[release-announce] nova 23.0.2 (wallaby)

no-reply at openstack.org no-reply at openstack.org
Thu Jul 15 12:51:48 UTC 2021 

We joyfully announce the release of:

nova 23.0.2: Cloud computing fabric controller

This release is part of the wallaby stable release series.

The source is available from:

    https://opendev.org/openstack/nova

Download the package from:

    https://tarballs.openstack.org/nova/

Please report issues through:

    https://bugs.launchpad.net/nova/+bugs

For more details, please see below.

23.0.2
^^^^^^


Security Issues
***************

* A vulnerability in the console proxies (novnc, serial, spice) that
  allowed open redirection has been patched. The novnc, serial, and
  spice console proxies are implemented as websockify servers and the
  request handler inherits from the python standard
  SimpleHTTPRequestHandler. There is a known issue in the
  SimpleHTTPRequestHandler which allows open redirects by way of URLs
  in the following format:

     http://vncproxy.my.domain.com//example.com/%2F..

  which if visited, will redirect a user to example.com.

  The novnc, serial, and spice console proxies will now reject
  requests that pass a redirection URL beginning with "//" with a 400
  Bad Request.

   (https://bugs.launchpad.net/nova/+bug/1927677)
  (https://bugs.python.org/issue32084)


Bug Fixes
*********

* Improved detection of anti-affinity policy violation when
  performing live and cold migrations. Most of the violations caused
  by race conditions due to performing concurrent live or cold
  migrations should now be addressed by extra checks in the compute
  service. Upon detection, cold migration operations are automatically
  rescheduled, while live migrations have two checks and will be
  rescheduled if detected by the first one, otherwise the live
  migration will fail cleanly and revert the instance state back to
  its previous value.

* Bug 1851545 (https://bugs.launchpad.net/nova/+bug/1851545),
  wherein unshelving an instance with SRIOV Neutron ports did not
  update the port binding's "pci_slot" and could cause libvirt PCI
  conflicts, has been fixed.

  Important: Constraints in the fix's implementation mean that it
    only applies to instances booted **after** it has been applied.
    Existing instances will still experience bug 1851545 after being
    shelved and unshelved, even with the fix applied.

* To fix device detach issues in the libvirt driver the detach logic
  has been changed from a sleep based retry loop to waiting for
  libvirt domain events. During this change we also introduced two new
  config options to allow fine tuning the retry logic. For details see
  the description of the new "[libvirt]device_detach_attempts" and
  "[libvirt]device_detach_timeout" config options.

   (https://bugs.launchpad.net/nova/+bug/1882521)

Changes in nova 23.0.1..23.0.2
------------------------------

fef0305abe Move 'check-cherry-picks' test to gate, n-v check
5d65680095 libvirt: Set driver_iommu when attaching virtio devices to SEV instance
c45bedd98d zuul: Replace grenade and nova-grenade-multinode with grenade-multinode
8b62a4ec9b Error anti-affinity violation on migrations
46aa3f4ec7 Honor [neutron]http_retries in the manual client
bf7254b794 Update SRIOV port pci_slot when unshelving
3625d5336a Test SRIOV port move operations with PCI conflicts
83ca8b3563 Neutron fixture: don't clobber profile and vif_details if empty
5ede75c65e Stop leaking ceph df cmd in RBD utils
4709256142 Reject open redirection in the console proxy
8f018d754d rbd: Get rbd_utils unit tests running again
8b50f48ed2 Consolidate device detach error handling
ebf1ceb7d6 Move instance power state check to _detach_with_retry
14596ca30f libvirt: Remove dead error handling code
9f90c7268c Follow up type hints for a634103
3fcd11a403 Enable mypy on libvirt/guest.py
5f488d8cd1 Move the guest.get_disk test to test_guest
30317e6b3f Replace blind retry with libvirt event waiting in detach


Diffstat (except docs and test files)
-------------------------------------

.zuul.yaml                                         |   46 +-
gate/live_migration/hooks/ceph.sh                  |  208 ----
gate/live_migration/hooks/nfs.sh                   |   50 -
gate/live_migration/hooks/utils.sh                 |   11 -
mypy-files.txt                                     |    1 +
nova/compute/manager.py                            |  124 +-
nova/conf/libvirt.py                               |   24 +
nova/console/websocketproxy.py                     |   23 +
nova/network/neutron.py                            |   86 +-
nova/storage/rbd_utils.py                          |    9 +-
.../functional/libvirt/test_pci_sriov_servers.py   |  116 ++
nova/virt/libvirt/designer.py                      |   10 +-
nova/virt/libvirt/driver.py                        |  559 ++++++---
nova/virt/libvirt/guest.py                         |  139 +--
nova/virt/libvirt/migration.py                     |    9 +-
playbooks/legacy/nova-grenade-multinode/post.yaml  |   15 -
playbooks/legacy/nova-grenade-multinode/run.yaml   |   65 --
playbooks/legacy/nova-live-migration/post.yaml     |   15 -
playbooks/legacy/nova-live-migration/run.yaml      |   60 -
.../notes/bug-1821755-7bd03319e34b6b10.yaml        |   11 +
.../notes/bug-1851545-781c358939d96cea.yaml        |   12 +
...roxy-reject-open-redirect-4ac0a7895acca7eb.yaml |   19 +
...event-based-device-detach-23ac037004d753b1.yaml |   11 +
tools/check-cherry-picks.sh                        |    5 -
tox.ini                                            |   12 +-
39 files changed, 2180 insertions(+), 1347 deletions(-)

More information about the Release-announce mailing list