Current Series Release Notes¶
31.0.0-126¶
New Features¶
The Nova policies introduce
manager
default roles provided by keystone. Aproject_manager
denoted by someone with themanager
role on a project. It is intended to perform more privileged operations thanproject_member
on its project resources. To avoid any change inadmin
permissions, Nova usePROJECT_MANAGER_OR_ADMIN
as default.Currently, nova supports:
admin
project_manager
project_member
project_reader
Currently, scope checks and new defaults are enabled by default. It is recommended to use new defaults but if your deployment need more time then you can disable them by switching the below config option in
nova.conf
file.:[oslo_policy] enforce_new_defaults=False enforce_scope=False
Please refer Policy New Defaults for detail about policy new defaults.
In this release, the below APIs policy are default to
PROJECT_MANAGER_OR_ADMIN
:os_compute_api:os-migrate-server:migrate
(“Cold migrate a server without specifying a host”)os_compute_api:os-migrate-server:migrate_live
(live migrate server without specifying host)os_compute_api:os-migrations:index
(List migrations without host info)os_compute_api:servers:migrations:index
(Lists in-progress live migrations for a given server without host info)os_compute_api:servers:migrations:force_complete
(Force an in-progress live migration for a given server)os_compute_api:servers:migrations:delete
(Delete(Abort) an in-progress live migration)
To introduced
project_manager
in migration APIs, we need to add a few new policies.Live migrate:
Existing policy is used when live migrate server without specifying host:
os_compute_api:os-migrate-server:migrate_live
(live migrate server without specifying host)Default:
PROJECT_MANAGER_OR_ADMIN
New policy is used when live migrate server to a specific host:
os_compute_api:os-migrate-server:migrate_live:host
(live migrate server to a specific host)Default:
ADMIN
List server migration:
Existing policy is used to list live migrations without host info:
os_compute_api:servers:migrations:index
(Lists in-progress livemigrations for a given server)
Default:
PROJECT_MANAGER_OR_ADMIN
New policy is used to host info in live migrations list:
os_compute_api:servers:migrations:index:host
(Lists in-progress live migrations for a given server with host info)Default:
ADMIN
List migration:
Existing policy is used to list live migrations without host info:
os_compute_api:os-migrations:index
(List migrations without host info)Default:
PROJECT_MANAGER_OR_ADMIN
New policy is used to host info in live migrations list:
os_compute_api:os-migrations:index:all_projects
(List migrations for all or cross projects)Default:
ADMIN
os_compute_api:os-migrations:index:host
(List migrations with host info)Default:
ADMIN
The libvirt driver now automatically enables
autodeflate
andfreePageReporting
features for virtio memory balloon devices. Theautodeflate
feature allows the QEMU virtio memory balloon to release memory at the last moment before a guest process is killed by the Out of Memory killer. ThefreePageReporting
feature enables the memory balloon to return unused pages back to the hypervisor for use by other guests or processes, improving overall memory efficiency on the compute host.
The
one_time_use
tag was added to the PCIdevice_spec
description, which allows leaving devices in reserved state after they have been assigned to an instance. This is useful for data cleaning, firmware updates, and other operator-specific workflows.
The hw:sound_model flavor extra spec and the matching hw_sound_model image property were added to allow the configuration of a sound device within an instance. This is useful with the new spice-direct console type. The default remains no sound device, but when using the libvirt hypervisor driver you can select from sb16, es1370, pcspk, ac97, ich6, ich9, usb, and virtio. For most use-cases usb is likely to be the best choice unless you have at least libvirt 8.2.0 and libvirt 10.4.0.
Upgrade Notes¶
New policies are added to the live migration APIs with the same default. If you are using default policy, then no action is needed, but if you have overridden the existing live migration policies in your deployment, you must include the new policy with the same permissions.
Existing policy:
os_compute_api:os-migrate-server:migrate_live
os_compute_api:servers:migrations::index
os_compute_api:os-migrations:index
New policy:
os_compute_api:os-migrate-server:migrate_live:host
os_compute_api:servers:migrations:index:host
os_compute_api:os-migrations:index:all_projects
os_compute_api:os-migrations:index:host
The remote debugger has been removed from the codebase. If you were using it, you will need to find an alternative solution. The remote debugger was un-maintained and was first introduced in the early days of OpenStack when we used python 2.7. While it was useful at the time, it has not been maintained and updated to work with new versions of python and eventlet. As a result it is being removed until we complete the eventlet removal.
Running API services (nova-osapi_compute or nova-metadata) with eventlet is removed. Deploy with a WSGI server such as uwsgi or mod_wsgi.
Bug Fixes¶
Fixed an issue where certain server actions could fail for servers with ephemeral disks due to filesystem label name length limitations (VFAT, XFS, …). Filesystem label name generation has been fixed for these cases. See https://launchpad.net/bugs/2061701 for more details.
Bug #2095364: Fixed the List Server API and the List Server Detail API 500 Internal Server Error issue in v2.96 or later API microversion if one or more instance has no request spec object. One usecase was when cloud user tried to create instance which exceeded their quota, the request does not create instance request spec. Once the no request spec instance is created in cloud user project, the server list API and the list server details API return 500 Internal Server Error for the project until the cloud user deletes the no request spec object instance. After this fix, the v2.96 or later returns null at the pinned_availability_zone value if not specified.
Fixed the issue bug 2098496 where nova assigned more PCI hostdevs to a VM than the flavor requested via the pci_passthrough:alias extra_spec. This only affected systems where both
[filter_scheduler]pci_in_placement
and[pci]report_in_placement
were set to True. This only affected systems where the PCI alias requested type-VF devices and a single PF device on the compute node supported more than one VFs and[pci]device_spec
configuration allowed nova to use multiple VFs from a single PF.
Fix displaying the reason messages from the Ironic validate node operation that is called just before the instance is deployed on the bare metal node. The message from Ironic is now correctly logged. Fixes bug 2100009 <https://bugs.launchpad.net/nova/+bug/2100009>_.
The nova (metadata)api wsgi application will now detect fatal errors (configuration, et al) on startup and lock into a permanent error state until fixed and restarted. This solves a problem with some wsgi runtimes ignoring initialization errors and continuing to send requests to the half-initialized service. See https://bugs.launchpad.net/nova/+bug/2103811 for more details.
When live migration fails during pre_live_migration on the destination, during rollback Cinder volumes will now be disconnected from the destination locally instead of remotely over RPC from the source. This should ensure that only connection_info for the destination will be used to disconnect volumes from the destination. See bug #1899835 for more details.