=================================== Newton Series Release Notes =================================== .. _Release Notes_14.1.0_stable_newton: 14.1.0 ====== .. _Release Notes_14.1.0_stable_newton_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/bug-1738094-request_specs.spec-migration-22d3421ea1536a37.yaml @ b'e4e7b8da563e1fe4c2713dad55788f5ba3a86057' - This release contains a schema migration for the ``nova_api`` database in order to address bug 1738094: https://bugs.launchpad.net/nova/+bug/1738094 The migration is optional and can be postponed if you have not been affected by the bug. The bug manifests itself through "Data too long for column 'spec'" database errors. .. _Release Notes_14.1.0_stable_newton_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/bug-1664931-refine-validate-image-rebuild-6d730042438eec10.yaml @ b'4cbfcc590c17134fd14e3aab90ffbb7c17006a95' - The fix for `OSSA-2017-005`_ (CVE-2017-16239) was too far-reaching in that rebuilds can now fail based on scheduling filters that should not apply to rebuild. For example, a rebuild of an instance on a disabled compute host could fail whereas it would not before the fix for CVE-2017-16239. Similarly, rebuilding an instance on a host that is at capacity for vcpu, memory or disk could fail since the scheduler filters would treat it as a new build request even though the rebuild is not claiming *new* resources. Therefore this release contains a fix for those regressions in scheduling behavior on rebuild while maintaining the original fix for CVE-2017-16239. .. note:: The fix relies on a ``RUN_ON_REBUILD`` variable which is checked for all scheduler filters during a rebuild. The reasoning behind the value for that variable depends on each filter. If you have out-of-tree scheduler filters, you will likely need to assess whether or not they need to override the default value (False) for the new variable. .. releasenotes/notes/bug-1733886-os-quota-sets-force-2.36-5866924621ecc857.yaml @ b'9de9faa0f6080e0e01e676330eff293c3d15ffb2' - This release includes a fix for `bug 1733886`_ which was a regression introduced in the 2.36 API microversion where the ``force`` parameter was missing from the ``PUT /os-quota-sets/{tenant_id}`` API request schema so users could not force quota updates with microversion 2.36 or later. The bug is now fixed so that the ``force`` parameter can once again be specified during quota updates. There is no new microversion for this change since it is an admin-only API. .. _bug 1733886: https://bugs.launchpad.net/nova/+bug/1733886 .. _Release Notes_14.0.10_stable_newton: 14.0.10 ======= .. _Release Notes_14.0.10_stable_newton_Security Issues: Security Issues --------------- .. releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml @ b'698b261a5a2a6c0f31ef5059046ef7196d5cba30' - `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action By rebuilding an instance, an authenticated user may be able to circumvent the FilterScheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the FilterScheduler (or CachingScheduler) are affected. The fix is in the ``nova-api`` and ``nova-conductor`` services. .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html .. _Release Notes_14.0.7_stable_newton: 14.0.7 ====== .. _Release Notes_14.0.7_stable_newton_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/bug-1673613-7357d40ba9ab1fa6.yaml @ b'e3076f5ff6fea598dc4ad2de9b5cb88eb083688b' - Includes the fix for `bug 1673613`_ which could cause issues when upgrading and running ``nova-manage cell_v2 simple_cell_setup`` or ``nova-manage cell_v2 map_cell0`` where the database connection is read from config and has special characters in the URL. .. _bug 1673613: https://launchpad.net/bugs/1673613 .. releasenotes/notes/bug-1691545-1acd6512effbdffb.yaml @ b'd6a628da62f810310ab1bdc2e04222d8010e7b62' - Fixes `bug 1691545`_ in which there was a significant increase in database connections because of the way connections to cell databases were being established. With this fix, objects related to database connections are cached in the API service and reused to prevent new connections being established for every communication with cell databases. .. _bug 1691545: https://bugs.launchpad.net/nova/+bug/1691545 .. releasenotes/notes/fix-default-cell0-db-connection-f9717053cc34778e.yaml @ b'f9a3c3fcff89828b7df45149c2d0ee188f439e46' - The ``nova-manage cell_v2 simple_cell_setup`` command now creates the default cell0 database connection using the ``[database]`` connection configuration option rather than the ``[api_database]`` connection. The cell0 database schema is the ``main`` database, i.e. the ``instances`` table, rather than the ``api`` database schema. In other words, the cell0 database would be called something like ``nova_cell0`` rather than ``nova_api_cell0``. .. _Release Notes_14.0.5_stable_newton: 14.0.5 ====== .. _Release Notes_14.0.5_stable_newton_Prelude: Prelude ------- .. releasenotes/notes/bug-1673569-cve-2017-7214-2d7644b356015c93.yaml @ b'c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a' This release includes fixes for security vulnerabilities. .. _Release Notes_14.0.5_stable_newton_Known Issues: Known Issues ------------ .. releasenotes/notes/live-migration-progress-known-issue-20176f49da4d3c91.yaml @ b'64a482c24d4dfc2aae42672de160ea38e948304c' - The live-migration progress timeout controlled by the configuration option ``[libvirt]/live_migration_progress_timeout`` has been discovered to frequently cause live-migrations to fail with a progress timeout error, even though the live-migration is still making good progress. To minimize problems caused by these checks we recommend setting the value to 0, which means do not trigger a timeout. (This has been made the default in Ocata and Pike.) To modify when a live-migration will fail with a timeout error, please now look at ``[libvirt]/live_migration_completion_timeout`` and ``[libvirt]/live_migration_downtime``. .. _Release Notes_14.0.5_stable_newton_Security Issues: Security Issues --------------- .. releasenotes/notes/bug-1673569-cve-2017-7214-2d7644b356015c93.yaml @ b'c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a' - [CVE-2017-7214] Failed notification payload is dumped in logs with auth secrets * `Bug 1673569 `_ .. _Release Notes_14.0.4_stable_newton: 14.0.4 ====== .. _Release Notes_14.0.4_stable_newton_Known Issues: Known Issues ------------ .. releasenotes/notes/libvirt-script-with-empty-path-2b49caa68b05278d.yaml @ b'99f8a3c4e9d903d48e5c7e245bcb2d3299b7904d' - When generating Libvirt XML to attach network interfaces for the ``tap``, ``ivs``, ``iovisor``, ``midonet``, and ``vrouter`` virtual interface types Nova previously generated an empty path attribute to the script element (``