[release-announce] nova 15.1.4 (ocata)

no-reply at openstack.org no-reply at openstack.org
Wed Sep 26 11:16:58 UTC 2018 

We are pleased to announce the release of:

nova 15.1.4: Cloud computing fabric controller

This release is part of the ocata stable release series.

Download the package from:

    https://tarballs.openstack.org/nova/

For more details, please see below.

15.1.4
^^^^^^

Security Issues

* A new policy rule,
  "os_compute_api:servers:create:zero_disk_flavor", has been
  introduced which defaults to "rule:admin_or_owner" for backward
  compatibility, but can be configured to make the compute API enforce
  that server create requests using a flavor with zero root disk must
  be volume-backed or fail with a "403 HTTPForbidden" error.

  Allowing image-backed servers with a zero root disk flavor can be
  potentially hazardous if users are allowed to upload their own
  images, since an instance created with a zero root disk flavor gets
  its size from the image, which can be unexpectedly large and exhaust
  local disk on the compute host. See
  https://bugs.launchpad.net/nova/+bug/1739646 for more details.

  While this is introduced in a backward-compatible way, the default
  will be changed to "rule:admin_api" in a subsequent release. It is
  advised that you communicate this change to your users before
  turning on enforcement since it will result in a compute API
  behavior change.

Changes in nova 15.1.3..15.1.4
------------------------------

fe0c103 import zuul job settings from project-config
f5b8a0a Return 400 when compute host is not found
456b3d6 [stable only] Handle quota usage during create/delete races
2f6ea7b Make ResourceTracker.stats node-specific
3120f40 [stable only] Add functional regression test for bug 1783613
d4179e3 Add recreate test for RT.stats bug 1784705
d2164c9 Default embedded instance.flavor.disabled attribute
09e678e Use instance project/user when creating RequestSpec during resize reschedule
4bd2a8d Ensure resource class cache when listing usages
8392c7f Add policy rule to block image-backed servers with 0 root disk flavor


Diffstat (except docs and test files)
-------------------------------------

.zuul.yaml                                         | 300 ++++++++++++++++++++-
api-ref/source/parameters.yaml                     |   4 +-
nova/api/openstack/compute/migrate_server.py       |   3 +-
nova/api/openstack/compute/servers.py              |   3 +-
nova/compute/api.py                                |  50 +++-
nova/compute/resource_tracker.py                   |  23 +-
nova/conductor/manager.py                          |   3 +-
nova/exception.py                                  |   5 +
nova/objects/instance.py                           |  15 ++
nova/objects/resource_provider.py                  |   1 +
nova/policies/servers.py                           |   2 +
.../functional/compute/test_resource_tracker.py    | 247 +++++++++++++++++
.../functional/regressions/test_bug_1783613.py     | 176 ++++++++++++
.../api/openstack/compute/test_migrate_server.py   |  21 +-
...cked_for_zero_disk_flavor-b36a6eb4fa8b2964.yaml |  20 ++
21 files changed, 966 insertions(+), 28 deletions(-)

More information about the Release-announce mailing list