We high-spiritedly announce the release of: nova 16.1.5: Cloud computing fabric controller This release is part of the pike stable release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 16.1.5 ^^^^^^ Upgrade Notes ************* * The "nova-api" service now requires the "[placement]" section to be configured in nova.conf if you are using a separate config file just for that service. This is because the "nova-api" service now needs to talk to the placement service in order to delete resource provider allocations when deleting an instance and the "nova- compute" service on which that instance is running is down. This change is idempotent if "[placement]" is not configured in "nova- api" but it will result in new warnings in the logs until configured. See bug https://bugs.launchpad.net/nova/+bug/1679750 for more details. * The default list of non-inherited image properties to pop when creating a snapshot has been extended to include image signature properties. The properties "img_signature_hash_method", "img_signature", "img_signature_key_type" and "img_signature_certificate_uuid" are no longer inherited by the snapshot image as they would otherwise result in a Glance attempting to verify the snapshot image with the signature of the original. * A new online data migration has been added to populate missing instance.availability_zone values for instances older than Pike whose availability_zone was not specified during boot time. This can be run during the normal "nova-manage db online_data_migrations" routine. This fixes Bug 1768876 (https://bugs.launchpad.net/nova/+bug/1768876) Security Issues *************** * A new policy rule, "os_compute_api:servers:create:zero_disk_flavor", has been introduced which defaults to "rule:admin_or_owner" for backward compatibility, but can be configured to make the compute API enforce that server create requests using a flavor with zero root disk must be volume-backed or fail with a "403 HTTPForbidden" error. Allowing image-backed servers with a zero root disk flavor can be potentially hazardous if users are allowed to upload their own images, since an instance created with a zero root disk flavor gets its size from the image, which can be unexpectedly large and exhaust local disk on the compute host. See https://bugs.launchpad.net/nova/+bug/1739646 for more details. While this is introduced in a backward-compatible way, the default will be changed to "rule:admin_api" in a subsequent release. It is advised that you communicate this change to your users before turning on enforcement since it will result in a compute API behavior change. * The 'SSBD' and 'VIRT-SSBD' cpu flags have been added to the list of available choices for the "[libvirt]/cpu_model_extra_flags" config option. These are important for proper mitigation of the Spectre 3a and 4 CVEs. Note that the use of either of these flags require updated packages below nova, including libvirt, qemu (specifically >=2.9.0 for virt-ssbd), linux, and system firmware. For more information see https://www.us- cert.gov/ncas/alerts/TA18-141A Bug Fixes ********* * The "DELETE /os-services/{service_id}" compute API will now return a "409 HTTPConflict" response when trying to delete a "nova-compute" service which is still hosting instances. This is because doing so would orphan the compute node resource provider in the placement service on which those instances have resource allocations, which affects scheduling. See https://bugs.launchpad.net/nova/+bug/1763183 for more details. Changes in nova 16.1.4..16.1.5 ------------------------------ ab03100 [Stable Only] Remove soft-deleted instances from quota_usages 3da9720 import zuul job settings from project-config 37722c7 Fix DB archiver AttributeError due to wrong table name attribute used 6246488 Filter out instances without a host when populating AZ b1b5a5e Revert "libvirt: slow live-migration to ensure network is ready" 6864804 block_device: