Thanks for your comments, this was my attention to detail in practice :)
On Wednesday, January 27, 2016 at 5:44:10 PM UTC, Hrvoje Ribicic wrote: > > Or just run 'autotools/check-news <NEWS' manually from the root of your > repository. > > On Wed, Jan 27, 2016 at 5:41 PM, 'Helga Velroyen' via ganeti-devel < > [email protected] <javascript:>> wrote: > >> >> >> On Wed, 27 Jan 2016 at 17:23 'Viktor Bachraty' via ganeti-devel < >> [email protected] <javascript:>> wrote: >> >>> Mention all more significant changes since 2.16.0~beta1. >>> >>> Signed-off-by: Viktor Bachraty <[email protected] <javascript:>> >>> --- >>> NEWS | 469 >>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- >>> 1 file changed, 456 insertions(+), 13 deletions(-) >>> >>> diff --git a/NEWS b/NEWS >>> index a6c9803..0f5e3c5 100644 >>> --- a/NEWS >>> +++ b/NEWS >>> @@ -1,11 +1,10 @@ >>> News >>> ==== >>> >>> - >>> Version 2.16.0 beta2 >>> -------------------- >>> >>> -*(unreleased)* >>> +*(Released Tue, 27 Jan 2016)* >>> >> >> The 27th is Wed and not Tue :) >> >> Also, I doubt you will make a complete release today, so it is usually >> better to set the date to the next day. >> >> Also, I think doclint will yell at the line that you removed above. >> >> >>> >>> Incompatible/important changes >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> @@ -14,16 +13,6 @@ Incompatible/important changes >>> Instead, the cluster configuration parameter ``modify_ssh_setup`` is >>> used to determine whether or not to manipulate the SSH setup of a new >>> node. >>> - >>> - >>> -Version 2.16.0 beta1 >>> --------------------- >>> - >>> -*(Released Tue, 28 Jul 2015)* >>> - >>> -Incompatible/important changes >>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> - >> >> - The IAllocator protocol has been extended by a new >>> ``allocate-secondary`` >>> request type. Currently, this new request type is only used when in >>> disk >>> conversion to DRBD no secondary node is specified. As long as this new >>> @@ -33,6 +22,10 @@ Incompatible/important changes >>> storage. To obtain the old behavior, add the ``--no-capacity-checks`` >>> option. >>> - ``hail`` now tries to keep the overall cluster balanced; in >>> particular it >>> now prefers more empty groups over groups that are internally more >>> balanced. >>> +- Timeouts for communication with luxid have been increased. As a >>> consequence, >>> + Ganeti tools communicating (directly or indirectly) with luxid also >>> time out >>> + later. Please increase all timeouts for higher level tools >>> interacting with >>> + Ganeti accordingly. >>> >>> New features >>> ~~~~~~~~~~~~ >>> @@ -50,6 +43,457 @@ New dependencies >>> On Debian-based systems, it is available as a part of the >>> 'libcap2-bin' >>> package. >>> >>> +Changes since beta1 >>> +~~~~~~~~~~~~~~~~~~~ >>> +- Set block buffering for UDSServer >>> +- Fix failover in case the source node is offline >>> +- Add a parameter to ignore groups in capacity checks >>> +- Make hspace correctly handle --independent-groups >>> +- Accept BoringSSL as a known good ssl library >>> +- Make CommitTemporaryIPs call out to WConfD >>> +- Fix requested instance desired location tags in IAllocator >>> +- monitor: Use hvinfo in QMP methods >>> +- KVM: Work around QEMU commit 48f364dd >>> +- KVM: Introduce scsi_controller_type and kvm_pci_reservations hvparams >>> +- Improvements in SSH key handling >>> +- Do not generate the ganeti_pub_keys file with --no-ssh-init >>> +- Support force option for deactivate disks on RAPI >>> +- Add a --dry-run option to htools >>> +- Extended logging to improve traceability >>> +- Many documentation improvements and cleanups >>> +- Performance optimizations on larger clusters >>> +- Various QA and testing improvements >>> + >>> +Fixes inherited from 2.15 branch: >>> + >>> +- Metad: ignore instances that have no communication NIC >>> +- For queries, take the correct base address of an IP block >>> +- Fix computation in network blocks >>> +- Use bulk-adding of keys