Product update: Virtuozzo Hybrid Server 7.5 (7.5.0-586)¶
Issue date: 2020-12-03
Applies to: Virtuozzo Hybrid Server 7.5
Virtuozzo Advisory ID: VZA-2020-069
Virtuozzo Hybrid Server 7.5 (formerly Update 15) introduces new features and provides a security fix as well as stability and usability bug fixes. It also introduces a new kernel 3.10.0-1127.18.2.vz7.163.46.
2. Security Fixes¶
[Important] It was found that an unprivileged user could manage VMs located on Virtuozzo Storage. (PSBM-105768)
3. New Features¶
The ability to create and manage Microsoft Windows containers on Microsoft Windows Server nodes from Virtuozzo Hybrid Server 7.5 nodes. For more details, see the User’s Guide. IMPORTANT: This feature is a technical preview. It is not yet ready for production. Please send your feedback to firstname.lastname@example.org. (PSBM-99610)
Libvirt becomes the primary API for Virtuozzo Hybrid Server. Starting from version 7.5, libvirt is the primary virtualization API for managing both Virtuozzo virtual machines and containers. The custom API calls introduced by Virtuozzo are documented in the libvirt-docs package as well as online. (PSBM-99611)
It is now possible to automatically update nodes running Virtuozzo Hybrid Server 7.5 and newer. For more details, see the User’s Guide. (PSBM-83273)
Virtuozzo Hybrid Server 7.5 nodes and their virtual environments can now be monitored via Prometheus. The instructions to set up the nodes are published in the User’s Guide. (PSBM-104026)
Virtuozzo Hybrid Server 7.5 nodes and their virtual environments can now be monitored via Zabbix. The instructions to set up the nodes are published in the User’s Guide. (PSBM-102872)
Virtuozzo Hybrid Server 7.5 virtual machine backups are supported in Acronis Cyber Cloud 20.11. (PSBM-106279, PSBM-105010)
Kubernetes can now run inside Virtuozzo containers. Containers running Docker and Kubernetes can now be migrated. The updated way to install Docker and Kubernetes in a Virtuozzo container is described in the User’s Guide. (PSBM-40110, PSBM-56161, PSBM-105035)
Virtuozzo Storage has been significantly improved. (PSBM-106043, PSBM-107272)
Kernel and networking optimizations reduce I/O latency and CPU consumption and improve performance. Random reads are now up to 1.5 times faster on replication.
Erasure coding self-healing now has less impact on performance. Random writes are up to 2.5 times faster on erasure coding.
Erasure coding is now available for running virtual machines.
Memory management optimizations improve random I/O performance on cluster nodes without running containers or virtual machines. Nodes without virtualization now enjoy up to 3 times faster random writes and up to 1.5 times faster random reads.
Certain mitigations of Intel CPU vulnerabilities are now automatically disabled on cluster nodes without running containers or virtual machines. This boosts random I/O by an extra 10%. NOTE: The disabled mitigations are enabled automatically as soon as a virtual environment starts. For more details, see the User’s Guide.
The installer has been improved for easier configuration of Virtuozzo Storage clusters. See the Installation Guide for more details. The respective kickstart parameters have been added as well and described in the PXE Installation Guide. (PSBM-103904)
A way to repair Virtuozzo containers has been added. See the User’s Guide for more details. (PSBM-105228)
Backup locations can now be configured per virtual environment. The corresponding ‘–backup-path’ parameter for the ‘prlctl’ tool is documented in the User’s Guide. (PSBM-26841)
A host directory can now be bindmounted into a running container without having to restart it. For more details, see the User’s Guide. (PSBM-105592)
Now nft NAT rules can be used inside multiple containers in parallel. NOTE: iptables and nft NAT rules cannot work at the same time, be it on the host or inside containers. (PSBM-102908)
Virtual machine snapshots are now created up to 10 times faster. Reverting to snapshots is faster by up to 30%. (PSBM-105710)
4. Bug Fixes¶
qemu-kvm write performance could be slow during VM snapshot creation. (PSBM-101995)
Containers could hang while trying to access offline NFS shares. (PSBM-99181)
Wrong CPU features could be reported by libvirt, sometimes causing VMs to fail to boot. (PSBM-121810)
Nodes with AMD EPYC CPUs could fail to boot after a microcode update. (PSBM-121681)
Guarantees set for vstorage.slice/vstorage-services.slice could be reset after a short time. (PSBM-105038)
Unable to recover the filesystem inside the ploop. (PSBM-104884)
VM backup creation could fail due an issue with the libvirt thaw operation. (PSBM-107669)
Unclear how to create VMs via libvirt XML templates. (PSBM-105213)
A virtual environment filesystem could become read-only after being processed by pcompact. (PSBM-105850)
Node could crash due to a kernel issue. (PSBM-98148, PSBM-104867)
DKMS modules could fail to build due to incorrect build decision priority in the upstream code. (PSBM-106192)
mmap could be twice slower in CentOS 8 containers compared to CentOS 7 ones. (PSBM-120968)
Unable to resume a suspended container due to a CRIU issue related to the support for Unix socket bindmounts. (PSBM-52730)
Node could crash due to a race condition. (PSBM-122653)
Other fixes (PSBM-10773, PSBM-94394, PSBM-96948, PSBM-100293, PSBM-100999, PSBM-101983, PSBM-102847, PSBM-102977, PSBM-103428, PSBM-103638, PSBM-103727, PSBM-104343, PSBM-104369, PSBM-104393, PSBM-104398, PSBM-104442, PSBM-104729, PSBM-104734, PSBM-104749, PSBM-104819, PSBM-104826, PSBM-104855, PSBM-104922, PSBM-105237, PSBM-105479, PSBM-105520, PSBM-106065, PSBM-106109, PSBM-106220, PSBM-106355, PSBM-106384, PSBM-106495, PSBM-106536, PSBM-106556, PSBM-106785, PSBM-106920, PSBM-121008, PSBM-121043, PSBM-121246, PSBM-121566, PSBM-121833, PSBM-122035, PSBM-122319, PSBM-122655, PSBM-123272)
5. Installing the Update¶
Install the update with ‘yum update’, reboot the host, and switch to the new kernel. If you use Virtuozzo Storage, update hosts one at a time. The Virtuozzo Storage cluster must be healthy before and after each host is updated.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-069.json.