We are ecstatic to announce the release of: nova 17.0.6: Cloud computing fabric controller This release is part of the queens stable release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 17.0.6 ^^^^^^ Known Issues ************ * The initial implementation of native LUKS decryption within Libvirt 2.2.0 had a known issue with the use of passphrases that were a multiple of 16 bytes in size. This was resolved in the upstream 3.3.0 release of Libvirt and has been backported to various downstream distribution specific versions. A simple warning will reference the above if this issue is encountered by Nova however operators of the environment will still need to update Libvirt to a version where this issue has been fixed to resolve the issue. (https://bugzilla.redhat.com/show_bug.cgi?id=1447297) (https://libvirt.org/git/?p=libvirt.git;a=commit;h=7189099) Upgrade Notes ************* * A new online data migration has been added to populate missing instance.availability_zone values for instances older than Pike whose availability_zone was not specified during boot time. This can be run during the normal "nova-manage db online_data_migrations" routine. This fixes Bug 1768876 (https://bugs.launchpad.net/nova/+bug/1768876) Security Issues *************** * A new policy rule, "os_compute_api:servers:create:zero_disk_flavor", has been introduced which defaults to "rule:admin_or_owner" for backward compatibility, but can be configured to make the compute API enforce that server create requests using a flavor with zero root disk must be volume-backed or fail with a "403 HTTPForbidden" error. Allowing image-backed servers with a zero root disk flavor can be potentially hazardous if users are allowed to upload their own images, since an instance created with a zero root disk flavor gets its size from the image, which can be unexpectedly large and exhaust local disk on the compute host. See https://bugs.launchpad.net/nova/+bug/1739646 for more details. While this is introduced in a backward-compatible way, the default will be changed to "rule:admin_api" in a subsequent release. It is advised that you communicate this change to your users before turning on enforcement since it will result in a compute API behavior change. * To mitigate potential issues with compute nodes disabling themselves in response to failures that were either non-fatal or user- generated, the consecutive build failure counter functionality in the compute service has been changed to advise the scheduler of the count instead of self-disabling the service upon exceeding the threshold. The "[compute]/consecutive_build_service_disable_threshold" configuration option still controls whether the count is tracked, but the action taken on this value has been changed to a scheduler weigher. This allows the scheduler to be configured to weigh hosts with consecutive failures lower than other hosts, configured by the "[filter_scheduler]/build_failure_weight_multiplier" option. If the compute threshold option is nonzero, computes will report their failure count for the scheduler to consider. If the threshold value is zero, then computes will not report this value and the scheduler will assume the number of failures for non-reporting compute nodes to be zero. By default, the scheduler weigher is enabled and configured with a very large multiplier to ensure that hosts with consecutive failures are scored low by default. * The 'AMD-SSBD' and 'AMD-NO-SSB' flags have been added to the list of available choices for the "[libvirt]/cpu_model_extra_flags" config option. These are important for proper mitigation of security issues in AMD CPUs. For more information see https://www.redhat.com/archives/libvir-list/2018-June/msg01111.html Bug Fixes ********* * Listing server and migration records used to give a 500 to users when a cell database was unreachable. Now only records from available cells are included to avoid the 500 error. The down cells are basically skipped when forming the results and this solution is planned to be further enhanced through the blueprint handling-down- cell. (https://blueprints.launchpad.net/nova/+spec/handling-down-cell) * For libvirt driver. Now when creating tap devices the MTU will be configured. Requires libvirt 3.3.0 at least. Other Notes *********** * A new configuration option, "[compute]/live_migration_wait_for_vif_plug", has been added which can be used to configure compute services to wait for network interface plugging to complete on the destination host before starting the guest transfer on the source host during live migration. If you set this option the same on all of your compute hosts, which you should do if you use the same networking backend universally, you do not have to worry about this. This is disabled by default for backward compatibilty and because the compute service cannot reliably determine which types of virtual interfaces ("port.binding:vif_type") will send "network-vif-plugged" events without an accompanying port "binding:host_id" change. Open vSwitch and linuxbridge should be OK, but OpenDaylight is at least one known backend that will not currently work in this case, see bug https://launchpad.net/bugs/1755890 for more details. Changes in nova 17.0.5..17.0.6 ------------------------------ 7871204 Fix soft deleting vm fails after "nova resize" vm e19d6f0 Set default of oslo.privsep.daemon logging to INFO level 3340d17 import zuul job settings from project-config 6ece888 Remove noisy DEBUG log ab93937 Make scheduler.utils.setup_instance_group query all cells c6960e8 Fix DB archiver AttributeError due to wrong table name attribute used c35f290 Add functional test for affinity with multiple cells ab6f78b Fix the request context in ServiceFixture 8ca3b07 Move conductor wait_until_ready() delay before manager init