in renew-crypto >>> +- Introduce bulk-adding of SSH keys >>> +- Handle SSH key distribution on auto promotion >>> +- Do not remove authorized key of node itself >>> +- Support force option for deactivate disks on RAPI >>> +- renew-crypto: use bulk-removal of SSH keys >>> +- Bulk-removal of SSH keys >>> +- Catch IOError of SSH files when removing node >>> +- Fix renew-crypto on one-node-cluster >>> +- Increase timeout of RPC adding/removing keys >>> +- After TestNodeModify, fix the pool of master candidates >>> + >>> +Fixes inherited from 2.14 branch: >>> + >>> +- bdev: Allow userspace-only disk templates >>> +- Export disk's userspace URI to OS scripts >>> +- Fix instance failover in case of DTS_EXT_MIRROR >>> +- Set node tags in iallocator htools backend >>> +- Fix faulty iallocator type check >>> +- Allow disk attachment to diskless instances >>> +- Allow disk attachment with external storage >>> + >>> +Fixes inherited from 2.13 branch: >>> + >>> +- Improve xl socat migrations >>> +- Renew-crypto: stop daemons on master node first >>> +- Extend timeout for gnt-cluster renew-crypto >>> + >>> +Fixes inherited from 2.12 branch: >>> + >>> +- Accept timeout errors when luxi down >>> +- Fix disabling of user shutdown reporting >>> +- gnt-node add: password auth is only one method >>> +- Fix inconsistency in python and haskell objects >>> +- Increase default disk size of burnin to 1G >>> +- Only search for Python-2 interpreters >>> +- Handle Xen 4.3 states better >>> +- Return the correct error code in the post-upgrade script >>> +- Make openssl refrain from DH altogether >>> +- Fix upgrades of instances with missing creation time >>> +- Check for healthy majority on master failover with voting >>> +- Pass arguments to correct daemons during master-failover >>> + >>> +Fixes inherited from 2.11 branch: >>> + >>> +- At IAlloc backend guess state from admin state >>> +- Fix default for --default-iallocator-params >>> + >>> +Fixes inherited from 2.10 branch: >>> + >>> +- Make htools tolerate missing "dtotal" and "dfree" on luxi >>> +- KVM: explicitly configure routed NICs late >>> + >>> +Fixes inherited from the 2.9 branch: >>> + >>> +- Security patch for CVE-2015-7944 RAPI Vulnerable to DoS via SSL >>> renegotiation >>> +- Security patch for CVE-2015-7945 Leak DRBD secret via RAPI >>> +- replace-disks: fix --ignore-ipolicy >>> + >>> +Version 2.16.0 beta1 >>> +-------------------- >>> + >>> +*(Released Tue, 28 Jul 2015)* >>> + >>> +This was the first beta release of the 2.16 series. All important >>> changes >>> +are listed in the latest 2.16 entry. >>> + >>> +Version 2.15.2 >>> +-------------- >>> + >>> +*(Released Wed, 16 Dec 2015)* >>> + >>> +Important changes and security notes >>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> + >>> +Security release. >>> + >>> +CVE-2015-7944 >>> + >>> +Ganeti provides a RESTful control interface called the RAPI. Its HTTPS >>> +implementation is vulnerable to DoS attacks via client-initiated SSL >>> +parameter renegotiation. While the interface is not meant to be exposed >>> +publicly, due to the fact that it binds to all interfaces, we believe >>> +some users might be exposing it unintentionally and are vulnerable. A >>> +DoS attack can consume resources meant for Ganeti daemons and instances >>> +running on the master node, making both perform badly. >>> + >>> +Fixes are not feasible due to the OpenSSL Python library not exposing >>> +functionality needed to disable client-side renegotiation. Instead, we >>> +offer instructions on how to control RAPI's exposure, along with info >>> +on how RAPI can be setup alongside an HTTPS proxy in case users still >>> +want or need to expose the RAPI interface. The instructions are >>> +outlined in Ganeti's security document: doc/html/security.html >>> + >>> +CVE-2015-7945 >>> + >>> +Ganeti leaks the DRBD secret through the RAPI interface. Examining job >>> +results after an instance information job reveals the secret. With the >>> +DRBD secret, access