Virtuozzo Hybrid Infrastructure 6.0 Update 1 (6.0.1-76)

Issue date: 2023-12-25

Applies to: Virtuozzo Hybrid Infrastructure 6.0

Virtuozzo Advisory ID: VZA-2023-044

1. Overview

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, object storage, alerts and monitoring. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases.

2. New Features

  • [Compute service] OpenStack Networking improvement. Added the possibility to detach specific TCP ports from one VM to another by using the standard API.

  • [Compute service] Autoscaling to zero for Kubernetes. For the supported versions of Kubernetes and Autoscaler, it is now possible to downsize Kubernetes worker groups to zero nodes, instead of one node.

  • [Compute service] Support for an upgrade to Kubernetes version 1.25.

  • [Compute service] More supported guest operating systems. Added support for the latest versions of Rocky Linux 9, AlmaLinux 9, Red Hat Enterprise Linux 9, and Ubuntu 22.04.

  • [Compute service] Compute service update improvement. Starting from the next update, the OpenStack components will be updated while a node is in the maintenance mode, not at the end of the update process.

  • [Compute service] Domain quotas support. Quotas for vCPUs, RAM, storage policy space can now be set on the domain level. It is also possible to enable nested quota validation.

  • [Compute service] Host gateway mode for Kubernetes clusters connected to a private network. Starting from this release, all new Kubernetes clusters connected to a private network will use the Flannel host-gw mode by default.

  • [Object storage] New CORS options. A system administrator can now configure the default CORS behavior to either disable or enable all cross-origin resource sharing configurations for a bucket, if no other CORS policy is specified.

  • [Object storage] Introduced checks for free storage space. To prevent S3 data from occupying all space in the storage cluster, the S3 service now has a limit on storage space usage.

  • [Object storage] Added storage quotas for S3 users and buckets. Now, you can set, query, and delete storage quotas for S3 users and buckets by using the S3 command-line tool.

  • [Object storage] Improved bucket notification messaging and SNS compatibility. Added notifications for bucket replication events.

  • [Object storage] Configurable number of S3 gateways per node. It is now possible to permanently change the number of S3 gateway services running on each node. This can significantly improve the overall S3 storage performance in clusters with hardware capable of higher storage throughput. The default number of gateways is set to 4 for new deployments.

  • [Security] Improved user authentication with external identity providers. Added the SSL certificate validation option and possibility to change the authentication timeout by using the vinfra tool.

  • [Alerts and monitoring] New metrics for object storage. Added metrics for recurring errors in RPC communications between the object storage services. The new metrics help improve and simplify troubleshooting by monitoring RPC communication issues.

  • [Alerts and monitoring] Alerts for failed system disks. Added alerts to notify about a system disk failure by using the S.M.A.R.T. metrics.

  • [Alerts and monitoring] License expiration alerts. Added reminders about license expiration in 21 and 7 days.

3. Bug Fixes

  • The Gnocchi service gets stuck with zero-size files. (VSTOR-55676)

  • Unable to disable the security setting in the SMTP configuration of email notifications. (VSTOR-61439)

  • Unable to re-add a node to the compute cluster if it was removed in the fenced state from the compute cluster. (VSTOR-73088)

  • Unable to update a Kubernetes cluster after changing a storage policy name. (VSTOR-74391)

  • Unable to create a Kubernetes cluster if the SSH public key has unexpected symbols. (VSTOR-74880)

  • Fixed volume detachment caused by duplicate Block Device Mapping (BDM) records. (VSTOR-74908)

  • Notify the kernel about changes in a block device’s partition table. (VSTOR-75602)

  • Unable to resize a VM disk by using the VirtIO-SCSI protocol under high load. (VSTOR-76058)

  • Unable to upgrade a Kubernetes cluster if all master nodes are in the NotReady state. (VSTOR-76226)

  • Fixed floating IP attachment to load balancers. (VSTOR-76381, VSTOR-76970)

  • Cannot select a node with a soft placement for migrating a VM without a placement in the admin panel. (VSTOR-77100)

  • Unable to stop a backup export after the nova-compute service restart. (VSTOR-77123)

  • An incorrect storage policy may be assigned when cloning volumes. (VSTOR-77622)

  • Recreation of the neutron-openvswitch-agent container leads to deactivation of the hypervisor’s bond interfaces. (VSTOR-77875)

  • The host binding values of the router gateway and SNAT ports should be consistent with the active router node. (VSTOR-79503)

  • Important stability and performance improvements for the backup storage, core storage, and compute services. (VSTOR-75891, VSTOR-76190, VSTOR-76224, VSTOR-76914, VSTOR-76940, VSTOR-77127, VSTOR-78361)

4. Known Issues

  • During the update, you may receive false-positive alerts. Please wait until the update installation is complete, as the raised alerts will be cleared automatically. (VSTOR-67373)

  • A VPN connection may be down after the router gets into the split-brain state. (VSTOR-79576)

5. Installing the Update

You can update Virtuozzo Hybrid Infrastructure in the SETTINGS > UPDATE section of the admin panel. A reboot is not required to obtain this update. Maintenance is required.

The source of this advisory is available in the JSON file.