Rollback volumes to in-use on DeviceDetachFailed 62d3b29 Fix bad links for admin-guide e279ac4 Make ResourceTracker.stats node-specific bee3e96 Reload oslo_context after calling monkey_patch() dbce613 Add recreate test for RT.stats bug 1784705 1316e08 Add unshelve instance error info to fault table e0f1c2c libvirt: add method to configure migration speed 8f5fbd8 Make host_aggregate_map dictionary case-insensitive 6d60c74 Fix unbound local when saving an unchanged RequestSpec 70de423 cleanup mapping/reqspec after archive instance 06387be Default embedded instance.flavor.disabled attribute 9fe847b Cleanup RP and HM records while deleting a compute service. cd50dca Delete allocations from API if nova-compute is down 5939ae9 Backport tox.ini to switch to stestr 8cd1204 Block deleting compute services which are hosting instances 93854e4 api-ref: add a note in DELETE /os-services about deleting computes c8dd4c6 Add functional test for deleting a compute service 8d26d38 factor out compute service start in ServerMovingTest e847eed Moving more utils to ProviderUsageBaseTestCase 53fc4ab Make nova service-list use scatter-gather routine ba0eb30 mock utils.execute() in qemu-img unit test ff74779 libvirt: slow live-migration to ensure network is ready ce7ad87 Use instance project/user when creating RequestSpec during resize reschedule 682ee60 [Stable Only] Add amd-ssbd and amd-no-ssb CPU flags aa2f0bf Fixed auto-convergence option name in doc 0bf7562 Add policy rule to block image-backed servers with 0 root disk flavor bdb5c3b Change consecutive build failure limit to a weigher 6e1dd28 Ensure resource class cache when listing usages 487c6dd Metadata-API fails to retrieve avz for instances created before Pike 51e8b8e placement: Fix HTTP error generation 978066f Avoid showing password in log Diffstat (except docs and test files) ------------------------------------- .gitignore | 1 + .stestr.conf | 3 + .testr.conf | 18 -- .zuul.yaml | 341 ++++++++++++++++++++- api-ref/source/os-services.inc | 16 +- api-ref/source/parameters.yaml | 4 +- nova/api/openstack/compute/servers.py | 3 +- nova/api/openstack/compute/services.py | 27 +- nova/api/openstack/placement/handlers/inventory.py | 2 +- nova/api/openstack/placement/handlers/trait.py | 18 +- nova/cmd/__init__.py | 8 + nova/cmd/manage.py | 47 ++- nova/compute/api.py | 32 +- nova/compute/manager.py | 68 ++-- nova/compute/resource_tracker.py | 37 ++- nova/compute/stats.py | 8 + nova/conductor/manager.py | 8 +- nova/conf/compute.py | 20 +- nova/conf/libvirt.py | 16 +- nova/conf/scheduler.py | 28 ++ nova/db/sqlalchemy/api.py | 38 ++- nova/exception.py | 5 + nova/objects/instance.py | 33 ++ nova/objects/instance_mapping.py | 11 + nova/objects/request_spec.py | 24 +- nova/objects/resource_provider.py | 2 + nova/policies/servers.py | 29 ++ nova/scheduler/host_manager.py | 9 +- nova/scheduler/ironic_host_manager.py | 3 + nova/scheduler/weights/compute.py | 33 ++ nova/test.py | 5 + .../functional/compute/test_resource_tracker.py | 95 +++++- .../functional/regressions/test_bug_1679750.py | 75 ++++- .../unit/scheduler/weights/test_weights_compute.py | 57 ++++ nova/virt/block_device.py | 1 + nova/virt/libvirt/guest.py | 7 + ...-local-delete-allocations-cb7bfbcb6c36b6a2.yaml | 12 + ...cked_for_zero_disk_flavor-b36a6eb4fa8b2964.yaml | 20 ++ ...ice-delete-with-instances-d7c5c47e4ce31239.yaml | 9 + ...ailure-counter-to-weigher-428de7da0ed2033a.yaml | 23 ++ ...odel-extra-flags-amd-ssbd-1c0d0cec14073dec.yaml | 8 + ...tool-to-populate-inst.avz-29fed2fe57a9764d.yaml | 10 + test-requirements.txt | 3 +- tox.ini | 67 ++-- 74 files changed, 1935 insertions(+), 378 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 9a3948d..b2444f6 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -20 +20 @@ oslotest>=1.10.0 # Apache-2.0 -os-testr>=0.8.0 # Apache-2.0 +stestr>=2.0.0 # Apache-2.0 @@ -22 +21,0 @@ osprofiler>=1.4.0 # Apache-2.0 -testrepository>=0.0.18 # Apache-2.0/BSD