oVirt 4.2.3 Release Notes

The oVirt Project is pleased to announce the availability of the 4.2.3 release as of May 04, 2018.

oVirt is an open source alternative to VMware™ vSphere™, providing an awesome KVM management interface for multi-node virtualization. This release is available now for Red Hat Enterprise Linux 7.5, CentOS Linux 7.5 (or similar).

For a general overview of oVirt, read the Quick Start Guide and visit the About oVirt page.

For detailed installation instructions, read the Installation Guide.

To learn about features introduced before 4.2.3, see the release notes for previous versions.

  1. oVirt 4.2.3 Release Notes
    1. CVE-2018-3639 - Important - oVirt - Speculative Store Bypass
    2. Install / Upgrade from previous versions
      1. CentOS / RHEL
      2. No Fedora support
      3. oVirt Hosted Engine
      4. EPEL
    3. What's New in 4.2.3?
      1. Enhancements
        1. oVirt Engine
        2. VDSM
        3. oVirt Hosted Engine Setup
        4. oVirt Engine Metrics
        5. cockpit-ovirt
      2. Bug Fixes
        1. oVirt Engine
        2. VDSM
        3. oVirt Hosted Engine HA
        4. oVirt Hosted Engine Setup
        5. imgbased
      3. Other
        1. oVirt Engine
        2. VDSM
        3. oVirt Engine SDK 4 Python
        4. oVirt image transfer daemon and proxy
        5. oVirt Hosted Engine Setup
        6. oVirt Engine Metrics
        7. cockpit-ovirt
        8. oVirt Engine Dashboard
        9. VDSM JSON-RPC Java
      4. No Doc Update
        1. oVirt Engine
        2. VDSM

CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

As you may have already heard, an industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. This issue is well described by CVE-2018-3639 announce available at https://access.redhat.com/security/cve/cve-2018-3639.

oVirt team has released on May 23th an update of ovirt-engine to version 4.2.3.7 which add support for SSBD CPUs in order to mitigate the security issue.

If you are running oVirt on Red Hat Enterprise Linux, please apply updates described in https://access.redhat.com/security/cve/cve-2018-3639.

If you are running oVirt on CentOS Linux please apply updated described by:

An update for qemu-kvm-ev has been also tagged for release and announced with CESA-2018:1655 Important: qemu-kvm-ev security update

If you're running oVirt on a different Linux distribution, please check with your vendor for available updates.

Please note that to fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality. At this time, microprocessor microcode will be delivered by the individual manufacturers.

The oVirt team recommends end users and systems administrator to apply any available updates as soon as practical.

Install / Upgrade from previous versions

CentOS / RHEL

In order to install it on a clean system, you need to install

# yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm

and then follow our Installation Guide.

If you're upgrading from a previous release on Enterprise Linux 7 you just need to execute:

  # yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
  # yum update "ovirt-*-setup*"
  # engine-setup

No Fedora support

Regretfully, Fedora is not supported anymore, and RPMs for it are not provided. These are still built for the master branch, so users that want to test them, can use the nightly snapshot. At this point, we only try to fix problems specific to Fedora if they affect developers. For some of the work to be done to restore support for Fedora, see also tracker bug 1460625.

oVirt Hosted Engine

If you're going to install oVirt as a Hosted Engine on a clean system please follow Hosted_Engine_Howto#Fresh_Install guide or the corresponding section in Self Hosted Engine Guide.

If you're upgrading an existing Hosted Engine setup, please follow Hosted_Engine_Howto#Upgrade_Hosted_Engine guide or the corresponding section within the Upgrade Guide.

EPEL

TL;DR Don't enable all of EPEL on oVirt machines.

The ovirt-release package enables the EPEL repositories and includes several specific packages that are required from there. It also enables and uses the CentOS SIG repos, for other packages.

If you want to use other packages from EPEL, you should make sure to use includepkgs and add only those you need avoiding to override packages from other repos.

What's New in 4.2.3?

Enhancements

oVirt Engine

  • BZ 1550135 Failed logging attempts are not audited / logged
    Failed login attempts now appear in the audit log, with details and the user name that failed to log in.
  • BZ 1540955 The Affinity Positive/Negative Value is not updated in the UI window
    The host to VM affinity can now be explicitly disabled, as described in Bug 1493149.

