Or just run 'autotools/check-news <NEWS' manually from the root of your repository.
On Wed, Jan 27, 2016 at 5:41 PM, 'Helga Velroyen' via ganeti-devel < [email protected]> wrote: > > > On Wed, 27 Jan 2016 at 17:23 'Viktor Bachraty' via ganeti-devel < > [email protected]> wrote: > >> Mention all more significant changes since 2.16.0~beta1. >> >> Signed-off-by: Viktor Bachraty <[email protected]> >> --- >> NEWS | 469 >> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- >> 1 file changed, 456 insertions(+), 13 deletions(-) >> >> diff --git a/NEWS b/NEWS >> index a6c9803..0f5e3c5 100644 >> --- a/NEWS >> +++ b/NEWS >> @@ -1,11 +1,10 @@ >> News >> ==== >> >> - >> Version 2.16.0 beta2 >> -------------------- >> >> -*(unreleased)* >> +*(Released Tue, 27 Jan 2016)* >> > > The 27th is Wed and not Tue :) > > Also, I doubt you will make a complete release today, so it is usually > better to set the date to the next day. > > Also, I think doclint will yell at the line that you removed above. > > >> >> Incompatible/important changes >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> @@ -14,16 +13,6 @@ Incompatible/important changes >> Instead, the cluster configuration parameter ``modify_ssh_setup`` is >> used to determine whether or not to manipulate the SSH setup of a new >> node. >> - >> - >> -Version 2.16.0 beta1 >> --------------------- >> - >> -*(Released Tue, 28 Jul 2015)* >> - >> -Incompatible/important changes >> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> - > > - The IAllocator protocol has been extended by a new >> ``allocate-secondary`` >> request type. Currently, this new request type is only used when in >> disk >> conversion to DRBD no secondary node is specified. As long as this new >> @@ -33,6 +22,10 @@ Incompatible/important changes >> storage. To obtain the old behavior, add the ``--no-capacity-checks`` >> option. >> - ``hail`` now tries to keep the overall cluster balanced; in particular >> it >> now prefers more empty groups over groups that are internally more >> balanced. >> +- Timeouts for communication with luxid have been increased. As a >> consequence, >> + Ganeti tools communicating (directly or indirectly) with luxid also >> time out >> + later. Please increase all timeouts for higher level tools interacting >> with >> + Ganeti accordingly. >> >> New features >> ~~~~~~~~~~~~ >> @@ -50,6 +43,457 @@ New dependencies >> On Debian-based systems, it is available as a part of the 'libcap2-bin' >> package. >> >> +Changes since beta1 >> +~~~~~~~~~~~~~~~~~~~ >> +- Set block buffering for UDSServer >> +- Fix failover in case the source node is offline >> +- Add a parameter to ignore groups in capacity checks >> +- Make hspace correctly handle --independent-groups >> +- Accept BoringSSL as a known good ssl library >> +- Make CommitTemporaryIPs call out to WConfD >> +- Fix requested instance desired location tags in IAllocator >> +- monitor: Use hvinfo in QMP methods >> +- KVM: Work around QEMU commit 48f364dd >> +- KVM: Introduce scsi_controller_type and kvm_pci_reservations hvparams >> +- Improvements in SSH key handling >> +- Do not generate the ganeti_pub_keys file with --no-ssh-init >> +- Support force option for deactivate disks on RAPI >> +- Add a --dry-run option to htools >> +- Extended logging to improve traceability >> +- Many documentation improvements and cleanups >> +- Performance optimizations on larger clusters >> +- Various QA and testing improvements >> + >> +Fixes inherited from 2.15 branch: >> + >> +- Metad: ignore instances that have no communication NIC >> +- For queries, take the correct base address of an IP block >> +- Fix computation in network blocks >> +- Use bulk-adding of keys in renew-crypto >> +- Introduce bulk-adding of SSH keys >> +- Handle SSH key distribution on auto promotion >> +- Do not remove authorized key of node itself >> +- Support force option for deactivate disks on RAPI >> +- renew-crypto: use bulk-removal of SSH keys >> +- Bulk-removal of SSH keys >> +- Catch IOError of SSH files when removing node >> +- Fix renew-crypto on one-node-cluster >> +- Increase timeout of RPC adding/removing keys >> +- After TestNodeModify, fix the pool of master candidates >> + >> +Fixes inherited from 2.14 branch: >> + >> +- bdev: Allow userspace-only disk templates >> +- Export disk's userspace URI to OS scripts >> +- Fix instance failover in case of DTS_EXT_MIRROR >> +- Set node tags in iallocator htools backend >> +- Fix faulty iallocator type check >> +- Allow