[release-announce] nova 19.0.2 (stein)

12 Aug 2019

      We enthusiastically announce the release of:

nova 19.0.2: Cloud computing fabric controller

This release is part of the stein stable release series.

The source is available from:

    https://opendev.org/openstack/nova

Download the package from:

    https://tarballs.openstack.org/nova/

Please report issues through:

    https://bugs.launchpad.net/nova/+bugs

For more details, please see below.

19.0.2
^^^^^^

Security Issues
***************

* OSSA-2019-003: Nova Server Resource Faults Leak External Exception
  Details (CVE-2019-14433)

  This release contains a security fix for bug 1837877 where users
  without the admin role can be exposed to sensitive error details in
  the server resource fault "message".

  There is a behavior change where non-nova exceptions will only
  record the exception class name in the fault "message" field which
  is exposed to all users, regardless of the admin role.

  The fault "details", which are only exposed to users with the admin
  role, will continue to include the traceback and also include the
  exception value which for non-nova exceptions is what used to be
  exposed in the fault "message" field. Meaning, the information that
  admins could see for server faults is still available, but the
  exception value may be in "details" rather than "message" now.

   (https://security.openstack.org/ossa/OSSA-2019-003.html)
  (https://bugs.launchpad.net/nova/+bug/1837877)

Bug Fixes
*********

* Bug 1811726 is fixed by deleting the resource provider (in
  placement) associated with each compute node record managed by a
  "nova-compute" service when that service is deleted via the "DELETE
  /os-services/{service_id}" API. This is particularly important for
  compute services managing ironic baremetal nodes.

   (https://bugs.launchpad.net/nova/+bug/1811726)

* Add support for noVNC >= v1.1.0 for VNC consoles. Prior to this
  fix, VNC console token validation always failed regardless of actual
  token validity with noVNC >= v1.1.0. See
  https://bugs.launchpad.net/nova/+bug/1822676 for more details.

Changes in nova 19.0.1..19.0.2
------------------------------

11fde850e6 Don't generate service UUID for deleted services
6765188116 Replace non-nova server fault message
dd09686232 Fix AttributeError in RT._update_usage_from_migration
06ae1ff214 Add functional regression test for bug 1778305
44709cfb5c Add functional recreate test for bug 1764556
fcc2b9e33e Cleanup when hitting MaxRetriesExceeded from no host_available
0d2e27fd01 Add functional regression test for bug 1837955
d833422264 Avoid logging traceback when detach device not found
45f290e36c Revert "[libvirt] Filter hypervisor_type by virt_type"
e9261764c9 Handle Invalid exceptions as expected in attach_interface
560317c766 libvirt: move checking CONF.my_ip to init_host()
39ed79ea09 Restore RT.old_resources if ComputeNode.save() fails
b12d166836 Replace joinedload_all with joinedload
186aff98b7 Add 'path' query parameter to console access url
bb551ddd74 Fix no propagation of nova context request_id
7a3a8f325e Revert resize: wait for events according to hybrid plug
75a3ae9337 docs: Correct issues with 'openstack quota set' commands
754d8eb76c Perf: Use dicts for ProviderTree roots
ef10d8d9a6 Fix GET /servers/detail host_status performance regression
5ba20d128c doc: Fix a parameter of NotificationPublisher
3bc6ff029f Stabilize unshelve notification sample tests
d78310e67a Ignore hw_vif_type for direct, direct-physical vNIC types
e6c6178d22 Drop source node allocations if finish_resize fails
eaa1fc6159 Add functional recreate test for regression bug 1825537
725b37f515 Init HostState.failed_builds
e802ede4b3 libvirt: flatten rbd images when unshelving an instance
16449cbfe9 Grab fresh power state info from the driver
8371073ac7 Fix type error on call to mount device
118cf0c592 libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
0313d81433 Remove redundant group host setup
e9889be94e Delete resource providers for all nodes when deleting compute service
1a11d5c7f3 Raise InstanceFaultRollback for UnableToMigrateToSelf from _prep_resize
cdaa800784 Change InstanceFaultRollback handling in _error_out_instance_on_exception
b4b47a59c7 Fix python3 compatibility of rbd get_fsid
43926ebca0 Handle PortLimitExceeded in POST /servers/{server_id}/os-interface
db40cc44cb libvirt: Use SATA bus for cdrom devices when using Q35 machine type
0cb6106b83 Fix double word hacking test
54ec03a52a Refresh instance network info on deletion
74e66fe8d4 Avoid unnecessary joins in InstanceGroup.get_hosts
d4bc147c38 Noop CantStartEngineError in targets_cell if API DB not configured
0956539edf Reset the stored logs at each notification test steps