    This change adds 4 new columns to the affinity group table in the UI:
    - 'vm polarity' - Shows if the VM affinity is positive, negative or disabled
    - 'vm enforcing' - Shows if the VM affinity is enforcing or not
    - 'host polarity' - Shows if the VM to host affinity is positive, negative or disabled
    - 'host enforcing' - Shows if the VM to host affinity is enforcing or not
  • BZ 1555268 [RFE] Kernel address space layout randomization [KASLR] support
    Previously, Red Hat Enterprise Linux kernels had kernel address space layout randomization enabled by default. This feature prevented trouble-shooting and analysis of the guest's memory dumps. In the current feature, "vmcoreinfo" is enabled for all Linux guests. It allows a compatible kernel to export the debugging information so that the memory image can be analyzed.
  • BZ 1554111 [RFE] - Report MTU on iface
    Please extend the LLDP note in https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2-beta/html-single/administration_guide/#Editing_host_network_interfaces
    to refer to the new bit of data. It is recommended to check that the MTU of the logical network is less or equal to that supported by peer switches.
  • BZ 1552026 The api does not return the OS architecture
    Operation Systems Information returned by REST API now contains the OS architecture.
  • BZ 1566366 [downstream clone - 4.2.4] [RFE] [RHV] Add support to query illegal images in unlock_entity.sh
  • BZ 1540973 hosts rule in affinity group is always enabled in rest response API (even if disabled in UI )
    Feature:
    The host to VM affinity can now be explicitly disabled. Previously it was always enabled, but it had no effect if no hosts were assigned to the affinity group.

    Reason:
    Having the affinity always enabled could be confusing when using the REST API.
  • BZ 1565099 Bump required Ansible version to 2.5
    Feature:

    Ansible 2.5 is now required for engine and all Ansible roles distributed with oVirt engine

    Reason:

    Result:

VDSM

  • BZ 1551350 [RFE] Add support for querying information from QEMU Guest Agent
    It is now possible to obtain infomation like hostname, OS info, time zone and active users on VMs where ovirt-guest-agent is not installed and only QEMU Guest Agent is present.
  • BZ 1334982 [RFE] Gracefully shutdown Virtual Machines on Host reboot/shutdown.
    Previously, in an emergency, users were required to shut down the hosts to preserve the data center. This caused running virtual machines to be killed by the systemd process without performing a graceful shutdown. As a result, the virtual machines' state became undefined, which led to problematic scenarios for virtual machines running databases such as Oracle and SAP.

    In this release, virtual machines can be gracefully shut down by delaying the systemd process. After the virtual machines are shut down, the systemd process takes control and continues the shutdown. The VDSM is only shut down after the virtual machines have been gracefully shut down, after passing information to the Manager and waiting 5 seconds for the Manager to acknowledge the virtual machines have been shut down.
  • BZ 1447300 enable libguestfs tools on ppc64le
    Sparsify and sysprep can now be run on POWER hosts.
  • BZ 1550106 [RFE] IOProcess thread of storage domain should be correlated to the domain id/name
    Feature:
    Log IOProcessClient's name

    Reason:
    Before this patch, IOProcessesClient name used a counter (e.g. "ioprocess-0") and it was impossible to correlate ioprocess to the storage domain.

    Result:
    This patch changes the client name in IOProcessClient to one of the following (as described in the patch):
    - "Global"
    - "domain-uuid"
    - "/[GlusterSD/]server:_path"

oVirt Hosted Engine Setup

  • BZ 1538934 [RFE] hosted-engine –vm-status should provide a way to detect and warn about failed deployments
    hosted-engine –vm-status should warn the user about past failed or still in progress deployment attempts.

oVirt Engine Metrics

  • BZ 1563681 Add OpenShift 3.9 ansible inventory file and copy in to metrics store machine
    Feature:
    To make OpenShift installation easier, we generate the inventory files and vars.yml file and copy them to the metrics store machine.

