Product update: Virtuozzo 7.0 Update 4 (7.0.4-1025)

Issue date: 2017-05-03

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-033

1. Overview

The Update 4 for Virtuozzo 7.0 provides new features, a security fix, and stability and usability bug fixes.

2. Security Fixes

  • [Moderate] A vulnerability in container resource limiting mechanism could potentially lead to DoS attacks. (PSBM-60181)

3. New Features

  • Virtuozzo Storage RAID6 performance and stability improvements. A number of optimizations improving performance of data located on Virtuozzo Storage with erasure coding.

  • Virtuozzo Storage UI. You can now manage Virtuozzo Storage more easily from a web-based management panel. With it, you can create, manage, and monitor clusters, create and manage datastores for virtual machines, containers, and backups, export data to iSCSI and S3, as well as perform other tasks. For more details, see the new Virtuozzo Storage Administrator’s Guide

  • Converged installation of Virtuozzo with Virtuozzo Automator and Virtuozzo Storage UI. The updated installation program enables you to install Virtuozzo in combination with Virtuozzo Storage and Virtuozzo Automator management panels. Nodes you install Virtuozzo on can be registered in these panels automatically.

  • Rebase to the RHEL7.3 kernel 3.10.0-514.el7. RHEL7.3 is a major update bringing a number of features, bug fixes, and support for new hardware.

  • Configurable virtual machine behavior after guest OS crash. Now, instead of freezing, virtual machines can be set to automatically pause or reboot on guest OS crash.

  • Automatic disk compacting (by fstrim) for Linux virtual machines. Now installing Virtuozzo guest tools schedules weekly automatic trimming of filesystems in Linux guests by means of the fstrim service. It reclaims unused storage space by discarding data blocks unused by VM’s filesystem (if the filesystem supports it). However, note that replicas in Virtuozzo Storage do not support this feature while RAID6 does.

  • Automatic update of guest tools inside virtual machines. Now after you update the guest tools packages on the node, Virtuozzo will automatically update installed guest tools in running virtual machines by means of a weekly cron job.

  • Hyper-V paravirtualization storage device emulation. Now Windows virtual machines work with Virtuozzo hypervisor natively like it is Hyper-V. This feature is experimental as it only supports storage drives without UEFI support.

  • Live QEMU update. Virtuozzo can update KVM/QEMU hypervisor live in running virtual machines that have KVM/QEMU version 2.6.0 or newer.

  • Firewall enabled by default. Now Virtuozzo has firewall enabled by default with rules to open required ports.

  • Backup and restore of Virtuozzo 6 virtual machines and containers to and from Virtuozzo 7 servers. Virtuozzo 7 servers can now act as backup nodes for Virtuozzo 6.

  • Improvements in CRIU, ploop, VNC, etc.

4. Bug Fixes

  • Slow I/O (low IOPS) for scattered files in guest. (PSBM-62298)

  • Nodes could crash spontaneously due to a kernel bug. (PSBM-62208)

  • Renamed VM could fail to migrate by shaman because shaman resource was not renamed on VM rename. (PSBM-61822)

  • Migration of containers under sshd attacks could fail. (PSBM-61573)

  • Console could stop working after successful VM migration. (PSBM-61470)

  • autofs mountpoint is lost after migration. (PSBM-60980)

  • Moving containers to or from Virtuozzo Storage could create orphaned temporary snapshots. (PSBM-59212)

  • License could not be activated if only the bonded interface had IP address assigned. (PSBM-58809)

  • Live container migration could hang after hitting a memory limit. (PSBM-58228)

  • Node could crash during pfcache activity. (PSBM-44587)

  • Other issues. (PSBM-64707, PSBM-64416, PSBM-64271, PSBM-64068, PSBM-63453, PSBM-62537, PSBM-62257, PSBM-61944, PSBM-61483, PSBM-61459, PSBM-61127, PSBM-60716, PSBM-60644, PSBM-60197, PSBM-60144, PSBM-59983, PSBM-59905, PSBM-59684, PSBM-59199, PSBM-55992, PSBM-55911, PSBM-55907, PSBM-52674, PSBM-52393)

5. Installing the Update

Install the update by running ‘yum update’.

The JSON file with the list of new and updated packages is available at