Virtuozzo Hybrid Infrastructure 5.0 (5.0.0-137)

Issue date: 2022-02-07

Applies to: Virtuozzo Hybrid Infrastructure 5.0

Virtuozzo Advisory ID: VZA-2022-006

1. Overview

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers’ interoperability and help expand their services. The improvements cover compute services, object storage, security, and monitoring. Additionally, this release delivers stability improvements and addresses issues found in previous releases.

2. New Features

  • [Compute service] VPN as a service for self-service users. Highly available IPsec VPN with a simplified and automated deployment is now available as a service in the self-service panel.

  • [Compute service] Capacity-based QoS policies for virtual machine volumes. Introduced per-GB QoS policies that allow system administrators to manually configure IOPS and throughput for compute volumes depending on their size. In this release, per-GB QoS policies are available only in the command-line interface.

  • [Compute service] Support for Kubernetes version 1.22. The new version can be used to create Kubernetes clusters.

  • [Compute service] Placement improvements:

    • Placements for flavors in the admin panel. System administrators can now assign placements to flavors in the admin panel.

    • Flavors filtering by placement. When creating virtual machines in the self-service and admin panels, users can easily select flavors with required placements by using the new filter.

  • [Object storage] S3 cross-region replication (CRR) support. Now S3 users can leverage Amazon S3-compatible CRR API, to copy objects asynchronously across buckets stored in different clusters and public cloud providers.

  • [Security] Ability to integrate with external identity providers. System administrators can configure user authentication to the admin and self-service panels through external identity providers that support the OpenID Connect protocol (for example, Active Directory Federation Services). Federated users are automatically mapped to local domain groups based on their identity provider attributes. The set of actions available to federated users is defined by the roles assigned to their domain groups.

  • [User management] User groups support. Now, it is possible to add users to domain groups, for simplified permission management and project assignment.

  • [Monitoring and alerting] Update process monitoring. Added metrics and alerts for the update process, to help system administrators to track the update status remotely and to update multiple clusters to the latest version in time.

  • [Monitoring and alerting] Additional alerts for cluster monitoring. More alerts are now available in the admin panel via the built-in Prometheus and Alertmanager monitoring toolkit. The new alerts cover object storage, core storage, and infrastructure networking. Moreover, you can configure Alertmanager to send notifications via external systems, such as PagerDuty.

3. Important Notes

  • S3 geo-replication and CRR are incompatible. S3 users cannot use CRR if geo-replication has already been enabled between clusters in the admin panel.

  • If you have configured GPU passthrough for compute nodes that do not have the management node role in version 4.7, repeat the instructions from the section “Enabling PCI passthrough and vGPU support” in the Administrator Guide.

  • Kubernetes version 1.22 is available only for new deployments. An in-place update from version 1.21 will be available in the next release.

  • Kubernetes version 1.20 will be deprecated in future releases. Use the currently supported version 1.22 to plan your containerized environments.

  • Kubernetes version 1.19 is deprecated. Update to the currently supported version 1.20.

4. Bug Fixes

  • A virtual machine with an SR-IOV network port cannot boot if multiple SR-IOV network interfaces of a compute node are attached to the same network. (VSTOR-49303)

  • A virtual machine with the SNAT configuration lost its internet connection after the node with an active virtual router was rebooted. (VSTOR-48939)

  • A renewal of load balancer certificates leads to an infinite ‘Configuring’ status. (VSTOR-48536)

  • The IPv6 firewall rule ACCEPT for port 22 accidentally appeared in ip6tables. (VSTOR-47986)

  • A VM migration failed due to an incorrect block device mapping in the database. (VSTOR-47868)

  • Fixed the false-positive alert “Time not synced.” (VSTOR-47426)

  • An alert is raised for an unavailable unassigned disk. (VSTOR-47320)

  • No ability to change the health checker URL of a balancing pool. (VSTOR-46942)

  • Incorrect physical space usage is shown in the admin panel. (VSTOR-46845)

  • A volume is locked by its snapshot operation. (VSTOR-46261)

5. Known Issues

  • An error is not displayed in the self-service panel if the compute cluster does not have enough resources to create a Kubernetes cluster. (VSTOR-43174)

  • Failed to migrate a virtual machine during a compute cluster upgrade. (VSTOR-45662)

  • After detaching a volume, it cannot be attached to another virtual machine because it is still shown in the previous VM configuration. (VSTOR-41107)

  • When the networking service experiences issues connecting to the messaging queue, it leaks memory. (VSTOR-34737)

  • Unable to delete large volume snapshots. (VSTOR-41372)

  • Cannot start a virtual machine after an incomplete migration. (VSTOR-43837)

  • The compute cluster fails after adding nodes with newer versions to the high availability configuration. (VSTOR-46583)

  • After a high availability failover, the task to reconfigure the compute cluster may not start. (VSTOR-43841)

  • An SSD disk is not recognized if it is managed by specific disk controllers. (VSTOR-36155)

  • The node maintenance mode does not evacuate resources as expected. (VSTOR-47350)

  • When a node enters maintenance, virtual machines that failed to be migrated are skipped. (VSTOR-48295)

  • A virtual machine with an ejected PCI-device fails to live migrate. (VSTOR-47907)

  • Snapshot creation can take too long. (VSTOR-48293)

  • After deleting a virtual machine, its volume stays attached. (VSTOR-48099)

  • The default storage policy is not selected by default. (VSTOR-45826)

6. Installing the Update

You can upgrade Virtuozzo Hybrid Infrastructure 4.7 to 5.0 in the SETTINGS > UPDATE section of the admin panel. A reboot is required to complete the upgrade. Upgraded nodes will be rebooted automatically, one at a time. During the reboot, the storage service and the admin panel might be unavailable on cluster configurations without the redundancy of services or data.

The source of this advisory is available in the JSON file.