    Reason:
    To make OpenShift installation easier

    Result:
    The user does not need to handle the inventory and vars.yml file and can use them when running the OpenShift ansible playbooks.
  • BZ 1560240 OpenShift Logging should use the partition supplied by the user for elasticsearch persistent storage
    In this release, it is possible to configure a persistent storage partition other than the default partition (/var) for Elasticsearch, by setting a parameter in the OpenShift Ansible inventory files.

cockpit-ovirt

  • BZ 1547464 [RFE]Tick mark on one check box in brick configuration should check mark all the bricks under that device.

Bug Fixes

oVirt Engine

  • BZ 1528868 problems upgrading from ovirt 4.1.
  • BZ 1565331 Events tab: search bar/box is missing in 4.2 beta
  • BZ 1547936 [Tracker] Fill the gaps with new OVF parsing
  • BZ 1558054 Adding a new external network fails during auto-sync is running
  • BZ 1567538 Export to OVA fails because of exception in pack_ova.py on host
  • BZ 1539777 Improve Migration summary message

VDSM

  • BZ 1544853 Detect and fix broken volume leases
  • BZ 1551521 KeyError exception in the VDSM when accessing stats['cpuUsage']

oVirt Hosted Engine HA

  • BZ 1567615 Hosted engine - engine restarted during hosted engine VM migration -ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_stop_engine_vm) Engine VM stopped on localhost

oVirt Hosted Engine Setup

  • BZ 1571467 HE deployment fails if fiber channel is used
  • BZ 1571113 Didn't use the temporary password to login to HE-VM by "hosted-engine –add-console-password"
  • BZ 1560610 Storage Domain's size not being updated during deployment.

imgbased

  • BZ 1561258 grub2-mkconfig on node produce incorrect grub2.cfg if a local VG is present

Other

oVirt Engine

  • BZ 1581144 add SSBD CPUs
  • BZ 1579268 Upgrade of PostgreSQL during RHV 4.1 to 4.2 upgrade fails with locale mismatch
    This update enables engine-setup to upgrade PostgreSQL 9.2 to 9.5, even when the locale of the 9.2 database is different from the system locale.

    Doc team: Copied above from bug 1528371. Please note that bug 1528371 was accidentally not fully fixed for 4.2 - the correct fix was added only for the next version, to be 4.3 eventually. You might want to mention this, not sure how, if at all.
  • BZ 1571039 [DR] - Registering of a VM containing snapshots with memory from an imported domain fails with an NPE
  • BZ 1567858 [Regression] - Cannot start VM with vNIC</b>
  • BZ 1530186 Create new Gluster Snapshots Web UI doesn't work
  • BZ 1570388 Add host failed if cluster has a required network
  • BZ 1565681 Engine doesn't track transfers in progress correctly
  • BZ 1568413 admin account constantly gets locked after password changed
  • BZ 1569420 Failed to execute Ansible host-deploy role
  • BZ 1546832 [Tracker] Fill the gaps with engine XML
  • BZ 1559730 Allow backward-compatible CPUs on ppc64le
  • BZ 1560455 VM lease will be removed in case VM is edited while the storage domain which hold the lease is in maintenance
  • BZ 1514025 DC report two master storage domain.
  • BZ 1552025 Host Setup Networks Dialog: hide VFs by default
  • BZ 1529394 [DR] - detaching of a storage domain with existing VM leases for VMs in down status fails which affect the failback flow
    Detaching of a storage domain that contains VM leases of templates and VMs in the system is now allowed.
    The domain will be detached without the actual leases removed from the storage, also the VMs and templates will still contain the lease association and will not run until they are manually removed (this is by design)
  • BZ 1558500 httpd configuration is not updated on upgrade
    engine-setup now checks if apache httpd's ssl.conf file needs updates also on upgrades, prompts accordingly, and applies the updates as needed.
  • BZ 1540624 Cannot get administration portal after logging to IPA domain, WFLYEJB0442: Unexpected Error
  • BZ 1570366 Change OVS cluster switch type label to 'Tech-Preview' instead of 'Experimental'
  • BZ 1551574 failed to attach network with missing address/netmask: they are sometimes stored in DB as empty string instead of NULL
  • BZ 1504673 Improve message for CLUSTER_CANNOT_UPDATE_VM_COMPATIBILITY_VERSION in UI
  • BZ 1512412 missing indexes on engine db
  • BZ 1507434 When importing VM, "Finished importing VM" pop-up event appears although import just started.
  • BZ 1541978 [ko_KR] Text alignment correction needed on compute -> clusters -> new -> fencing policy
  • BZ 1539914 Adding Storage domain with more than 50 character LUN ID succeeds but Storage domain removal fails
  • BZ 1566341 [downstream clone 4.2.4] CloudInit: DNS search parameter is passed incorrectly
  • BZ 1542070 [es_ES] [pt_BR] [Admin Portal] Radio button label 'User Roles' appears misaligned in Spanish google-chrome
  • BZ 1558525 show proper error when authorization to api fails
  • BZ 1576352 rhvm-4.2 reports "no updates found" although there is available updates
  • BZ 1574605 javascript error while accessing Storage -> Volumes on a local storage datacenter with no volumes created yet
  • BZ 1566059 Scoped link local IPv6 addresses break VM listing (happens when ovirt-guest-agent is not installed but qemu-guest-agent is)
  • BZ 1571300 VdsNotRespondingTreatment releases VDS_FENCE lock twice
  • BZ 1563278 transfer image - client inactivity timeout is too short and can't be configured from api
  • BZ 1489968 [RFE] [RHV] Add support to query illegal images in unlock_entity.sh
  • BZ 1551517 after renaming engine, logout takes very long time and error with engine's old fqdn appears in log
  • BZ 1566457 Hot plug CPU is broken on 3.6 clusters after oVirt is upgraded to 4.2
  • BZ 1541777 PowerSaving policy does not balance VM's from host with over-utilized memory
  • BZ 1563426 Unable to setup host local storage - Uncaught exception occurred - Details: (TypeError) : Cannot read property 'b' of null
  • BZ 1565814 HostMonitoring should release lock only once
  • BZ 1561447 VM with a lease manage to remove while the VM lease storage domain is not active
    VM with a lease on a non-active storage domain will fail to remove.

