Virtuozzo Hybrid Infrastructure 5.1 (5.1.0-206)¶
Issue date: 2022-05-25
Applies to: Virtuozzo Hybrid Infrastructure 5.1
Virtuozzo Advisory ID: VZA-2022-018
In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers’ interoperability and help to expand their services. The improvements cover compute services, security, core storage, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous releases.
2. New Features¶
[Compute service] Support for an upgrade to Kubernetes version 1.22. Kubernetes clusters with version 1.21 can now be upgraded to version 1.22.
[Compute service] Support for a clean installation of Kubernetes version 1.23. The new version can be used to create Kubernetes clusters.
[Compute service] Highly available load balancers for Kubernetes clusters. Now, the system will automatically create highly available load balancers for the Kubernetes API and applications (external load balancers). High availability for load balancers is configured for the Kubernetes service via the command-line interface. The separate load balancer for etcd has been removed.
[Compute service] Ability to use load balancer flavors for Kubernetes applications. Self-service users can select the load balancer flavor in a Kubernetes deployment file (external load balancer). It is also possible to select the load balancer size according to your application needs. System administrators can create multiple load balancer flavors by using the OpenStack command-line interface.
[Compute service] Added an option to boot virtual machines in the UEFI mode. Virtual machines can now be booted in the UEFI mode. For virtual machines created from ISO images, UEFI boot is enabled during the VM creation. For virtual machines deployed from templates, UEFI boot is enabled during the template upload.
[Compute service] IPv6 support for load balancers. Added support for IPv6 addresses for load balancers that are created to operate within physical networks.
[Compute service] Configurable default quotas for new projects. The default project quotas for load balancers, Kubernetes clusters, and placements can now be configured via the command-line interface. The default quotas are applied when creating a project via the OpenStack API.
[Security] Improved OpenID authorization. Now, Authorization Code Flow is available in the experimental mode.
[Security] Improved and simplified management and troubleshooting for Kubernetes clusters. A system administrator can run commands inside a Kubernetes virtual machine from the compute node this VM resides on. Users with different roles and access to a specific project can download a Kubernetes configuration file: project members and domain administrators can download the file in the self-service panel, while system administrators can do it via the command-line interface.
[User interface] New object storage screens. Improved user experience with object storage. The screens have been redesigned on the new framework to make the user interface more consistent.
[User interface] Copying of important information to clipboard. Added the possibility to easily copy important text information, such as emails and IP addresses, from the admin panel to other applications.
[Installer] Requirements for quantity of drives. Removed the mandatory requirement to have at least two drives, for system and storage types, in the expert mode. To continue the installation, you will need only one drive for booting.
[Backup storage] Ability to add multiple backup storage registrations.
3. Important Notes¶
Kubernetes version 1.23 is available only for new deployments. An in-place update from version 1.22 will be available in the next release.
Kubernetes version 1.21 will be deprecated in future releases. Use the currently supported version 1.23 to plan your containerized environments.
Kubernetes version 1.20 is deprecated. Update to the currently supported version 1.21.
Object storage integration with Acronis Notary is no longer available.
To improve security, the default TLS version accepted by backup storage is set to 1.2.
4. Bug Fixes¶
An invalid VNC IP address is set for a virtual machine after its migration. (VSTOR-50829)
Load balancer metrics are missing. (VSTOR-51773)
Fixed the soft anti-affinity filter for shelved virtual machines. (VSTOR-52611)
Fixed an issue in the VLAN traffic routing. (VSTOR-52547)
Failed to install the Kubernetes add-on service because of the missing environment variables. (VSTOR-30850)
Unable to delete large volume snapshots. (VSTOR-41372)
The backend services fail to start if a node interface with the management virtual IP address is reassigned to another network. (VSTOR-44604)
The compute cluster fails after adding nodes with newer versions to the high availability configuration. (VSTOR-46583)
After deleting a virtual machine, its volume stays attached. (VSTOR-48099)
When a node enters maintenance, virtual machines that failed to be migrated are skipped. (VSTOR-48295)
Fixed a problem with an OVS bridge when Linux VLANs are used. (VSTOR-51685)
A minor update for quota configuration in the admin panel. (VSTOR-52623)
Storage space usage is wrongly displayed in the self-service panel. (VSTOR-50814)
Cannot start NFS shares and create new ones. (VSTOR-52820)
Important security fixes. (VSTOR-53595, VSTOR-54722, VSTOR-53723)
5. Known Issues¶
When the networking service experiences issues connecting to the messaging queue, it leaks memory. (VSTOR-34737)
After detaching a volume, it cannot be attached to another virtual machine because it is still shown in the previous VM configuration. (VSTOR-41107)
The default storage policy is not selected by default. (VSTOR-45826)
The Docker service stops unexpectedly after a storage-mount crash. (VSTOR-46936)
The node maintenance mode does not evacuate resources as expected. (VSTOR-47350)
Snapshot creation can take too long. (VSTOR-48293)
The object storage CLI does not work as expected with the volume key parameter. (VSTOR-48297)
A Kubernetes node group cannot be removed if its volumes are associated with a deleted VM. (VSTOR-49143)
A virtual machine loses connectivity with the public network due to the non-processed IP rule for its floating IP address. (VSTOR-49875)
The compute service has a wrong unicast rule for the remote port. (VSTOR-50039)
Cannot configure high availability in the admin panel after a failed node replacement in the HA configuration. (VSTOR-50148)
The compute service stops working after changing Kubernetes owner roles. (VSTOR-52250)
6. Installing the Update¶
You can upgrade Virtuozzo Hybrid Infrastructure 5.0 to 5.1 in the SETTINGS > UPDATE section of the admin panel. A reboot is required to complete the upgrade. Upgraded nodes will be rebooted automatically, one at a time. During the reboot, the storage service and the admin panel might be unavailable on cluster configurations without the redundancy of services or data.
The source of this advisory is available in the JSON file.