Ganeti v3.0.0.beta1 Release Notes

Release Date: 2020-06-05 // about 4 years ago
  • ๐Ÿš€ This is a major version pre-release, porting Ganeti to Python 3, fixing bugs and adding new features.

    ๐Ÿš€ This is also the first major release to be created by community contributors exclusively. As of May 2020, Google transferred the maintenance of Ganeti to the community. We would like to thank Google for the support and resources it granted to the project and for allowing the community to carry it forward!

    โฌ†๏ธ Upgrade notes

    ๐Ÿš€ Ganeti versions earlier than 2.16.2 will refuse to upgrade to 3.0 using gnt-cluster upgrade. If you are using your distribution packages, chances are their maintainers will provide a smooth upgrade path from older versions, so check the package release notes. If you build Ganeti from source, please upgrade to 2.16.2 as an intermediate step before upgrading to 3.0, or consult Github issue #1423 for possible workarounds.

    ๐Ÿš€ Note that at this time there is no supported upgrade path for users running Ganeti-2.17 (i.e. 2.17.0 beta1). Ganeti-2.17 was never released, so hopefully no one uses it.

    Important changes

    Python >=3.6 required

    ๐Ÿš€ This release switches the whole Ganeti codebase over to Python 3. Python 2 has reached its end-of-life and is being removed from most distributions, so we opted to skip dual-version support completely and convert the code straight to Python 3-only, the only exception being the RAPI client which remains Python-2 compatible.

    ๐Ÿš€ We have tested the code as well as we can, but there is still the possibility of breakage, as the conversion touches a big part of the codebase that cannot always be tested automatically. Please test this release if possible and report any bugs on GitHub.

    Note that the minimum required Python version is 3.6.

    GHC >= 8 required

    ๐Ÿš€ This release removes support for ancient versions of GHC and now requires at least GHC 8.0 to build.

    VLAN-aware bridging

    ๐Ÿง This version adds support for VLAN-aware bridging. Traditionally setups using multiple VLANs had to create one Linux bridge per VLAN and assign instance NICs to the correct bridge. For large setups this usually incurred a fair amount of configuration that had to be kept in sync between nodes. An alternative was to use OpenVSwitch, for which Ganeti already included VLAN support.

    ๐Ÿ‘ Beginning with 3.0, Ganeti supports VLAN-aware bridging: it is now possible to have a single bridge handling traffic for multiple VLANs and have instance NICs assigned to one or more VLANs using the vlan NIC
    ๐Ÿ‘€ parameter with the same syntax as for OpenVSwitch (see the manpage for gnt-instance). Note that Ganeti expects VLAN support for the bridge to be enabled externally, using ip link set dev <bridge> type bridge vlan_filtering 1.

    Other notable changes

    ๐Ÿ›  Bugfixes:

    • ๐Ÿ”จ Refactor LuxiD's job forking code to make job process creation more reliable. This fixes sporadic failures when polling jobs for status changes, as well as randomly-appearing 30-second delays when enqueueing a new job (#1411).
    • ๐Ÿ‘ท Wait for a Luxi job to actually finish before archiving it. This prevents job file accumulation in master candidate queues (#1266).
    • โฌ†๏ธ Avoid accidentally backing up the export directory on cluster upgrade (#1337).
    • ๐Ÿš€ This release includes all fixes from 2.16.2 as well, please refer to the 2.16.2 changelog below.

    Compatibility changes:

    • Orchestrate KVM live migrations using only QMP (and not the human monitor), ensuring compatibility with QEMU 4.2 (#1433).
    • ๐Ÿ‘‰ Use iproute2 instead of brctl, removing the dependency on bridge-utils (#1394).
    • Enable AM_MAINTAINER_MODE, supporting read-only VPATH builds (#1391).
    • Port from Haskell Crypto (unmaintained) to cryptonite (#1405)
    • Enable compatibility with pyopenssl >=19.1.0 (#1446)

Previous changes from v2.16.1

  • ๐Ÿ›  This is a bugfix and compatibility release.

