We are ecstatic to announce the release of: nova 16.0.3: Cloud computing fabric controller This release is part of the pike release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 16.0.3 ^^^^^^ Security Issues *************** * OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action By rebuilding an instance, an authenticated user may be able to circumvent the FilterScheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the FilterScheduler (or CachingScheduler) are affected. The fix is in the *nova-api* and *nova-conductor* services. (https://security.openstack.org/ossa/OSSA-2017-005.html) Bug Fixes ********* * Fixes bug 1695861 in which the aggregate API accepted requests that have availability zone names including ':'. With this fix, a creation of an availabilty zone whose name includes ':' results in a "400 BadRequest" error response. (https://bugs.launchpad.net/nova/+bug/1695861) * Fixes a bug preventing ironic nodes without VCPUs, memory or disk in their properties from being picked by nova. Changes in nova 16.0.2..16.0.3 ------------------------------ 3f63d05 Add security release note for OSSA-2017-005 9e2d63d Validate new image via scheduler during rebuild 439349e Correct log message when removing a security group 70ef1fa Avoid deleting allocations for instances being built 2cd2061 Clean up allocations if instance deleted during build d5d81a2 libvirt: do not remove inst_base when volume-backed during resize 0c0023d Pass requested_destination in filter_properties de27ede Functional regression test for evacuate with a target 60d6e87 libvirt: Don't disregard cache mode for instance boot disks 4e93523 Fix AttributeError in BlockDeviceMapping.obj_load_attr d25feca Pick ironic nodes without VCPU set 76a3465 Remove dest node allocations during live migration rollback 5691462 Add functional for live migrate delete f9ee18e Add functional migrate force_complete test c82fc7d Add live.migration.force.complete to the legacy notification whitelist 81c4c17 Add recreate test for live migrate rollback not cleaning up dest allocs 6baf390 Add _wait_for_action_fail_completion to InstanceHelperMixin a33634e fix nova accepting invalid availability zone name with ':' 1a1b65f Account for compute.metrics.update in legacy notification whitelist Diffstat (except docs and test files) ------------------------------------- api-ref/source/parameters.yaml | 3 +- nova/api/openstack/compute/schemas/aggregates.py | 4 +- nova/api/validation/parameter_types.py | 30 ++ nova/api/validation/validators.py | 27 ++ nova/compute/api.py | 17 +- nova/compute/manager.py | 14 + nova/compute/resource_tracker.py | 17 +- nova/conductor/manager.py | 18 +- nova/network/security_group/neutron_driver.py | 4 +- nova/objects/block_device.py | 4 +- nova/objects/request_spec.py | 7 + nova/rpc.py | 3 + .../functional/regressions/test_bug_1702454.py | 157 ++++++++++ .../unit/api/openstack/compute/test_aggregates.py | 15 + nova/virt/ironic/driver.py | 52 ++-- nova/virt/libvirt/driver.py | 14 +- ...31-validate-image-rebuild-9c5b05a001c94a4d.yaml | 13 + .../notes/bug-1695861-ebc8a0aa7a87f7e0.yaml | 9 + .../notes/ironic-empty-vcpus-66b4e1500ef8a34e.yaml | 5 + 32 files changed, 1040 insertions(+), 255 deletions(-)