disk attachment to diskless instances >> +- Allow disk attachment with external storage >> + >> +Fixes inherited from 2.13 branch: >> + >> +- Improve xl socat migrations >> +- Renew-crypto: stop daemons on master node first >> +- Extend timeout for gnt-cluster renew-crypto >> + >> +Fixes inherited from 2.12 branch: >> + >> +- Accept timeout errors when luxi down >> +- Fix disabling of user shutdown reporting >> +- gnt-node add: password auth is only one method >> +- Fix inconsistency in python and haskell objects >> +- Increase default disk size of burnin to 1G >> +- Only search for Python-2 interpreters >> +- Handle Xen 4.3 states better >> +- Return the correct error code in the post-upgrade script >> +- Make openssl refrain from DH altogether >> +- Fix upgrades of instances with missing creation time >> +- Check for healthy majority on master failover with voting >> +- Pass arguments to correct daemons during master-failover >> + >> +Fixes inherited from 2.11 branch: >> + >> +- At IAlloc backend guess state from admin state >> +- Fix default for --default-iallocator-params >> + >> +Fixes inherited from 2.10 branch: >> + >> +- Make htools tolerate missing "dtotal" and "dfree" on luxi >> +- KVM: explicitly configure routed NICs late >> + >> +Fixes inherited from the 2.9 branch: >> + >> +- Security patch for CVE-2015-7944 RAPI Vulnerable to DoS via SSL >> renegotiation >> +- Security patch for CVE-2015-7945 Leak DRBD secret via RAPI >> +- replace-disks: fix --ignore-ipolicy >> + >> +Version 2.16.0 beta1 >> +-------------------- >> + >> +*(Released Tue, 28 Jul 2015)* >> + >> +This was the first beta release of the 2.16 series. All important changes >> +are listed in the latest 2.16 entry. >> + >> +Version 2.15.2 >> +-------------- >> + >> +*(Released Wed, 16 Dec 2015)* >> + >> +Important changes and security notes >> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> + >> +Security release. >> + >> +CVE-2015-7944 >> + >> +Ganeti provides a RESTful control interface called the RAPI. Its HTTPS >> +implementation is vulnerable to DoS attacks via client-initiated SSL >> +parameter renegotiation. While the interface is not meant to be exposed >> +publicly, due to the fact that it binds to all interfaces, we believe >> +some users might be exposing it unintentionally and are vulnerable. A >> +DoS attack can consume resources meant for Ganeti daemons and instances >> +running on the master node, making both perform badly. >> + >> +Fixes are not feasible due to the OpenSSL Python library not exposing >> +functionality needed to disable client-side renegotiation. Instead, we >> +offer instructions on how to control RAPI's exposure, along with info >> +on how RAPI can be setup alongside an HTTPS proxy in case users still >> +want or need to expose the RAPI interface. The instructions are >> +outlined in Ganeti's security document: doc/html/security.html >> + >> +CVE-2015-7945 >> + >> +Ganeti leaks the DRBD secret through the RAPI interface. Examining job >> +results after an instance information job reveals the secret. With the >> +DRBD secret, access to the local cluster network, and ARP poisoning, >> +an attacker can impersonate a Ganeti node and clone the disks of a >> +DRBD-based instance. While an attacker with access to the cluster >> +network is already capable of accessing any data written as DRBD >> +traffic is unencrypted, having the secret expedites the process and >> +allows access to the entire disk. >> + >> +Fixes contained in this release prevent the secret from being exposed >> +via the RAPI. The DRBD secret can be changed by converting an instance >> +to plain and back to DRBD, generating a new secret, but redundancy will >> +be lost until the process completes. >> +Since attackers with node access are capable of accessing some and >> +potentially all data even without the secret, we do not recommend that >> +the secret be changed for existing instances. >> + >> +Minor changes >> +~~~~~~~~~~~~~ >> + >> +- Allow disk aittachment to diskless instances >> +- Reduce memory footprint: Compute lock allocation strictly >> +- Calculate correct affected nodes set in InstanceChangeGroup >> + (Issue 1144) >> +- Reduce memory footprint: Don't keep input for error messages >> +- Use bulk-adding of keys in renew-crypto >> +- Reduce memory footprint: Send answers strictly >> +- Reduce memory footprint: Store keys as ByteStrings >> +- Reduce memory footprint: Encode UUIDs as ByteStrings >> +- Do not retry all