[release-announce] nova 15.1.1 (ocata)
no-reply at openstack.org
no-reply at openstack.org
Wed May 2 12:14:09 UTC 2018
We contentedly announce the release of:
nova 15.1.1: Cloud computing fabric controller
This release is part of the ocata stable release series.
Download the package from:
https://tarballs.openstack.org/nova/
For more details, please see below.
15.1.1
^^^^^^
Prelude
*******
This release includes fixes for security vulnerabilities.
Upgrade Notes
*************
* Starting in Ocata, there is a behavior change where aggregate-
based overcommit ratios will no longer be honored during scheduling
for the FilterScheduler. Instead, overcommit values must be set on a
per-compute-node basis in the Nova configuration files.
If you have been relying on per-aggregate overcommit, during your
upgrade, you must change to using per-compute-node overcommit ratios
in order for your scheduling behavior to stay consistent. Otherwise,
you may notice increased NoValidHost scheduling failures as the
aggregate-based overcommit is no longer being considered.
You can safely remove the AggregateCoreFilter, AggregateRamFilter,
and AggregateDiskFilter from your
"[filter_scheduler]enabled_filters" and you do not need to replace
them with any other core/ram/disk filters. The placement query in
the FilterScheduler takes care of the core/ram/disk filtering, so
CoreFilter, RamFilter, and DiskFilter are redundant.
Please see the mailing list thread for more information:
http://lists.openstack.org/pipermail/openstack-
operators/2018-January/014748.html
Security Issues
***************
* [CVE-2017-18191] Swapping encrypted volumes can lead to data loss
and a possible compute host DOS attack.
* Bug 1739593 (https://bugs.launchpad.net/nova/+bug/1739593)
Bug Fixes
*********
* The "delete_host" command has been added in "nova-manage cell_v2"
to delete a host from a cell (host mappings). The "force" option has
been added in "nova-manage cell_v2 delete_cell". If the "force"
option is specified, a cell can be deleted even if the cell has
hosts.
* If scheduling fails during rebuild the server instance will go to
ERROR state and a fault will be recorded. Bug 1744325
(https://bugs.launchpad.net/nova/+bug/1744325)
* The libvirt driver now allows specifying individual CPU feature
flags for guests, via a new configuration attribute
"[libvirt]/cpu_model_extra_flags" -- only with "custom" as the
"[libvirt]/cpu_model". Refer to its documentation in "nova.conf"
for usage details.
One of the motivations for this is to alleviate the performance
degradation (caused as a result of applying the "Meltdown" CVE
fixes) for guests running with certain Intel-based virtual CPU
models. This guest performance impact is reduced by exposing the
CPU feature flag 'PCID' ("Process-Context ID") to the *guest* CPU,
assuming that it is available in the physical hardware itself.
Note that besides "custom", Nova's libvirt driver has two other CPU
modes: "host-model" (which is the default), and "host-passthrough".
Refer to the "[libvirt]/cpu_model_extra_flags" documentation for
what to do when you are using either of those CPU modes in context
of 'PCID'.
Changes in nova 15.1.0..15.1.1
------------------------------
1c6b2fc libvirt: Allow to specify granular CPU feature flags
02b27a0 Revert "Proper error handling by _ensure_resource_provider"
1150d4a only increment disk address unit for scsi devices
b188492 Detach volumes when VM creation fails
c407a69 Clean up volumes on boot failure
01c4230 Handle spawning error on unshelving
db79797 Modify incorrect debug meaasge in _inject_data
0225a61 libvirt: Block swap volume attempts with encrypted volumes prior to Queens
862619b Increase cpu time for image conversion
caca713 libvirt: Report the allocated size of preallocated file based disks
604954a Set error state after failed evacuation
ea53d9f Pass the correct image to build_request_spec in conductor.rebuild_instance
590fd6d Functional test for regression bug #1713783
9c98fa4 Refactor a test method including 3 test cases
c61ec9d Don't persist RequestSpec.retry
0d111f1 Add regression test for persisted RequestSpec.retry from failed resize
5c43e76 Fix wrapping of neutron forbidden error
a0599e4 libvirt: log vm and task state when vif plugging times out
286dd2c Only attempt a rebuild claim for an evacuation to a new host
1291d45 libvirt: mask InjectionInfo.admin_pass
2cfdb9c libvirt: Don't VIR_MIGRATE_NON_SHARED_INC without migrate_disks
e0c1d46 Lazy-load instance attributes with read_deleted=yes
fb54ccf unquiesce instance on volume snapshot failure
d342222 Add 'delete_host' command in 'nova-manage cell_v2'
8430cbb Fix docs for IsolatedHostsFilter
88c51bd Handle volume-backed instances in IsolatedHostsFilter
3f3ccff Add regression test for BFV+IsolatedHostsFilter failure
6c91a3d Add release note for Aggregate[Core|Ram|Disk]Filter change
6b753f0 live-mig: keep disk device address same
0cac8fa add "--until-complete" option for nova-manage db archive_deleted_rows.
