[release-announce] nova 23.0.2 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Thu Jul 15 12:51:48 UTC 2021
We joyfully announce the release of:
nova 23.0.2: Cloud computing fabric controller
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/nova
Download the package from:
https://tarballs.openstack.org/nova/
Please report issues through:
https://bugs.launchpad.net/nova/+bugs
For more details, please see below.
23.0.2
^^^^^^
Security Issues
***************
* A vulnerability in the console proxies (novnc, serial, spice) that
allowed open redirection has been patched. The novnc, serial, and
spice console proxies are implemented as websockify servers and the
request handler inherits from the python standard
SimpleHTTPRequestHandler. There is a known issue in the
SimpleHTTPRequestHandler which allows open redirects by way of URLs
in the following format:
http://vncproxy.my.domain.com//example.com/%2F..
which if visited, will redirect a user to example.com.
The novnc, serial, and spice console proxies will now reject
requests that pass a redirection URL beginning with "//" with a 400
Bad Request.
(https://bugs.launchpad.net/nova/+bug/1927677)
(https://bugs.python.org/issue32084)
Bug Fixes
*********
* Improved detection of anti-affinity policy violation when
performing live and cold migrations. Most of the violations caused
by race conditions due to performing concurrent live or cold
migrations should now be addressed by extra checks in the compute
service. Upon detection, cold migration operations are automatically
rescheduled, while live migrations have two checks and will be
rescheduled if detected by the first one, otherwise the live
migration will fail cleanly and revert the instance state back to
its previous value.
* Bug 1851545 (https://bugs.launchpad.net/nova/+bug/1851545),
wherein unshelving an instance with SRIOV Neutron ports did not
update the port binding's "pci_slot" and could cause libvirt PCI
conflicts, has been fixed.
Important: Constraints in the fix's implementation mean that it
only applies to instances booted **after** it has been applied.
Existing instances will still experience bug 1851545 after being
shelved and unshelved, even with the fix applied.
* To fix device detach issues in the libvirt driver the detach logic
has been changed from a sleep based retry loop to waiting for
libvirt domain events. During this change we also introduced two new
config options to allow fine tuning the retry logic. For details see
the description of the new "[libvirt]device_detach_attempts" and
"[libvirt]device_detach_timeout" config options.
(https://bugs.launchpad.net/nova/+bug/1882521)
Changes in nova 23.0.1..23.0.2
------------------------------
fef0305abe Move 'check-cherry-picks' test to gate, n-v check
5d65680095 libvirt: Set driver_iommu when attaching virtio devices to SEV instance
c45bedd98d zuul: Replace grenade and nova-grenade-multinode with grenade-multinode
8b62a4ec9b Error anti-affinity violation on migrations
46aa3f4ec7 Honor [neutron]http_retries in the manual client
bf7254b794 Update SRIOV port pci_slot when unshelving
3625d5336a Test SRIOV port move operations with PCI conflicts
83ca8b3563 Neutron fixture: don't clobber profile and vif_details if empty
5ede75c65e Stop leaking ceph df cmd in RBD utils
4709256142 Reject open redirection in the console proxy
8f018d754d rbd: Get rbd_utils unit tests running again
8b50f48ed2 Consolidate device detach error handling
ebf1ceb7d6 Move instance power state check to _detach_with_retry
14596ca30f libvirt: Remove dead error handling code
9f90c7268c Follow up type hints for a634103
3fcd11a403 Enable mypy on libvirt/guest.py
5f488d8cd1 Move the guest.get_disk test to test_guest
30317e6b3f Replace blind retry with libvirt event waiting in detach
Diffstat (except docs and test files)
-------------------------------------
.zuul.yaml | 46 +-
gate/live_migration/hooks/ceph.sh | 208 ----
gate/live_migration/hooks/nfs.sh | 50 -
gate/live_migration/hooks/utils.sh | 11 -
mypy-files.txt | 1 +
nova/compute/manager.py | 124 +-
nova/conf/libvirt.py | 24 +
nova/console/websocketproxy.py | 23 +
nova/network/neutron.py | 86 +-
nova/storage/rbd_utils.py | 9 +-
.../functional/libvirt/test_pci_sriov_servers.py | 116 ++
nova/virt/libvirt/designer.py | 10 +-
nova/virt/libvirt/driver.py | 559 ++++++---
nova/virt/libvirt/guest.py | 139 +--
nova/virt/libvirt/migration.py | 9 +-
playbooks/legacy/nova-grenade-multinode/post.yaml | 15 -
playbooks/legacy/nova-grenade-multinode/run.yaml | 65 --
playbooks/legacy/nova-live-migration/post.yaml | 15 -
playbooks/legacy/nova-live-migration/run.yaml | 60 -
.../notes/bug-1821755-7bd03319e34b6b10.yaml | 11 +
.../notes/bug-1851545-781c358939d96cea.yaml | 12 +
...roxy-reject-open-redirect-4ac0a7895acca7eb.yaml | 19 +
...event-based-device-detach-23ac037004d753b1.yaml | 11 +
tools/check-cherry-picks.sh | 5 -
tox.ini | 12 +-
39 files changed, 2180 insertions(+), 1347 deletions(-)
More information about the Release-announce
mailing list