Stratis
Includes recent version of Stratis

Latest revision as of 19:23, 17 November 2021

Stratis 3.0.0

Summary

Stratis 3.0.0 includes many internal improvements, bug fixes, and user-visible changes.

Owner

  • Email: dkeefe@redhat.com, amulhern@redhat.com, jbaublitz@redhat.com

Current status

Detailed Description

stratisd 3.0.0

stratisd 3.0.0 includes a number of significant internal improvements and a few bug fixes.

In stratisd 3.0.0 the D-Bus API has undergone a revision and the prior interfaces are all removed. The FetchProperties interfaces that were supported by all objects have been removed. The values that were previously obtainable via the FetchProperties methods are now conventional D-Bus properties. The possible values of error codes returned by the D-Bus methods have been reduced to 0 and 1, with the usual interpretation.

stratisd bug fixes:

  • The --prompt option was not passed to stratis-min in the

stratis-fstab-setup script; this prevented the user from entering the password necessary to unlock an encrypted pool during boot. This is no longer the case.

  • stratisd was not immediately updating the devicemapper device stack when

a cache was initialized with the result that the cache was not immediately put in use. This is no longer the case.

  • stratisd was not immediately updating the Clevis encryption info associated

with a pool on a command to bind an encrypted pool with Clevis. This problem has been corrected.

  • stratisd was sending an incorrect D-Bus signal on a pool name change; this

has been fixed.

  • Previously, when stratisd-min, which runs during boot before D-Bus functionality is available, gave way to stratisd when the D-Bus had been set up, it was possible for inconsistencies to arise if the Stratis engine was performing an operation which required invoking a distinct executable. The executable might be terminated during its execution, and stratisd-min would take the action appropriate to the command failure before exiting. Now, systemd is instructed to send a kill signal only to stratisd-min and not to any of stratisd-min's child processes when shutting down stratisd-min.
  • Previously, if the same device was specified using two different paths when creating or extending a pool the different paths would be interpreted as two different devices and an error would be returned when stratisd attempted to initialize the device a second time. Now, the different paths are canonicalized eagerly, and converted into a single canonical representation of the device, stratisd initializes the device only once, and no error is returned.
  • Previously, stratisd did not report all existing object paths in the result of a D-Bus Introspect() call. This was due to a bug in version 0.9.1 and previous of stratisd's dbus-tree dependency. stratisd now requires dbus-tree 0.9.2, so all nodes are reported.


Other stratisd improvements:

  • Previously, stratisd relied entirely on udev information when deciding whether a storage device was not in use by another application and could safely be overwritten with Stratis metadata. Now it performs a supplementary check using libblkid and exits with an error if libblkid reports that the device is in use.
  • Handling of errors returned by internal methods is improved; a chaining

mechanism has been introduced and the error chains can be scrutinized programatically to identify expected scenarios like rollback failures.

  • A set of states indicating that a pool has reduced capability have been

added internally and are published on the D-Bus. A pool's capability is reduced on an error being returned internally which contains, somewhere in its chain, the appropriate identifying error variant.

  • The code used to roll back failed encryption operations on a list of

pool devices has been refactored and generalized. It is now capable of returning an error that can be used to identify a restricted pool capability due to a rollback failure.

  • stratisd uses sha-256 instead of sha-1 for Clevis-related encryption

operations to conform with Clevis's own usage.

  • stratisd exits more elegantly and less frequently if it encounters an

error during execution of the distinct tasks that are assigned to the individual threads that it manages internally.

  • In preparation for edition 2021 of the Rust language, stratisd source code

has been updated to conform entirely to edition 2018 recommendations.

Detailed Description

stratis-cli 3.0.0

Users of the Stratis CLI may observe the following changes:

  • It is now possible to set the filesystem logical size when creating a

filesystem.

  • It is possible to rebind a pool using a Clevis tang server or with a key

in the kernel keyring.

  • Filesystem and pool list output have been extended and improved. The pool

listing includes an Alerts column. Currently this column is used to indicate whether the pool is in a restricted operation mode. A new subcommand, stratis pool explain, which provides a fuller explanation of the codes displayed in the Alerts column has been added. The filesystem listing now displays a filesystem's logical size.

  • With encrypted pools it was previously possible for the display of block

device paths to change format if stratisd was restarted after an encrypted pool had been created. Now the display of the block device paths is consistent across stratisd restarts.

Feedback

Benefits to Fedora

Users of Fedora will now benefit from Stratis 2.3.0 by:

  • Having the ability to set the filesystem size at create time
  • Changing the passphrase or NBDE server using the rebind option

Scope

  • Proposal owners:
    • Update existing stratis-cli package to specify new release
    • Update existing stratisd package to specify new release
  • Other developers: N/A
  • Release engineering: Self Contained
  • Policies guidelines: N/A
  • Trademark approval: N/A

Upgrade/compatibility impact

  • Users of the CLI will not be impacted
  • Developers that consume stratisd's D-Bus API will need to review the most recent changes make appropriate adjustments

How To Test

  • To test setting filesystem size:
 * Create a Stratis pool, either encrypted or not.
 * Create a Stratis filesystem on the pool, specifying a filesystem size:
   > stratis fs create <poolname> new-filesystem --size 256GiB
 * Verify that the size was set correctly:
   > stratis fs list <poolname>
   Verify the size of new-filesystem is 256 GiB by checking the first
   item in the size triple in the "Size" column.
  • To test rebinding with a key in the kernel keyring:
 * Create an encrypted pool, specifying a key in the kernel keyring:
   > stratis key set old-key
   > stratis pool create <poolname> --key-desc old-key <blockdevs>
 * Add an additional key to the kernel keyring, entering the value at the command-line:
   > stratis key set new-key --capture-key
 * Rebind the pool using the new key:
   > stratis pool rebind keyring <poolname> new-key
 * Verify that the pool has been rebound to the new keyring by rebooting your machine:
   * Reboot, make sure that stratisd is running.
   * Remove the old key from the kernel keyring, using stratis:
     > stratis key unset old-key
   * Verify that the old key is gone, by listing all the keys:
     > stratis key list
   * Unlock all the pools using the keyring:
     > stratis pool unlock keyring
   * Verify that the rebound pool is unlocked by listing the pools and verifying that it appears in the pool listing:
     > stratis pool list
   

User Experience

Other than the changes mentioned above the user experience will be the same.

Dependencies

None

Contingency Plan

  • Contingency mechanism:
  • Contingency deadline: N/A
  • Blocks release? No
  • Blocks product? No

Documentation

Release Notes

Includes recent version of Stratis