requests after connection timeouts to prevent >> + repeated job submission >> +- Fix reason trails of expanding opcodes >> +- Make lockConfig call retryable >> +- Extend timeout for gnt-cluster renew-crypto >> +- Return the correct error code in the post-upgrade script >> +- Make OpenSSL refrain from DH altogether >> +- Fix faulty iallocator type check >> +- Improve cfgupgrade output in case of errors >> +- Fix upgrades of instances with missing creation time >> +- Support force option for deactivate disks on RAPI >> +- Make htools tolerate missing "dtotal" and "dfree" on luxi >> +- Fix default for --default-iallocator-params >> +- Renew-crypto: stop daemons on master node first >> +- Don't warn about broken SSH setup of offline nodes (Issue 1131) >> +- Fix computation in network blocks >> +- At IAlloc backend guess state from admin state >> +- Set node tags in iallocator htools backend >> +- Only search for Python-2 interpreters >> +- Handle Xen 4.3 states better >> +- Improve xl socat migrations >> + >> + >> +Version 2.15.1 >> +-------------- >> + >> +*(Released Mon, 7 Sep 2015)* >> + >> +New features >> +~~~~~~~~~~~~ >> + >> +- The ext template now allows userspace-only disks to be used >> + >> +Bugfixes >> +~~~~~~~~ >> + >> +- Fixed the silently broken 'gnt-instance replace-disks --ignore-ipolicy' >> + command. >> +- User shutdown reporting can now be disabled on Xen using the >> + '--user-shutdown' flag. >> +- Remove falsely reported communication NIC error messages on instance >> start. >> +- Fix 'gnt-node migrate' behavior when no instances are present on a >> node. >> +- Fix the multi-allocation functionality for non-DRBD instances. >> + >> + >> +Version 2.15.0 >> +-------------- >> + >> +*(Released Wed, 29 Jul 2015)* >> + >> +Incompatible/important changes >> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> + >> +- In order to improve allocation efficiency when using DRBD, the cluster >> + metric now takes the total reserved memory into account. A consequence >> + of this change is that the best possible cluster metric is no longer 0. >> + htools(1) interprets minimal cluster scores to be offsets of the >> theoretical >> + lower bound, so only users interpreting the cluster score directly >> should >> + be affected. >> +- This release contains a fix for the problem that different encodings in >> + SSL certificates can break RPC communication (issue 1094). The fix >> makes >> + it necessary to rerun 'gnt-cluster renew-crypto >> --new-node-certificates' >> + after the cluster is fully upgraded to 2.14.1 >> + >> +New features >> +~~~~~~~~~~~~ >> + >> +- On dedicated clusters, hail will now favour allocations filling up >> + nodes efficiently over balanced allocations. >> + >> +New dependencies >> +~~~~~~~~~~~~~~~~ >> + >> +- The indirect dependency on Haskell package 'case-insensitive' is now >> + explicit. >> + >> + >> +Version 2.15.0 rc1 >> +------------------ >> + >> +*(Released Wed, 17 Jun 2015)* >> + >> +This was the first release candidate in the 2.15 series. All important >> +changes are listed in the latest 2.15 entry. >> + >> +Known issues: >> +~~~~~~~~~~~~~ >> + >> +- Issue 1094: differences in encodings in SSL certificates due to >> + different OpenSSL versions can result in rendering a cluster >> + uncommunicative after a master-failover. >> + >> + >> +Version 2.15.0 beta1 >> +-------------------- >> + >> +*(Released Thu, 30 Apr 2015)* >> + >> +This was the second beta release in the 2.15 series. All important >> changes >> +are listed in the latest 2.15 entry. >> + >> + >> +Version 2.14.2 >> +-------------- >> + >> +*(Released Tue, 15 Dec 2015)* >> + >> +Important changes and security notes >> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> + >> +Security release. >> + >> +CVE-2015-7944 >> + >> +Ganeti provides a RESTful control interface called the RAPI. Its HTTPS >> +implementation is vulnerable to DoS attacks via client-initiated SSL >> +parameter renegotiation. While the interface is not meant to be exposed >> +publicly, due to the fact that it binds to all interfaces, we believe >> +some users might be exposing it unintentionally and are vulnerable. A >> +DoS attack can consume resources meant for Ganeti daemons and instances >> +running on the master node, making both perform badly. >> + >> +Fixes are not feasible due to the OpenSSL Python library not exposing >> +functionality needed to disable client-side renegotiation. Instead, we >> +offer instructions on how to control