to the local cluster network, and ARP poisoning, >>> +an attacker can impersonate a Ganeti node and clone the disks of a >>> +DRBD-based instance. While an attacker with access to the cluster >>> +network is already capable of accessing any data written as DRBD >>> +traffic is unencrypted, having the secret expedites the process and >>> +allows access to the entire disk. >>> + >>> +Fixes contained in this release prevent the secret from being exposed >>> +via the RAPI. The DRBD secret can be changed by converting an instance >>> +to plain and back to DRBD, generating a new secret, but redundancy will >>> +be lost until the process completes. >>> +Since attackers with node access are capable of accessing some and >>> +potentially all data even without the secret, we do not recommend that >>> +the secret be changed for existing instances. >>> + >>> +Minor changes >>> +~~~~~~~~~~~~~ >>> + >>> +- Allow disk aittachment to diskless instances >>> +- Reduce memory footprint: Compute lock allocation strictly >>> +- Calculate correct affected nodes set in InstanceChangeGroup >>> + (Issue 1144) >>> +- Reduce memory footprint: Don't keep input for error messages >>> +- Use bulk-adding of keys in renew-crypto >>> +- Reduce memory footprint: Send answers strictly >>> +- Reduce memory footprint: Store keys as ByteStrings >>> +- Reduce memory footprint: Encode UUIDs as ByteStrings >>> +- Do not retry all requests after connection timeouts to prevent >>> + repeated job submission >>> +- Fix reason trails of expanding opcodes >>> +- Make lockConfig call retryable >>> +- Extend timeout for gnt-cluster renew-crypto >>> +- Return the correct error code in the post-upgrade script >>> +- Make OpenSSL refrain from DH altogether >>> +- Fix faulty iallocator type check >>> +- Improve cfgupgrade output in case of errors >>> +- Fix upgrades of instances with missing creation time >>> +- Support force option for deactivate disks on RAPI >>> +- Make htools tolerate missing "dtotal" and "dfree" on luxi >>> +- Fix default for --default-iallocator-params >>> +- Renew-crypto: stop daemons on master node first >>> +- Don't warn about broken SSH setup of offline nodes (Issue 1131) >>> +- Fix computation in network blocks >>> +- At IAlloc backend guess state from admin state >>> +- Set node tags in iallocator htools backend >>> +- Only search for Python-2 interpreters >>> +- Handle Xen 4.3 states better >>> +- Improve xl socat migrations >>> + >>> + >>> +Version 2.15.1 >>> +-------------- >>> + >>> +*(Released Mon, 7 Sep 2015)* >>> + >>> +New features >>> +~~~~~~~~~~~~ >>> + >>> +- The ext template now allows userspace-only disks to be used >>> + >>> +Bugfixes >>> +~~~~~~~~ >>> + >>> +- Fixed the silently broken 'gnt-instance replace-disks >>> --ignore-ipolicy' >>> + command. >>> +- User shutdown reporting can now be disabled on Xen using the >>> + '--user-shutdown' flag. >>> +- Remove falsely reported communication NIC error messages on instance >>> start. >>> +- Fix 'gnt-node migrate' behavior when no instances are present on a >>> node. >>> +- Fix the multi-allocation functionality for non-DRBD instances. >>> + >>> + >>> +Version 2.15.0 >>> +-------------- >>> + >>> +*(Released Wed, 29 Jul 2015)* >>> + >>> +Incompatible/important changes >>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> + >>> +- In order to improve allocation efficiency when using DRBD, the cluster >>> + metric now takes the total reserved memory into account. A consequence >>> + of this change is that the best possible cluster metric is no longer >>> 0. >>> + htools(1) interprets minimal cluster scores to be offsets of the >>> theoretical >>> + lower bound, so only users interpreting the cluster score directly >>> should >>> + be affected. >>> +- This release contains a fix for the problem that different encodings >>> in >>> + SSL certificates can break RPC communication (issue 1094). The fix >>> makes >>> + it necessary to rerun 'gnt-cluster renew-crypto >>> --new-node-certificates' >>> + after