Diffstat (except docs and test files)
-------------------------------------

.../get-rdp-console-post-resp.json                 |   4 +-
.../get-serial-console-post-resp.json              |   4 +-
.../get-spice-console-post-resp.json               |   2 +-
.../get-vnc-console-post-resp.json                 |   2 +-
.../v2.6/create-vnc-console-resp.json              |   2 +-
.../figures/SCH_5009_V00_NUAC-VNC_OpenStack.svg    |   4 +-
nova/api/openstack/compute/attach_interfaces.py    |   4 +-
.../openstack/compute/rest_api_version_history.rst |   2 +-
nova/api/openstack/compute/services.py             |  11 +-
nova/api/openstack/compute/views/servers.py        |  33 ++-
nova/compute/manager.py                            | 171 +++++++++---
nova/compute/provider_tree.py                      |  27 +-
nova/compute/resource_tracker.py                   |  24 +-
nova/compute/utils.py                              |  41 ++-
nova/conductor/manager.py                          |  14 +-
nova/db/sqlalchemy/api.py                          |  35 ++-
nova/exception.py                                  |   4 +-
nova/network/model.py                              |  25 ++
nova/network/neutronv2/api.py                      |  30 ++-
nova/objects/console_auth_token.py                 |   5 +-
nova/objects/instance_group.py                     |   9 +-
nova/objects/migration.py                          |   3 +
nova/objects/service.py                            |   2 +-
nova/scheduler/host_manager.py                     |   1 +
nova/scheduler/utils.py                            |   8 +-
.../get-rdp-console-post-resp.json.tpl             |   2 +-
.../get-serial-console-post-resp.json.tpl          |   2 +-
.../get-spice-console-post-resp.json.tpl           |   2 +-
.../get-vnc-console-post-resp.json.tpl             |   2 +-
.../functional/regressions/test_bug_1764556.py     | 156 +++++++++++
.../functional/regressions/test_bug_1778305.py     |  61 +++++
.../functional/regressions/test_bug_1825537.py     |  75 ++++++
.../functional/regressions/test_bug_1837955.py     |  98 +++++++
.../openstack/compute/test_attach_interfaces.py    |  15 ++
.../unit/api/openstack/compute/test_serversV21.py  |  16 +-
.../unit/api/openstack/compute/test_services.py    |  20 +-
nova/virt/disk/mount/api.py                        |   2 +-
nova/virt/fake.py                                  |   7 +
nova/virt/libvirt/blockinfo.py                     |  24 +-
nova/virt/libvirt/driver.py                        | 159 ++++++-----
nova/virt/libvirt/guest.py                         |   6 +-
nova/virt/libvirt/imagebackend.py                  |  11 +
nova/virt/libvirt/storage/rbd_utils.py             |   4 +-
nova/virt/libvirt/utils.py                         |  31 ++-
nova/virt/libvirt/vif.py                           |  23 +-
...1811726-multi-node-delete-2ba17f02c6171fbb.yaml |  10 +
...ve-fault-message-exposure-5360d794f4976b7c.yaml |  23 ++
.../support-novnc-1.1.0-ce677fe3381b2a11.yaml      |   7 +
81 files changed, 2007 insertions(+), 405 deletions(-)

[release-announce] nova 19.0.2 (stein)

no-reply＠openstack.org