RAPI's exposure, along with info >> +on how RAPI can be setup alongside an HTTPS proxy in case users still >> +want or need to expose the RAPI interface. The instructions are >> +outlined in Ganeti's security document: doc/html/security.html >> + >> +CVE-2015-7945 >> + >> +Ganeti leaks the DRBD secret through the RAPI interface. Examining job >> +results after an instance information job reveals the secret. With the >> +DRBD secret, access to the local cluster network, and ARP poisoning, >> +an attacker can impersonate a Ganeti node and clone the disks of a >> +DRBD-based instance. While an attacker with access to the cluster >> +network is already capable of accessing any data written as DRBD >> +traffic is unencrypted, having the secret expedites the process and >> +allows access to the entire disk. >> + >> +Fixes contained in this release prevent the secret from being exposed >> +via the RAPI. The DRBD secret can be changed by converting an instance >> +to plain and back to DRBD, generating a new secret, but redundancy will >> +be lost until the process completes. >> +Since attackers with node access are capable of accessing some and >> +potentially all data even without the secret, we do not recommend that >> +the secret be changed for existing instances. >> + >> +Minor changes >> +~~~~~~~~~~~~~ >> + >> +- Allow disk attachment to diskless instances >> +- Calculate correct affected nodes set in InstanceChangeGroup >> + (Issue 1144) >> +- Do not retry all requests after connection timeouts to prevent >> + repeated job submission >> +- Fix reason trails of expanding opcodes >> +- Make lockConfig call retryable >> +- Extend timeout for gnt-cluster renew-crypto >> +- Return the correct error code in the post-upgrade script >> +- Make OpenSSL refrain from DH altogether >> +- Fix faulty iallocator type check >> +- Improve cfgupgrade output in case of errors >> +- Fix upgrades of instances with missing creation time >> +- Make htools tolerate missing "dtotal" and "dfree" on luxi >> +- Fix default for --default-iallocator-params >> +- Renew-crypto: stop daemons on master node first >> +- Don't warn about broken SSH setup of offline nodes (Issue 1131) >> +- At IAlloc backend guess state from admin state >> +- Set node tags in iallocator htools backend >> +- Only search for Python-2 interpreters >> +- Handle Xen 4.3 states better >> +- Improve xl socat migrations >> +- replace-disks: fix --ignore-ipolicy >> +- Fix disabling of user shutdown reporting >> +- Allow userspace-only disk templates >> +- Fix instance failover in case of DTS_EXT_MIRROR >> +- Fix operations on empty nodes by accepting allocation of 0 jobs >> +- Fix instance multi allocation for non-DRBD disks >> +- Redistribute master key on downgrade >> +- Allow more failover options when using the --no-disk-moves flag >> + >> + >> +Version 2.14.1 >> +-------------- >> + >> +*(Released Fri, 10 Jul 2015)* >> + >> +Incompatible/important changes >> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> + >> +- The SSH security changes reduced the number of nodes which can SSH into >> + other nodes. Unfortunately enough, the Ganeti implementation of >> migration >> + for the xl stack of Xen required SSH to be able to migrate the >> instance, >> + leading to a situation where full movement of an instance around the >> cluster >> + was not possible. This version fixes the issue by using socat to >> transfer >> + instance data. While socat is less secure than SSH, it is about as >> secure as >> + xm migrations, and occurs over the secondary network if present. As a >> + consequence of this change, Xen instance migrations using xl cannot >> occur >> + between nodes running 2.14.0 and 2.14.1. >> +- This release contains a fix for the problem that different encodings in >> + SSL certificates can break RPC communication (issue 1094). The fix >> makes >> + it necessary to rerun 'gnt-cluster renew-crypto >> --new-node-certificates' >> + after the cluster is fully upgraded to 2.14.1 >> + >> +Other Changes >> +~~~~~~~~~~~~~ >> + >> +- The ``htools`` now properly work also on shared-storage clusters. >> +- Instance moves now work properly also for the plain disk template. >> +- Filter-evaluation for run-time data filter was fixed (issue 1100). >> +- Various improvements to the documentation have been added. >> + >> + >> +Version 2.14.0 >> +-------------- >> + >> +*(Released Tue, 2 Jun 2015)* >> + >> +New features >> +~~~~~~~~~~~~ >> + >> +- The build system now enforces