the cluster is fully upgraded to 2.14.1 >>> + >>> +New features >>> +~~~~~~~~~~~~ >>> + >>> +- On dedicated clusters, hail will now favour allocations filling up >>> + nodes efficiently over balanced allocations. >>> + >>> +New dependencies >>> +~~~~~~~~~~~~~~~~ >>> + >>> +- The indirect dependency on Haskell package 'case-insensitive' is now >>> + explicit. >>> + >>> + >>> +Version 2.15.0 rc1 >>> +------------------ >>> + >>> +*(Released Wed, 17 Jun 2015)* >>> + >>> +This was the first release candidate in the 2.15 series. All important >>> +changes are listed in the latest 2.15 entry. >>> + >>> +Known issues: >>> +~~~~~~~~~~~~~ >>> + >>> +- Issue 1094: differences in encodings in SSL certificates due to >>> + different OpenSSL versions can result in rendering a cluster >>> + uncommunicative after a master-failover. >>> + >>> + >>> +Version 2.15.0 beta1 >>> +-------------------- >>> + >>> +*(Released Thu, 30 Apr 2015)* >>> + >>> +This was the second beta release in the 2.15 series. All important >>> changes >>> +are listed in the latest 2.15 entry. >>> + >>> + >>> +Version 2.14.2 >>> +-------------- >>> + >>> +*(Released Tue, 15 Dec 2015)* >>> + >>> +Important changes and security notes >>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> + >>> +Security release. >>> + >>> +CVE-2015-7944 >>> + >>> +Ganeti provides a RESTful control interface called the RAPI. Its HTTPS >>> +implementation is vulnerable to DoS attacks via client-initiated SSL >>> +parameter renegotiation. While the interface is not meant to be exposed >>> +publicly, due to the fact that it binds to all interfaces, we believe >>> +some users might be exposing it unintentionally and are vulnerable. A >>> +DoS attack can consume resources meant for Ganeti daemons and instances >>> +running on the master node, making both perform badly. >>> + >>> +Fixes are not feasible due to the OpenSSL Python library not exposing >>> +functionality needed to disable client-side renegotiation. Instead, we >>> +offer instructions on how to control RAPI's exposure, along with info >>> +on how RAPI can be setup alongside an HTTPS proxy in case users still >>> +want or need to expose the RAPI interface. The instructions are >>> +outlined in Ganeti's security document: doc/html/security.html >>> + >>> +CVE-2015-7945 >>> + >>> +Ganeti leaks the DRBD secret through the RAPI interface. Examining job >>> +results after an instance information job reveals the secret. With the >>> +DRBD secret, access to the local cluster network, and ARP poisoning, >>> +an attacker can impersonate a Ganeti node and clone the disks of a >>> +DRBD-based instance. While an attacker with access to the cluster >>> +network is already capable of accessing any data written as DRBD >>> +traffic is unencrypted, having the secret expedites the process and >>> +allows access to the entire disk. >>> + >>> +Fixes contained in this release prevent the secret from being exposed >>> +via the RAPI. The DRBD secret can be changed by converting an instance >>> +to plain and back to DRBD, generating a new secret, but redundancy will >>> +be lost until the process completes. >>> +Since attackers with node access are capable of accessing some and >>> +potentially all data even without the secret, we do not recommend that >>> +the secret be changed for existing instances. >>> + >>> +Minor changes >>> +~~~~~~~~~~~~~ >>> + >>> +- Allow disk attachment to diskless instances >>> +- Calculate correct affected nodes set in InstanceChangeGroup >>> + (Issue 1144) >>> +- Do not retry all requests after connection timeouts to prevent >>> + repeated job submission >>> +- Fix reason trails of expanding opcodes >>> +- Make lockConfig call retryable >>> +- Extend timeout for gnt-cluster renew-crypto >>> +- Return the correct error code in the post-upgrade script >>> +- Make OpenSSL refrain from DH altogether >>> +- Fix faulty iallocator type check >>> +- Improve cfgupgrade output in case of errors >>> +- Fix upgrades of instances