We are jazzed to announce the release of: nova 17.0.5: Cloud computing fabric controller This release is part of the queens stable release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 17.0.5 ^^^^^^ Upgrade Notes ************* * The "nova-api" service now requires the "[placement]" section to be configured in nova.conf if you are using a separate config file just for that service. This is because the "nova-api" service now needs to talk to the placement service in order to delete resource provider allocations when deleting an instance and the "nova- compute" service on which that instance is running is down. This change is idempotent if "[placement]" is not configured in "nova- api" but it will result in new warnings in the logs until configured. See bug https://bugs.launchpad.net/nova/+bug/1679750 for more details. * A new check is added to "nova-status upgrade check" which will scan all cells looking for "nova-osapi_compute" service versions which are from before Ocata and which may cause issues with how the compute API finds instances. This will result in a warning if: * No cell mappings are found * The minimum "nova-osapi_compute" service version is less than 15 in any given cell See https://bugs.launchpad.net/nova/+bug/1759316 for more details. * A new check is added to the "nova-status upgrade check" CLI which can assist with determining if ironic instances have had their embedded flavor migrated to use the corresponding ironic node custom resource class. Security Issues *************** * The 'SSBD' and 'VIRT-SSBD' cpu flags have been added to the list of available choices for the "[libvirt]/cpu_model_extra_flags" config option. These are important for proper mitigation of the Spectre 3a and 4 CVEs. Note that the use of either of these flags require updated packages below nova, including libvirt, qemu (specifically >=2.9.0 for virt-ssbd), linux, and system firmware. For more information see https://www.us- cert.gov/ncas/alerts/TA18-141A Bug Fixes ********* * The "DELETE /os-services/{service_id}" compute API will now return a "409 HTTPConflict" response when trying to delete a "nova-compute" service which is still hosting instances. This is because doing so would orphan the compute node resource provider in the placement service on which those instances have resource allocations, which affects scheduling. See https://bugs.launchpad.net/nova/+bug/1763183 for more details. * The behaviour of ImagePropertiesFilter when using multiple architectures in a cloud can be unpredictable for a user if they forget to set the architecture property in their image. Nova now allows the deployer to specify a fallback in "[filter_scheduler]image_properties_default_architecture" to use a default architecture if none is specified. Without this, it is possible that a VM would get scheduled on a compute node that does not support the image. Changes in nova 17.0.4..17.0.5 ------------------------------ 8ea98c5 libvirt: Skip fetching the virtual size of block devices 5a4c691 libvirt: handle DiskNotFound during update_available_resource a27ea0f Add ssbd and virt-ssbd flags to cpu_model_extra_flags whitelist bfb9d3f Avoid unnecessary joins in HostManager._get_instances_by_host f521e03 Fix shelving a paused instance 419e619 Make instance.refresh() avoid recursion better e3cdb35 Fix auth_url example in hypervisor-hyper-v.rst dddee41 placement: Fix HTTP error generation 7887d1d Update auth_url in install docs 177ad2d Don't reschedule on RequestedVRamTooHigh errors ad332f3 Added ability to configure default architecture for ImagePropertiesFilter 2dc9795 libvirt: Report the virtual size of RAW disks f41649b Add random sleep between retry calls to placement 2386e01 Stringify instance UUID 3bf3986 Handle PortNotFoundClient exception when getting ports ffe092b xenapi: handle InstanceNotFound in detach_interface() bc8c188 Improve performance when list instances with IP filter dede2de Cleanup RP and HM records while deleting a compute service. 18d670b Update os_compute_api:os-flavor-extra-specs:index docs for 2.47 aaa259d Log a warning and add nova-status check for old API service versions daac9a6 Add nova-status check for ironic flavor migration cba1a3e Delete allocations from API if nova-compute is down a817b78 Block deleting compute services which are hosting instances 1b7ba3a api-ref: add a note in DELETE /os-services about deleting computes bcd462e Add functional test for deleting a compute service 2d66f6a Move update_task_state out of try/except Diffstat (except docs and test files) ------------------------------------- api-ref/source/os-services.inc | 16 +- .../admin/configuration/hypervisor-hyper-v.rst | 9 +- nova/api/openstack/compute/services.py | 27 ++- nova/api/openstack/placement/handlers/inventory.py | 2 +- nova/api/openstack/placement/handlers/trait.py | 18 +- nova/cmd/status.py | 171 +++++++++++++- nova/compute/api.py | 63 +++-- nova/compute/manager.py | 11 +- nova/conf/libvirt.py | 24 +- nova/conf/scheduler.py | 17 ++ nova/network/security_group/neutron_driver.py | 8 +- nova/objects/fields.py | 93 ++++---- nova/objects/instance.py | 19 +- nova/policies/flavor_extra_specs.py | 22 +- nova/scheduler/client/report.py | 5 +- nova/scheduler/filters/image_props_filter.py | 10 +- nova/scheduler/host_manager.py | 8 +- .../functional/regressions/test_bug_1679750.py | 75 +++++- .../network/security_group/test_neutron_driver.py | 13 ++ .../scheduler/filters/test_image_props_filters.py | 15 ++ nova/virt/arch.py | 65 ++++++ nova/virt/images.py | 7 +- nova/virt/libvirt/driver.py | 36 ++- nova/virt/powervm/vm.py | 6 +- nova/virt/xenapi/vmops.py | 4 + ...-local-delete-allocations-cb7bfbcb6c36b6a2.yaml | 12 + ...-status-api-version-check-183fac0525bfd68c.yaml | 13 ++ ...ice-delete-with-instances-d7c5c47e4ce31239.yaml | 9 + ...tiarch-image-props-filter-f2e885aa53d585ea.yaml | 9 + ...pu-model-extra-flags-ssbd-fdbda6e4da495915.yaml | 11 + ...k-ironic-flavor-migration-4c78314bf4e74ff6.yaml | 6 + 48 files changed, 1311 insertions(+), 183 deletions(-)