    The VM will remove when the VM lease storage domain is active as similar to disks behavior.

    A workaround is to remove the VM lease in "Edit VM" and then try to remove again, same as we can detach disks from VM even if the storage is down
  • BZ 1561006 VM activation should fail on engine validation when the VM lease domain is not active
  • BZ 1565109 Provide ansible script for changing OVN Provider tunneling network
  • BZ 1554875 When importing a VM with a lease using the UI, the property that indicates whether the VM has a lease ignored
  • BZ 1563579 transfer image - increase default value of UploadImageXhrTimeoutInSeconds
  • BZ 1562013 Use custom system SSH configuration for engine internal Ansible executions
  • BZ 1558034 Creating a partial child snapshot in a VM with an existing snapshot containing a cinder snapshot breaks the snapshot
  • BZ 1551934 No source storage domain identified when trying to move a VM's disk from the problematic storage
  • BZ 1563632 can't switch user when accessing the engine with an active kerberos ticket
  • BZ 1556971 Host stays in "connecting" state for longer time than necessary
  • BZ 1548496 Wrong error message when creating disks in API
  • BZ 1560208 Resize disk: IO exception while processing "PUT" request for path /vms/%vm_id%/diskattachments/%disk_id% with a number too large for the size
  • BZ 1552439 [UI] - Alerts - wrong message when clearing all Alerts
  • BZ 1532709 Host is set to non responsive after update when reboot takes a long time