bfe89fe Wait for network-vif-plugged before starting live migration 77a831d Fix cancel_all_events event name parsing 059c2d4 Filter out instances without a host when populating AZ dee99b1 Revert "libvirt: slow live-migration to ensure network is ready" 997b385 VMware: fix TypeError while get console log 838ecb3 block_device: Rollback volumes to in-use on DeviceDetachFailed 0a60496 Fix host validity check for live-migration 4e83188 Fix bad links for admin-guide 559de0d0 Update nova network info when doing rebuild for evacuate operation 91d47b11 Fix message for unexpected external event 410eca7 Reload oslo_context after calling monkey_patch() 66a47b7 [placement] Retry allocation writes server side 7d99f57 Make ResourceTracker.stats node-specific cc8167a Add recreate test for RT.stats bug 1784705 ab1fd87 Disable limits if force_hosts or force_nodes is set 2caf8f6 Make host_aggregate_map dictionary case-insensitive 59075b8 Call generate_image_url only for legacy notification 0be8cbc Handle HostMappingNotFound when deleting a compute service d543ddd Add unshelve instance error info to fault table 58538ac [Stable Only] Remove soft-deleted instances from quota_usages 1aa81eb Fix server_group_members quota check c7b0779 Add functional regressions tests for server_group_members OverQuota d7864fb hardware: fix hugepages memory usage per intances 246c61d Fix TypeError in prep_resize allocation cleanup bcae081 unquiesce instance after quiesce failure e57f66a Consider hostdev devices when building metadata 0f253ea Refactor _build_device_metadata b2146b0 Default embedded instance.flavor.disabled attribute 509e0a0 libvirt: add qemu version check when configuring mtu for network a31ebd8 Fix unbound local when saving an unchanged RequestSpec 127dd73 add mtu to libvirt xml for ethernet and bridge types 1e16b5f Use ironic-tempest-dsvm-ipa-wholedisk-bios-agent_ipmitool-tinyipa in tree f1cb6f1 Fix regression when listing build_requests with marker and ip filter 22583a0 Update admin/flavors document 3163c93 libvirt: Fix the rescue race for vGPU instances 4917d4d Make nova service-list use scatter-gather routine 40de025 Handle CannotDeleteParentResourceProvider to 409 Conflict b872eb2 Fix unit test modifying global state c8756d5 Handle network-changed event for a specific port 0626dd0 Make nova list and migration-list ignore down cells 1162902 Use instance project/user when creating RequestSpec during resize reschedule 875afe9 libvirt: Log breadcrumb for known encryption bug ebdd39d Be graceful about vif plugging in early ironic driver startup f8aca77 [Stable Only] Add amd-ssbd and amd-no-ssb CPU flags 7bcd581 Add policy rule to block image-backed servers with 0 root disk flavor 274739f ironic: stop lying to the RT when ironic is down d26dc0c [Stable Only] Initialise failed_builds in IronicNodeState cf927f1 mock utils.execute() in qemu-img unit test ab1b714 Fix the file name of development-environment.rst 79a1a11 Ensure resource class cache when listing usages 43a84db Change consecutive build failure limit to a weigher 4e3dd81 Fix interpretation of max_attempts for scheduling alternates c7d87f6 Allow cinderv2 endpoints within the request context catalog 0a481a5 Metadata-API fails to retrieve avz for instances created before Pike Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 358 +++++++++++++++++++++ api-ref/source/parameters.yaml | 4 +- nova/api/openstack/compute/servers.py | 3 +- nova/api/openstack/compute/services.py | 10 +- .../placement/handlers/resource_provider.py | 4 + nova/cmd/__init__.py | 8 + nova/cmd/manage.py | 6 + nova/compute/api.py | 54 +++- nova/compute/manager.py | 191 +++++++---- nova/compute/multi_cell_list.py | 20 +- nova/compute/resource_tracker.py | 37 ++- nova/compute/stats.py | 8 + nova/compute/utils.py | 3 +- nova/conductor/manager.py | 8 +- nova/conf/compute.py | 71 +++- nova/conf/libvirt.py | 16 +- nova/conf/scheduler.py | 28 ++ nova/config.py | 5 + nova/context.py | 9 +- nova/db/sqlalchemy/api.py | 8 +- nova/exception.py | 14 + nova/network/neutronv2/api.py | 70 +++- nova/notifications/base.py | 51 ++- nova/notifications/objects/base.py | 10 +- nova/objects/instance.py | 33 ++ nova/objects/instance_group.py | 8 + nova/objects/request_spec.py | 13 +- nova/objects/resource_provider.py | 46 ++- nova/policies/servers.py | 29 ++ nova/quota.py | 15 +- nova/scheduler/client/report.py | 3 +- nova/scheduler/filter_scheduler.py | 10 +- nova/scheduler/host_manager.py | 9 +- nova/scheduler/ironic_host_manager.py | 3 + nova/scheduler/utils.py | 63 +++- nova/scheduler/weights/compute.py | 33 ++ nova/service.py | 6 +- nova/test.py | 8 +- .../placement/gabbits/resource-provider.yaml | 7 + .../functional/compute/test_resource_tracker.py | 95 +++++- .../functional/regressions/test_bug_1741125.py | 9 + .../functional/regressions/test_bug_1780373.py | 110 +++++++ .../unit/api/openstack/compute/test_services.py | 33 ++ .../unit/scheduler/weights/test_weights_compute.py | 57 ++++ nova/virt/block_device.py | 1 + nova/virt/hardware.py | 2 +- nova/virt/ironic/driver.py | 49 ++- nova/virt/libvirt/config.py | 7 + nova/virt/libvirt/designer.py | 7 + nova/virt/libvirt/driver.py | 217 +++++++------ nova/virt/libvirt/vif.py | 26 ++ nova/virt/vmwareapi/driver.py | 7 +- placement-api-ref/source/resource_provider.inc | 3 + ...01-list-across-down-cells-82726cac592e9728.yaml | 10 + ...cked_for_zero_disk_flavor-b36a6eb4fa8b2964.yaml | 20 ++ .../notes/bug-1778044-f498ee2f2cfb35ea.yaml | 15 + ...ailure-counter-to-weigher-428de7da0ed2033a.yaml | 23 ++ ...odel-extra-flags-amd-ssbd-1c0d0cec14073dec.yaml | 8 + ...libvirt-mtu-configuration-0a3e9129dd33b0bc.yaml | 6 + ...gration_wait_for_vif_plug-c9dcb034067890d8.yaml | 19 ++ ...tool-to-populate-inst.avz-29fed2fe57a9764d.yaml | 10 + 109 files changed, 3506 insertions(+), 723 deletions(-)