external Haskell dependencies to lie in >> + a supported range as declared by our new ganeti.cabal file. >> +- Basic support for instance reservations has been added. Instance >> addition >> + supports a --forthcoming option telling Ganeti to only reserve the >> resources >> + but not create the actual instance. The instance can later be created >> with >> + by passing the --commit option to the instance addition command. >> +- Node tags starting with htools:nlocation: now have a special meaning >> to htools(1). >> + They control between which nodes migration is possible, e.g., during >> hypervisor >> + upgrades. See hbal(1) for details. >> +- The node-allocation lock as been removed for good, thus speeding up >> parallel >> + instance allocation and creation. >> +- The external storage interface has been extended by optional ``open`` >> + and ``close`` scripts. >> + >> +New dependencies >> +~~~~~~~~~~~~~~~~ >> + >> +- Building the Haskell part of Ganeti now requires Cabal and >> cabal-install. >> + >> +Known issues >> +~~~~~~~~~~~~ >> + >> +- Under certain conditions instance doesn't get unpaused after live >> + migration (issue #1050) >> + >> +Since 2.14.0 rc1 >> +~~~~~~~~~~~~~~~~ >> + >> +- The call to the IAllocator in 'gnt-node evacuate' has been fixed. >> +- In opportunistic locking, only ask for those node resource locks where >> + the node lock is held. >> +- Lock requests are repeatable now; this avoids failure of a job in a >> + race condition with a signal sent to the job. >> +- Various improvements to the QA. >> + >> + >> +Version 2.14.0 rc2 >> +------------------ >> + >> +*(Released Tue, 19 May 2015)* >> + >> +This was the second release candidate in the 2.14 series. All important >> +changes are listed in the 2.14.0 entry. >> + >> +Since 2.14.0 rc1 >> +~~~~~~~~~~~~~~~~ >> + >> +- private parameters are now properly exported to instance create scripts >> +- unnecessary config unlocks and upgrades have been removed, improving >> + performance, in particular of cluster verification >> +- some rarely occuring file-descriptor leaks have been fixed >> +- The checks for orphan and lost volumes have been fixed to also work >> + correctly when multiple volume groups are used. >> + >> + >> +Version 2.14.0 rc1 >> +------------------ >> + >> +*(Released Wed, 29 Apr 2015)* >> + >> +This was the first release candidate in the 2.14 series. All important >> +changes are listed in the latest 2.14 entry. >> + >> +Since 2.14.0 beta2 >> +~~~~~~~~~~~~~~~~~~ >> + >> +The following issue has been fixed: >> + >> +- A race condition where a badly timed kill of WConfD could lead to >> + an incorrect configuration. >> + >> +Version 2.16.0 beta1 >> +-------------------- >> + >> +*(Released Tue, 28 Jul 2015)* >> + >> +This was the first beta release of the 2.16 series. All important changes >> +are listed in the latest 2.16 entry. > > > The order of Version entries here is odd. you have 2.15 stuff below 2.16.0 > beta1, but also above? Please check how it should be from previous commit > and ensure consistency! > > >> Version 2.15.2 >> -------------- >> @@ -439,7 +883,6 @@ Version 2.14.0 beta1 >> This was the first beta release of the 2.14 series. All important changes >> are listed in the latest 2.14 entry. >> >> - >> > > Randomly removed line? > > >> Version 2.13.3 >> -------------- >> >> -- >> 2.7.0.rc3.207.g0ac5344 >> >> > Please run doclint on it, the formatting of the NEWS file is checked > really thoroughly there! > > Cheers, > Helga > -- > > Helga Velroyen > Software Engineer > [email protected] > > Google Germany GmbH > Erika-Mann-Strasse 33 > 80636 München > > Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > > Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, > leiten Sie diese bitte nicht weiter, informieren Sie den Absender und > löschen Sie die E-Mail und alle Anhänge. Vielen Dank. > > This e-mail is confidential. If you are not the right addressee please do > not forward it, please inform the sender, and please erase this e-mail > including any attachments. Thanks. > > Hrvoje Ribicic Ganeti Engineering Google Germany GmbH Dienerstr. 12, 80331, München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, leiten Sie diese bitte nicht weiter, informieren Sie den Absender und löschen Sie die E-Mail und alle Anhänge. Vielen Dank. This e-mail is confidential. If you are not the right addressee please do not forward it, please inform the sender, and please erase this e-mail including any attachments. Thanks.
