Current Series Release Notes

31.0.0-126

New Features

  • The Nova policies introduce manager default roles provided by keystone. A project_manager denoted by someone with the manager role on a project. It is intended to perform more privileged operations than project_member on its project resources. To avoid any change in admin permissions, Nova use PROJECT_MANAGER_OR_ADMIN as default.

    Currently, nova supports:

    • admin

    • project_manager

    • project_member

    • project_reader

    Currently, scope checks and new defaults are enabled by default. It is recommended to use new defaults but if your deployment need more time then you can disable them by switching the below config option in nova.conf file.:

    [oslo_policy] enforce_new_defaults=False enforce_scope=False

    Please refer Policy New Defaults for detail about policy new defaults.

    In this release, the below APIs policy are default to PROJECT_MANAGER_OR_ADMIN:

    • os_compute_api:os-migrate-server:migrate (“Cold migrate a server without specifying a host”)

    • os_compute_api:os-migrate-server:migrate_live (live migrate server without specifying host)

    • os_compute_api:os-migrations:index (List migrations without host info)

    • os_compute_api:servers:migrations:index (Lists in-progress live migrations for a given server without host info)

    • os_compute_api:servers:migrations:force_complete (Force an in-progress live migration for a given server)

    • os_compute_api:servers:migrations:delete (Delete(Abort) an in-progress live migration)

    To introduced project_manager in migration APIs, we need to add a few new policies.

    • Live migrate:

      • Existing policy is used when live migrate server without specifying host:

        • os_compute_api:os-migrate-server:migrate_live (live migrate server without specifying host)

        • Default: PROJECT_MANAGER_OR_ADMIN

      • New policy is used when live migrate server to a specific host:

        • os_compute_api:os-migrate-server:migrate_live:host (live migrate server to a specific host)

        • Default: ADMIN

    • List server migration:

      • Existing policy is used to list live migrations without host info:

        • os_compute_api:servers:migrations:index (Lists in-progress live

          migrations for a given server)

        • Default: PROJECT_MANAGER_OR_ADMIN

      • New policy is used to host info in live migrations list:

        • os_compute_api:servers:migrations:index:host (Lists in-progress live migrations for a given server with host info)

        • Default: ADMIN

    • List migration:

      • Existing policy is used to list live migrations without host info:

        • os_compute_api:os-migrations:index (List migrations without host info)

        • Default: PROJECT_MANAGER_OR_ADMIN

      • New policy is used to host info in live migrations list:

        • os_compute_api:os-migrations:index:all_projects (List migrations for all or cross projects)

        • Default: ADMIN

        • os_compute_api:os-migrations:index:host (List migrations with host info)

        • Default: ADMIN

  • The libvirt driver now automatically enables autodeflate and freePageReporting features for virtio memory balloon devices. The autodeflate feature allows the QEMU virtio memory balloon to release memory at the last moment before a guest process is killed by the Out of Memory killer. The freePageReporting feature enables the memory balloon to return unused pages back to the hypervisor for use by other guests or processes, improving overall memory efficiency on the compute host.

  • The one_time_use tag was added to the PCI device_spec description, which allows leaving devices in reserved state after they have been assigned to an instance. This is useful for data cleaning, firmware updates, and other operator-specific workflows.

  • The hw:sound_model flavor extra spec and the matching hw_sound_model image property were added to allow the configuration of a sound device within an instance. This is useful with the new spice-direct console type. The default remains no sound device, but when using the libvirt hypervisor driver you can select from sb16, es1370, pcspk, ac97, ich6, ich9, usb, and virtio. For most use-cases usb is likely to be the best choice unless you have at least libvirt 8.2.0 and libvirt 10.4.0.

Upgrade Notes

  • New policies are added to the live migration APIs with the same default. If you are using default policy, then no action is needed, but if you have overridden the existing live migration policies in your deployment, you must include the new policy with the same permissions.

    • Existing policy:

      • os_compute_api:os-migrate-server:migrate_live

      • os_compute_api:servers:migrations::index

      • os_compute_api:os-migrations:index

    • New policy:

      • os_compute_api:os-migrate-server:migrate_live:host

      • os_compute_api:servers:migrations:index:host

      • os_compute_api:os-migrations:index:all_projects

      • os_compute_api:os-migrations:index:host

  • The remote debugger has been removed from the codebase. If you were using it, you will need to find an alternative solution. The remote debugger was un-maintained and was first introduced in the early days of OpenStack when we used python 2.7. While it was useful at the time, it has not been maintained and updated to work with new versions of python and eventlet. As a result it is being removed until we complete the eventlet removal.

  • Running API services (nova-osapi_compute or nova-metadata) with eventlet is removed. Deploy with a WSGI server such as uwsgi or mod_wsgi.

Bug Fixes

  • Fixed an issue where certain server actions could fail for servers with ephemeral disks due to filesystem label name length limitations (VFAT, XFS, …). Filesystem label name generation has been fixed for these cases. See https://launchpad.net/bugs/2061701 for more details.

  • Bug #2095364: Fixed the List Server API and the List Server Detail API 500 Internal Server Error issue in v2.96 or later API microversion if one or more instance has no request spec object. One usecase was when cloud user tried to create instance which exceeded their quota, the request does not create instance request spec. Once the no request spec instance is created in cloud user project, the server list API and the list server details API return 500 Internal Server Error for the project until the cloud user deletes the no request spec object instance. After this fix, the v2.96 or later returns null at the pinned_availability_zone value if not specified.

  • Fixed the issue bug 2098496 where nova assigned more PCI hostdevs to a VM than the flavor requested via the pci_passthrough:alias extra_spec. This only affected systems where both [filter_scheduler]pci_in_placement and [pci]report_in_placement were set to True. This only affected systems where the PCI alias requested type-VF devices and a single PF device on the compute node supported more than one VFs and [pci]device_spec configuration allowed nova to use multiple VFs from a single PF.

  • Fix displaying the reason messages from the Ironic validate node operation that is called just before the instance is deployed on the bare metal node. The message from Ironic is now correctly logged. Fixes bug 2100009 <https://bugs.launchpad.net/nova/+bug/2100009>_.

  • The nova (metadata)api wsgi application will now detect fatal errors (configuration, et al) on startup and lock into a permanent error state until fixed and restarted. This solves a problem with some wsgi runtimes ignoring initialization errors and continuing to send requests to the half-initialized service. See https://bugs.launchpad.net/nova/+bug/2103811 for more details.

  • When live migration fails during pre_live_migration on the destination, during rollback Cinder volumes will now be disconnected from the destination locally instead of remotely over RPC from the source. This should ensure that only connection_info for the destination will be used to disconnect volumes from the destination. See bug #1899835 for more details.