We are happy to announce the release of: nova 30.2.1 This release is part of the dalmatian release series. The source is available from: https://opendev.org/openstack/nova Download the package from: https://tarballs.openstack.org/nova/ Please report issues through: https://bugs.launchpad.net/nova/+bugs For more details, please see below. 30.2.1 ^^^^^^ Security Issues *************** * [bug 2131960 (https://bugs.launchpad.net/nova/+bug/2131960)] Fixed improper teardown of Ironic nodes in servicing states. Previously, when Nova's virt driver called "destroy()" on Ironic nodes in certain states ("deploy hold", "servicing", "service wait", "service hold", "service failed"), these nodes would fail to undergo proper teardown, resulting in orphaned instances where instance metadata was removed but nodes remained unprovisioned in Ironic. In flat networking configurations, this could allow nodes traversing servicing states to briefly access tenant networks. In Neutron networking configurations, while VIFs would detach correctly, nodes would remain in Ironic with a shutdown IPA, and future deprovisioning attempts would fail due to missing networking metadata. These states are now properly handled to ensure complete node deprovisioning. Bug Fixes ********* * Nova operation with VIF type TAP was broken by a libvirt change (in 9.5.0) to treat TAP interface specifications as "managed" by default. This means that libvirt expects to create the TAP interface itself, which is incompatible with how Nova works, because Nova creates the TAP interface before telling libvirt about it. In particular this broke OpenStack with Calico as the network plugin, because Calico uses VIF type TAP. This is now fixed, by Nova adding the *managed="no"* attribute to TAP interface XML specifications. See bug 2033681 for more details. (https://bugs.launchpad.net/nova/+bug/2033681) * Fixed the issue bug 2044235 where Nova Conductor puts an instance into an error state if any errors occur during execution of the 'check_can_live_migrate_source()' method in an RPC call. Now, any error is caught and a MigrationPreCheckError exception is re-raised to reset the instance state. * [bug 2131960 (https://bugs.launchpad.net/nova/+bug/2131960)] Fixed a bug where Ironic nodes in servicing-related provision states ("deploy hold", "servicing", "service wait", "service hold", "service failed") were not properly unprovisioned when instances were destroyed. The Nova Ironic virt driver now correctly triggers unprovisioning for nodes in these states, preventing orphaned node configurations in Ironic. Changes in nova 30.2.0..30.2.1 ------------------------------ 95c43bcf7c Replace removed os-vif-ovs job 60dfb55d94 Fix bug 2000069 19df809bb4 [ironic] Ensure unprovision happens for new states 8d95d55f77 Reset the mapped field of nodes at service deletion ab844a69c7 Adds regression test for bug LP#2085135 6a12fb1129 Update start_service() function in test 6a995e49fe Add managed='no' flag to libvirt XML definition for VIF type TAP f490c84d0f nova-conductor puts instance in error state 6e2926435e Adds regression test for bug LP#2044235 Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- nova/compute/manager.py | 23 ++++-- nova/db/main/api.py | 9 ++- nova/test.py | 17 ++++- .../functional/regressions/test_bug_2044235.py | 60 +++++++++++++++ .../functional/regressions/test_bug_2085135.py | 75 +++++++++++++++++++ .../functional/regressions/test_bug_2143972.py | 15 ++-- nova/virt/ironic/driver.py | 17 +++-- nova/virt/ironic/ironic_states.py | 38 +++++++++- nova/virt/libvirt/config.py | 8 +- nova/virt/libvirt/vif.py | 1 + ...type-tap-with-new-libvirt-791e8b5f170e9c40.yaml | 16 ++++ ...ance-after-rpc-issue-during-live-migration.yaml | 9 +++ ...-2131960-servicing-states-446d0e58bb9aa5f2.yaml | 25 +++++++ 20 files changed, 436 insertions(+), 49 deletions(-)