b9f9e09 Don't wait for vif plug events during _hard_reboot
e708878 Bumping functional test job timeouts
2efe3f6 Rollback instance.image_ref on failed rebuild
0b5006d Make sure that functional test triggered on sample changes
83fd8ac Set server status to ERROR if rebuild failed
b476562 Fix false positive server group functional tests
a0525f6 Stop _undefine_domain erroring if domain not found
eae6aa8 libvirt: Re-initialise volumes, encryptors, and vifs on hard reboot
6a2882b Fix possible TypeError in VIF.fixed_ips
b00b2fe Raise MarkerNotFound if BuildRequestList.get_by_filters doesn't find marker
5166061 Don't persist could-be-stale InstanceGroup fields in RequestSpec
f70119c Don't try to delete build request during a reschedule
5267937 Fix an error in _get_host_states when deleting a compute node
ff2231f Use instance.project_id when creating request specs for old instances
c4d700d Use proper user and tenant in the owner section of libvirt.xml.
44912b5 Proper error handling by _ensure_resource_provider
aa0e4eb Save updated libvirt domain XML after swapping volume
b9c26ad Don't update RT in _allocate_network
1d61444 Handle exception on adding secgroup
09970fe Fix instance lookup in hide_server_addresses extension
53d35e2 libvirt: bandwidth param should be set in guest migrate
e2c2b1d Fix joins in instance_get_all_by_host
a8ec586 Fix test_instance_get_all_by_host
8c4db90 Avoid unnecessary lazy-loads in mutated_migration_context
Diffstat (except docs and test files)
-------------------------------------
.zuul.yaml | 26 +
.../api/openstack/compute/hide_server_addresses.py | 5 +-
nova/cmd/manage.py | 71 ++-
nova/compute/api.py | 76 ++-
nova/compute/manager.py | 68 ++-
nova/conductor/manager.py | 67 ++-
nova/conf/libvirt.py | 54 ++
nova/db/sqlalchemy/api.py | 5 +-
nova/network/model.py | 7 +-
nova/network/neutronv2/api.py | 2 +-
nova/network/security_group/neutron_driver.py | 10 +-
nova/objects/build_request.py | 5 +-
nova/objects/instance.py | 13 +-
nova/objects/request_spec.py | 33 +-
nova/scheduler/filter_scheduler.py | 2 +-
nova/scheduler/filters/isolated_hosts_filter.py | 5 +-
nova/scheduler/host_manager.py | 12 +-
nova/test.py | 3 +
.../functional/regressions/test_bug_1713783.py | 127 +++++
.../functional/regressions/test_bug_1718512.py | 164 ++++++
.../functional/regressions/test_bug_1746483.py | 106 ++++
.../network/security_group/test_neutron_driver.py | 39 ++
nova/virt/block_device.py | 10 +
nova/virt/disk/api.py | 10 +
nova/virt/driver.py | 3 +-
nova/virt/fake.py | 25 +-
nova/virt/images.py | 2 +-
nova/virt/libvirt/driver.py | 172 ++++--
nova/virt/libvirt/guest.py | 17 +-
nova/virt/libvirt/migration.py | 15 +-
nova/volume/encryptors/luks.py | 5 +-
.../agg-resource-filters-6e24c92a69afa85f.yaml | 22 +
.../notes/bug-1721179-87bc7b64215944c0.yaml | 8 +
...ug-1739593-cve-2017-18191-25fe48d336d8cf13.yaml | 9 +
...4325-rebuild-error-status-9e2da03f3f81fd6e.yaml | 7 +
...irt-cpu-model-extra-flags-a23085f58bd22d27.yaml | 21 +
64 files changed, 2354 insertions(+), 410 deletions(-)
More information about the Release-announce
mailing list