VDSM

  • BZ 1563165 [SR-IOV] - vdsm no longer persisting and restoring the number on VFs after reboot
  • BZ 1567858 [Regression] - Cannot start VM with vNIC</b>
  • BZ 1568268 Executing ovs commands using ovs-vsctl causes a deadlock sporadically
  • BZ 1567617 Failure to resume VM, Error: Wake up from hibernation failed:'type'.
  • BZ 1561010 vdsm: perform only minimal changes to the domain XML received from Engine
  • BZ 1564146 cpuflags hook should use sap_agent predefined property
    Previously, vdsm-hook-cpuflags required new custom property to add specified cpu flags to the host. For SAP workloads, the property had to carry special keyword "SAP". The previous behavior is preserved, but the SAP portion of the hook is now additionally triggered by setting "sap_agent" predefined property to "true".
  • BZ 1569850 migration fails using Vdsm 4.30.z on cluster <= 4.1 for VMs with payload device
  • BZ 1567801 vGPU: running VM with mdev_type hook switched to pause mode after host upgrade and cannot be run anymore.
  • BZ 1566948 Preview of snapshot with memory crashes on missing `serial' attribute
  • BZ 1557735 VDSM is dead after upgrade to vdsm-4.20.22-1.el7ev.x86_64
  • BZ 1516831 Host fails with Heartbeat periodically
  • BZ 1542466 Traceback in vdsm.log: setBalloonTarget error=Balloon operation is not available
  • BZ 1555248 Report RETP kernel feature
  • BZ 1552713 Unknown VMs are added on libvirt Undefined event
  • BZ 1548845 HotPlug succeeds but ERROR seen in VDSM: VM metrics collection failed with KeyError: 'readOps'

oVirt Engine SDK 4 Python

  • BZ 1529509 Trying to upgrade a host via the API fails with fault - 'no upgrades available'

oVirt image transfer daemon and proxy

  • BZ 1571994 ovirt-image-daemon fails to start due to permissions on ovirt-image-daemon log file causing host deployment to fail

oVirt Hosted Engine Setup

  • BZ 1566162 Cockpit plugin should never use browser's locale
  • BZ 1565730 State field may be missing from virsh output
  • BZ 1567772 Enable Spice + VNC graphical console on the target VM
  • BZ 1565060 Fix a deprecation warning from ansible on Hosted-Engine deployment

oVirt Engine Metrics

  • BZ 1561927 engine.log - timezone handling broken for utc
  • BZ 1566519 Deprecation and other warnings on metrics playbook
  • BZ 1566523 Metrics playbook is not idempotent

cockpit-ovirt

  • BZ 1574202 "Next" button of HE wizard is disabled if gdeploy is not installed
  • BZ 1571117 HE-VM appliance and admin password saved in the setup log file as clear text executing from cockpit
  • BZ 1565528 [branding] "Ovirt" (upstream) is included in rhvh Hosted-engine cockpit UI
  • BZ 1569116 Hyperconverged wizard is not disabled when gdeploy is not present
  • BZ 1568725 Enable VDO option Only if gdeploy version is greater than or equals to gdeploy-2.0.2-25
  • BZ 1543486 [ansible based] Default cluster in HC installation does not have gluster service enabled
  • BZ 1559793 Deploy HE failed with static IP and empty DNS value on the [Generate static network configuration for the engine VM] task
  • BZ 1565591 Ansible: Cockpit didn't retrieve the FC lun, just need the user to input the lun id manually
  • BZ 1568869 HE: the user cannot enter a static IP address for the engine VM: Uncaught ReferenceError: getCidrErrorMsg is not defined
  • BZ 1558059 Some icons show missing font placeholder when running hosted engine wizard
  • BZ 1560351 After changing the iSCSI portal address and fetching, old results are shown
  • BZ 1558084 The iSCSI storage wizard page has weird UI logic
  • BZ 1555368 Network prefix length value is pre-filled but not effective if the user doesn't retype it.

oVirt Engine Dashboard

VDSM JSON-RPC Java

  • BZ 1565814 HostMonitoring should release lock only once

No Doc Update

oVirt Engine

  • BZ 1572445 context-sensitive help URL path regression, 404
  • BZ 1552194 Update name of RHEV-toolsSetup* ISO to attach in search algorithm
  • BZ 1565036 PPC: CreateVDSCommand fails with NullPointerException for VM with sPAPR VSCSI disk attached
  • BZ 1563121 No exception's handling on SerialChildCommandsExecutionCallback
  • BZ 1553305 [PPC] - Starting VM for the 2nd time failed after snapshots created- XML error: target 'sdc' duplicated for disk sources - libvirt.py", line 3676, in defineXML

VDSM

  • BZ 1548110 VDO rpm should be pulled in as rpm dependency