    Important changes

    โšก๏ธ Updated X.509 certificate signing algorithm

    ๐Ÿ”’ Ganeti now uses the SHA-256 digest algorithm to sign all generated X.509 certificates used to secure the RPC communications between nodes. Previously, Ganeti was using SHA-1 which is seen as weak (but not broken) and has been deprecated by most vendors; most notably, OpenSSL โ€” used by Ganeti on some setups โ€” rejects SHA-1-signed certificates when configured to run on security level 2 and above.

    Users are advised to re-generate Ganeti's server and node certificates after installing 2.16.1 on all nodes using the following command:

      gnt-cluster renew-crypto --new-cluster-certificate

    On setups using RAPI and/or SPICE with Ganeti-generated certificates, --new-rapi-certificate and --new-spice-certificate should be appended to the command above.

    QEMU 3.1 compatibility

    ๐Ÿ‘€ Previous versions of Ganeti used QEMU command line options that were removed in QEMU 3.1, leading to an inability to start KVM instances with QEMU 3.1. This version restores compatibility with QEMU 3.1 by adapting to these changes. This was done in a backwards-compatible way, however there is one special case: Users using VNC with X.509 support enabled will need to be running at least QEMU 2.5. See #1342 for details.

    ๐Ÿ†• Newer GHC support

    ๐Ÿ— Ganeti 2.16.0 could only be built using GHC versions prior to 7.10, as GHC 7.10 and later versions introduced breaking API changes that made the build fail.

    ๐Ÿš€ This release introduces support for building with newer GHC versions: Ganeti is now known to build with GHC 8.0, 8.2 and 8.4. Furthermore, Ganeti can now be built with snap-server 1.0 as well as hinotify 0.3.10 and later. Previously supported versions of GHC and of these libraries remain supported.

    Misc changes

    ๐Ÿ›  Compatibility fixes:

    • ๐Ÿ›  Fix initscript operation on systems with dpkg >= 1.19.4 (#1322) (@apoikos)
    • ๐Ÿ‘Œ Support Sphinx versions later than 1.7 (#1333) (@YSelfTool)
    • ๐Ÿ‘ฎ Force KVM to use cache=none when aio=native is set; this is mandatory for QEMU versions later than 2.6 (#43) (@akosiaris)
    • ๐Ÿ– Handle the new output format of rbd showmapped introduced in Ceph Mimic (#1339) (@atta)
    • ๐Ÿ‘Œ Support current versions of python-psutil (@gedia)
    • ๐Ÿ›  Fix distcheck-hook with automake versions >= 1.15 (@apoikos )
    • ๐Ÿ›  Fix cli tests with shelltestrunner versions >= 1.9 (@apoikos )

    ๐Ÿ›  Bugfixes:

    • Allow IPv6 addresses in the vnc_bind_address KVM hypervisor parameter (#1257) (@candlerb)
    • ๐Ÿ›  Fix iproute2 invocation to accept dev as a valid interface name (#26) (@arnd)
    • Properly handle OpenVSwitch trunk ports without native VLANs (#1324) (@gedia)
    • ๐Ÿ›  Fix virtio-net multiqueue support (#1268) (@gedia)
    • ๐Ÿ‘‰ Make the ganeti-kvm-poweroff example script work on systems with systemd/sysv integration (#1288)
    • Avoid triggering the CPU affinity code when the instance's CPU mask is set to all, relaxing the runtime dependency on python-psutil (@calumcalder)

    ๐ŸŽ Performance improvements:

    • โœ… Speed up Haskell test execution (@iustin)
    • โœ… Speed up Python test execution (@apoikos)

    ๐Ÿ“š Documentation fixes:

    • ๐Ÿ›  Fix a couple of typos in the gnt-instance man page (#1279) (@regnauld)
    • ๐Ÿ›  Fix a typo in doc/install.rst (Igor Vuk)

    โœจ Enhancements:

    • ๐Ÿ”Š KVM process logs are now obtained and saved under /var/log/ganeti/kvm (@yiannist)

    ganeti-2.16.1.tar.gz checksums

    MD5: 3b40440ba0996a0466e129198c342da9 ganeti-2.16.1.tar.gz
    SHA1: 1831ca5389647df96a3edbe2494208f82999e2cb ganeti-2.16.1.tar.gz
    SHA256: 45a79592a912caaa5290411447f661d5b81e99ea555dc272f3459b1d727a557b ganeti-2.16.1.tar.gz