[release-announce] nova 18.2.2 (rocky)
no-reply at openstack.org
no-reply at openstack.org
Mon Aug 12 21:31:33 UTC 2019
We eagerly announce the release of:
nova 18.2.2: Cloud computing fabric controller
This release is part of the rocky stable release series.
The source is available from:
https://opendev.org/openstack/nova
Download the package from:
https://tarballs.openstack.org/nova/
Please report issues through:
https://bugs.launchpad.net/nova/+bugs
For more details, please see below.
18.2.2
^^^^^^
Security Issues
***************
* OSSA-2019-003: Nova Server Resource Faults Leak External Exception
Details (CVE-2019-14433)
This release contains a security fix for bug 1837877 where users
without the admin role can be exposed to sensitive error details in
the server resource fault "message".
There is a behavior change where non-nova exceptions will only
record the exception class name in the fault "message" field which
is exposed to all users, regardless of the admin role.
The fault "details", which are only exposed to users with the admin
role, will continue to include the traceback and also include the
exception value which for non-nova exceptions is what used to be
exposed in the fault "message" field. Meaning, the information that
admins could see for server faults is still available, but the
exception value may be in "details" rather than "message" now.
(https://security.openstack.org/ossa/OSSA-2019-003.html)
(https://bugs.launchpad.net/nova/+bug/1837877)
Bug Fixes
*********
* Bug 1675791 has been fixed by granting image membership access to
snapshot images when the owner of the server is not performing the
snapshot/backup/shelve operation on the server. For example, an
admin shelves a user's server and the user needs to unshelve the
server so the user needs access to the shelved snapshot image.
Note that only the image owner may delete the image, so in the case
of a shelved offloaded server, if the user unshelves or deletes the
server, that operation will work but there will be a warning in the
logs because the shelved snapshot image could not be deleted since
the user does not own the image. Similarly, if an admin creates a
snapshot of a server in another project, the admin owns the snapshot
image and the non-admin project, while having shared image member
access to see the image, cannot delete the snapshot.
The bug fix applies to both the "nova-osapi_compute" and "nova-
compute" service so older compute services will need to be patched.
Refer to the image API reference for details on image sharing:
https://developer.openstack.org/api-ref/image/v2/index.html#sharing
(https://launchpad.net/bugs/1675791)
* Bug 1811726 is fixed by deleting the resource provider (in
placement) associated with each compute node record managed by a
"nova-compute" service when that service is deleted via the "DELETE
/os-services/{service_id}" API. This is particularly important for
compute services managing ironic baremetal nodes.
(https://bugs.launchpad.net/nova/+bug/1811726)
Changes in nova 18.2.1..18.2.2
------------------------------
72f9aa720f Don't generate service UUID for deleted services
e0b91a5b1e Replace non-nova server fault message
3a1be7afd0 Avoid logging traceback when detach device not found
25fd08755e Fix python3 compatibility of rbd get_fsid
3624600094 Add functional regression test for bug 1778305
eadd78efe3 Add functional recreate test for bug 1764556
e3b68a1c8b Cleanup when hitting MaxRetriesExceeded from no host_available
f292a92a89 Add functional regression test for bug 1837955
5f0497e595 Revert "[libvirt] Filter hypervisor_type by virt_type"
2b86a9cacc Avoid crashing while getting libvirt capabilities with unknown arch names
65d2e455e3 libvirt: move checking CONF.my_ip to init_host()
d9892abd2f Revert resize: wait for events according to hybrid plug
5982c92fa8 docs: Correct issues with 'openstack quota set' commands
7793f4d759 doc: Fix a parameter of NotificationPublisher
00e5e3a744 Perf: Use dicts for ProviderTree roots
e3cd1d9baa Fix type error on call to mount device
cbf6a46d8f Drop source node allocations if finish_resize fails
9a977cb28c Add functional recreate test for regression bug 1825537
a85ce04fa3 Stabilize unshelve notification sample tests
0142cc840f Ignore hw_vif_type for direct, direct-physical vNIC types
5acbea506a Init HostState.failed_builds
4858074c89 Fix double word hacking test
aa19788d78 Disable limit if affinity(anti)/same(different)host is requested
e93bc57a73 libvirt: flatten rbd images when unshelving an instance
0ac4a97204 Grab fresh power state info from the driver
75985e25bc libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
64d5278883 Delete resource providers for all nodes when deleting compute service
6ca6f6fce6 Share snapshot image membership with instance owner
Diffstat (except docs and test files)
-------------------------------------
nova/api/openstack/compute/services.py | 11 +-
nova/compute/api.py | 31 ++-
nova/compute/manager.py | 104 ++++++--
nova/compute/provider_tree.py | 27 +-
nova/compute/utils.py | 41 ++-
nova/conductor/manager.py | 32 ++-
nova/db/sqlalchemy/api.py | 3 +-
nova/image/glance.py | 34 ++-
nova/network/model.py | 25 ++
nova/objects/migration.py | 3 +
nova/objects/service.py | 2 +-
nova/scheduler/host_manager.py | 1 +
nova/scheduler/utils.py | 6 +
.../functional/regressions/test_bug_1764556.py | 155 ++++++++++++
.../functional/regressions/test_bug_1778305.py | 61 +++++
.../functional/regressions/test_bug_1825537.py | 97 ++++++++
.../functional/regressions/test_bug_1837955.py | 104 ++++++++
.../unit/api/openstack/compute/test_services.py | 20 +-
nova/virt/disk/mount/api.py | 2 +-
nova/virt/fake.py | 7 +
nova/virt/hyperv/snapshotops.py | 3 +-
nova/virt/libvirt/driver.py | 135 +++++++---
nova/virt/libvirt/guest.py | 6 +-
nova/virt/libvirt/imagebackend.py | 11 +
nova/virt/libvirt/storage/rbd_utils.py | 4 +-
nova/virt/libvirt/vif.py | 23 +-
nova/virt/powervm/image.py | 1 -
nova/virt/vmwareapi/images.py | 1 -
nova/virt/zvm/driver.py | 1 -
...91-snapshot-member-access-c40bba36606618f7.yaml | 26 ++
...1811726-multi-node-delete-2ba17f02c6171fbb.yaml | 10 +
...ve-fault-message-exposure-5360d794f4976b7c.yaml | 23 ++
60 files changed, 1745 insertions(+), 263 deletions(-)
More information about the Release-announce
mailing list