[release-announce] [nova] nova 16.1.2 (pike)

no-reply at openstack.org no-reply at openstack.org
Wed Apr 25 09:33:26 UTC 2018


We are thrilled to announce the release of:

nova 16.1.2: Cloud computing fabric controller

This release is part of the pike stable release series.

Download the package from:

    https://tarballs.openstack.org/nova/

For more details, please see below.

16.1.2
^^^^^^


Prelude
*******

This release includes fixes for security vulnerabilities.


Security Issues
***************

* [CVE-2017-18191] Swapping encrypted volumes can lead to data loss
  and a possible compute host DOS attack.

  * Bug 1739593 (https://bugs.launchpad.net/nova/+bug/1739593)


Bug Fixes
*********

* The libvirt driver now allows specifying individual CPU feature
  flags for guests, via a new configuration attribute
  "[libvirt]/cpu_model_extra_flags" -- only with "custom" as the
  "[libvirt]/cpu_model".  Refer to its documentation in "nova.conf"
  for usage details.

  One of the motivations for this is to alleviate the performance
  degradation (caused as a result of applying the "Meltdown" CVE
  fixes) for guests running with certain Intel-based virtual CPU
  models.  This guest performance impact is reduced by exposing the
  CPU feature flag 'PCID' ("Process-Context ID") to the *guest* CPU,
  assuming that it is available in the physical hardware itself.

  Note that besides "custom", Nova's libvirt driver has two other CPU
  modes: "host-model" (which is the default), and "host-passthrough".
  Refer to the "[libvirt]/cpu_model_extra_flags" documentation for
  what to do when you are using either of those CPU modes in context
  of 'PCID'.

Changes in nova 16.1.1..16.1.2
------------------------------

92bd7ea libvirt: disconnect volume from host during detach
b255e16 only increment disk address unit for scsi devices
d88b75e libvirt: Report the allocated size of preallocated file based disks
5b64a19 libvirt: Block swap volume attempts with encrypted volumes prior to Queens
15aed7e ironic: Get correct inventory for deployed node
878e99d Don't persist RequestSpec.retry
004e9ac Add regression test for persisted RequestSpec.retry from failed resize
56350b9 libvirt: Allow to specify granular CPU feature flags
837ac8c Fix wrapping of neutron forbidden error


Diffstat (except docs and test files)
-------------------------------------

nova/compute/manager.py                            |   4 +-
nova/conf/libvirt.py                               |  54 +++
nova/network/neutronv2/api.py                      |   2 +-
nova/objects/request_spec.py                       |   3 +
.../functional/regressions/test_bug_1718512.py     | 155 ++++++++
nova/virt/block_device.py                          |  10 +
nova/virt/disk/api.py                              |  10 +
nova/virt/driver.py                                |   3 +-
nova/virt/fake.py                                  |   2 +-
nova/virt/ironic/driver.py                         |   3 +-
nova/virt/libvirt/driver.py                        | 115 +++++-
...ug-1739593-cve-2017-18191-25fe48d336d8cf13.yaml |   9 +
...irt-cpu-model-extra-flags-a23085f58bd22d27.yaml |  21 ++
21 files changed, 838 insertions(+), 53 deletions(-)







More information about the Release-announce mailing list