We are satisfied to announce the release of: nova 28.0.1: Cloud computing fabric controller This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/nova Download the package from: https://tarballs.openstack.org/nova/ Please report issues through: https://bugs.launchpad.net/nova/+bugs For more details, please see below. 28.0.1 ^^^^^^ Bug Fixes * Relaxed the config option checking of the cpu_power_management feature of the libvirt driver. The nova-compute service will start with [libvirt]cpu_power_management=True and an empty [compute]cpu_dedicated_set configuration. The power management is still only applied to dedicated CPUs. So the above configuration only allowed to ensure that cpu_power_management can be enabled independently for configuring cpu_dedicated_set during deployment. * Previously "switchdev" capabilities should be configured manually by a user with admin privileges using port's binding profile. This blocked regular users from managing ports with Open vSwitch hardware offloading as providing write access to a port's binding profile to non-admin users introduces security risks. For example, a binding profile may contain a "pci_slot" definition, which denotes the host PCI address of the device attached to the VM. A malicious user can use this parameter to passthrough any host device to a guest, so it is impossible to provide write access to a binding profile to regular users in many scenarios. This patch fixes this situation by translating VF capabilities reported by Libvirt to Neutron port binding profiles. Other VF capabilities are translated as well for possible future use. Changes in nova 28.0.0..28.0.1 ------------------------------ 4549e34792 Allow enabling cpu_power_management with 0 dedicated CPUs 9cee58c6e4 Do not manage CPU0's state 6b870ab90a Fix rebuild compute RPC API exception for rolling-upgrades eb310f3bd2 add a regression test for all compute RPCAPI 6.x pinnings for rebuild 7e4f45df91 Translate VF network capabilities to port binding a5e26bf6ca Revert "Add upgrade check for compute-object-ids linkage" 6d5943e1b5 Install lxml before we need it in post-run 7eeeb9d19d [stable-only] Update TOX_CONSTRAINTS_FILE for stable/2023.2 6ac11b42b5 [stable-only] Update .gitreview for stable/2023.2 Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + nova/cmd/status.py | 25 ------ nova/compute/manager.py | 7 +- nova/db/main/api.py | 2 +- nova/network/neutron.py | 7 ++ nova/objects/pci_device.py | 7 ++ .../functional/regressions/test_bug_2040264.py | 56 +++++++++++++ nova/virt/hardware.py | 5 ++ nova/virt/libvirt/cpu/api.py | 19 ++--- ...-power-management-no-pcpu-28dd7d07d0473ea2.yaml | 11 +++ .../notes/compute-object-ids-e6dee31eb7f1ce34.yaml | 8 -- ...abilities_to_port_binding-48abbfe0ce2923cf.yaml | 16 ++++ roles/run-evacuate-hook/tasks/main.yaml | 7 ++ tox.ini | 2 +- 22 files changed, 217 insertions(+), 108 deletions(-)