[release-announce] nova 18.2.2 (rocky)

no-reply at openstack.org no-reply at openstack.org
Mon Aug 12 21:31:33 UTC 2019 

We eagerly announce the release of:

nova 18.2.2: Cloud computing fabric controller

This release is part of the rocky stable release series.

The source is available from:

    https://opendev.org/openstack/nova

Download the package from:

    https://tarballs.openstack.org/nova/

Please report issues through:

    https://bugs.launchpad.net/nova/+bugs

For more details, please see below.

18.2.2
^^^^^^


Security Issues
***************

* OSSA-2019-003: Nova Server Resource Faults Leak External Exception
  Details (CVE-2019-14433)

  This release contains a security fix for bug 1837877 where users
  without the admin role can be exposed to sensitive error details in
  the server resource fault "message".

  There is a behavior change where non-nova exceptions will only
  record the exception class name in the fault "message" field which
  is exposed to all users, regardless of the admin role.

  The fault "details", which are only exposed to users with the admin
  role, will continue to include the traceback and also include the
  exception value which for non-nova exceptions is what used to be
  exposed in the fault "message" field. Meaning, the information that
  admins could see for server faults is still available, but the
  exception value may be in "details" rather than "message" now.

   (https://security.openstack.org/ossa/OSSA-2019-003.html)
  (https://bugs.launchpad.net/nova/+bug/1837877)


Bug Fixes
*********

* Bug 1675791 has been fixed by granting image membership access to
  snapshot images when the owner of the server is not performing the
  snapshot/backup/shelve operation on the server. For example, an
  admin shelves a user's server and the user needs to unshelve the
  server so the user needs access to the shelved snapshot image.

  Note that only the image owner may delete the image, so in the case
  of a shelved offloaded server, if the user unshelves or deletes the
  server, that operation will work but there will be a warning in the
  logs because the shelved snapshot image could not be deleted since
  the user does not own the image. Similarly, if an admin creates a
  snapshot of a server in another project, the admin owns the snapshot
  image and the non-admin project, while having shared image member
  access to see the image, cannot delete the snapshot.

  The bug fix applies to both the "nova-osapi_compute" and "nova-
  compute" service so older compute services will need to be patched.

  Refer to the image API reference for details on image sharing:

  https://developer.openstack.org/api-ref/image/v2/index.html#sharing

   (https://launchpad.net/bugs/1675791)

* Bug 1811726 is fixed by deleting the resource provider (in
  placement) associated with each compute node record managed by a
  "nova-compute" service when that service is deleted via the "DELETE
  /os-services/{service_id}" API. This is particularly important for
  compute services managing ironic baremetal nodes.

   (https://bugs.launchpad.net/nova/+bug/1811726)

Changes in nova 18.2.1..18.2.2
------------------------------

72f9aa720f Don't generate service UUID for deleted services
e0b91a5b1e Replace non-nova server fault message
3a1be7afd0 Avoid logging traceback when detach device not found
25fd08755e Fix python3 compatibility of rbd get_fsid
3624600094 Add functional regression test for bug 1778305
eadd78efe3 Add functional recreate test for bug 1764556
e3b68a1c8b Cleanup when hitting MaxRetriesExceeded from no host_available
f292a92a89 Add functional regression test for bug 1837955
5f0497e595 Revert "[libvirt] Filter hypervisor_type by virt_type"
2b86a9cacc Avoid crashing while getting libvirt capabilities with unknown arch names
65d2e455e3 libvirt: move checking CONF.my_ip to init_host()
d9892abd2f Revert resize: wait for events according to hybrid plug
5982c92fa8 docs: Correct issues with 'openstack quota set' commands
7793f4d759 doc: Fix a parameter of NotificationPublisher
00e5e3a744 Perf: Use dicts for ProviderTree roots
e3cd1d9baa Fix type error on call to mount device
cbf6a46d8f Drop source node allocations if finish_resize fails
9a977cb28c Add functional recreate test for regression bug 1825537
a85ce04fa3 Stabilize unshelve notification sample tests
0142cc840f Ignore hw_vif_type for direct, direct-physical vNIC types
5acbea506a Init HostState.failed_builds
4858074c89 Fix double word hacking test
aa19788d78 Disable limit if affinity(anti)/same(different)host is requested
e93bc57a73 libvirt: flatten rbd images when unshelving an instance
0ac4a97204 Grab fresh power state info from the driver
75985e25bc libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
64d5278883 Delete resource providers for all nodes when deleting compute service
6ca6f6fce6 Share snapshot image membership with instance owner


Diffstat (except docs and test files)
-------------------------------------

nova/api/openstack/compute/services.py             |  11 +-
nova/compute/api.py                                |  31 ++-
nova/compute/manager.py                            | 104 ++++++--
nova/compute/provider_tree.py                      |  27 +-
nova/compute/utils.py                              |  41 ++-
nova/conductor/manager.py                          |  32 ++-
nova/db/sqlalchemy/api.py                          |   3 +-
nova/image/glance.py                               |  34 ++-
nova/network/model.py                              |  25 ++
nova/objects/migration.py                          |   3 +
nova/objects/service.py                            |   2 +-
nova/scheduler/host_manager.py                     |   1 +
nova/scheduler/utils.py                            |   6 +
.../functional/regressions/test_bug_1764556.py     | 155 ++++++++++++
.../functional/regressions/test_bug_1778305.py     |  61 +++++
.../functional/regressions/test_bug_1825537.py     |  97 ++++++++
.../functional/regressions/test_bug_1837955.py     | 104 ++++++++
.../unit/api/openstack/compute/test_services.py    |  20 +-
nova/virt/disk/mount/api.py                        |   2 +-
nova/virt/fake.py                                  |   7 +
nova/virt/hyperv/snapshotops.py                    |   3 +-
nova/virt/libvirt/driver.py                        | 135 +++++++---
nova/virt/libvirt/guest.py                         |   6 +-
nova/virt/libvirt/imagebackend.py                  |  11 +
nova/virt/libvirt/storage/rbd_utils.py             |   4 +-
nova/virt/libvirt/vif.py                           |  23 +-
nova/virt/powervm/image.py                         |   1 -
nova/virt/vmwareapi/images.py                      |   1 -
nova/virt/zvm/driver.py                            |   1 -
...91-snapshot-member-access-c40bba36606618f7.yaml |  26 ++
...1811726-multi-node-delete-2ba17f02c6171fbb.yaml |  10 +
...ve-fault-message-exposure-5360d794f4976b7c.yaml |  23 ++
60 files changed, 1745 insertions(+), 263 deletions(-)

More information about the Release-announce mailing list