with missing creation time >>> +- Make htools tolerate missing "dtotal" and "dfree" on luxi >>> +- Fix default for --default-iallocator-params >>> +- Renew-crypto: stop daemons on master node first >>> +- Don't warn about broken SSH setup of offline nodes (Issue 1131) >>> +- At IAlloc backend guess state from admin state >>> +- Set node tags in iallocator htools backend >>> +- Only search for Python-2 interpreters >>> +- Handle Xen 4.3 states better >>> +- Improve xl socat migrations >>> +- replace-disks: fix --ignore-ipolicy >>> +- Fix disabling of user shutdown reporting >>> +- Allow userspace-only disk templates >>> +- Fix instance failover in case of DTS_EXT_MIRROR >>> +- Fix operations on empty nodes by accepting allocation of 0 jobs >>> +- Fix instance multi allocation for non-DRBD disks >>> +- Redistribute master key on downgrade >>> +- Allow more failover options when using the --no-disk-moves flag >>> + >>> + >>> +Version 2.14.1 >>> +-------------- >>> + >>> +*(Released Fri, 10 Jul 2015)* >>> + >>> +Incompatible/important changes >>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> + >>> +- The SSH security changes reduced the number of nodes which can SSH >>> into >>> + other nodes. Unfortunately enough, the Ganeti implementation of >>> migration >>> + for the xl stack of Xen required SSH to be able to migrate the >>> instance, >>> + leading to a situation where full movement of an instance around the >>> cluster >>> + was not possible. This version fixes the issue by using socat to >>> transfer >>> + instance data. While socat is less secure than SSH, it is about as >>> secure as >>> + xm migrations, and occurs over the secondary network if present. As a >>> + consequence of this change, Xen instance migrations using xl cannot >>> occur >>> + between nodes running 2.14.0 and 2.14.1. >>> +- This release contains a fix for the problem that different encodings >>> in >>> + SSL certificates can break RPC communication (issue 1094). The fix >>> makes >>> + it necessary to rerun 'gnt-cluster renew-crypto >>> --new-node-certificates' >>> + after the cluster is fully upgraded to 2.14.1 >>> + >>> +Other Changes >>> +~~~~~~~~~~~~~ >>> + >>> +- The ``htools`` now properly work also on shared-storage clusters. >>> +- Instance moves now work properly also for the plain disk template. >>> +- Filter-evaluation for run-time data filter was fixed (issue 1100). >>> +- Various improvements to the documentation have been added. >>> + >>> + >>> +Version 2.14.0 >>> +-------------- >>> + >>> +*(Released Tue, 2 Jun 2015)* >>> + >>> +New features >>> +~~~~~~~~~~~~ >>> + >>> +- The build system now enforces external Haskell dependencies to lie in >>> + a supported range as declared by our new ganeti.cabal file. >>> +- Basic support for instance reservations has been added. Instance >>> addition >>> + supports a --forthcoming option telling Ganeti to only reserve the >>> resources >>> + but not create the actual instance. The instance can later be created >>> with >>> + by passing the --commit option to the instance addition command. >>> +- Node tags starting with htools:nlocation: now have a special meaning >>> to htools(1). >>> + They control between which nodes migration is possible, e.g., during >>> hypervisor >>> + upgrades. See hbal(1) for details. >>> +- The node-allocation lock as been removed for good, thus speeding up >>> parallel >>> + instance allocation and creation. >>> +- The external storage interface has been extended by optional ``open`` >>> + and ``close`` scripts. >>> + >>> +New dependencies >>> +~~~~~~~~~~~~~~~~ >>> + >>> +- Building the Haskell part of Ganeti now requires Cabal and >>> cabal-install. >>> + >>> +Known issues >>> +~~~~~~~~~~~~ >>> + >>> +- Under certain conditions instance doesn't get unpaused after live >>> + migration (issue #1050) >>> + >>> +Since 2.14.0 rc1 >>> +~~~~~~~~~~~~~~~~ >>> + >>> +- The call to the IAllocator in 'gnt-node evacuate' has been fixed. >>> +- In opportunistic locking, only ask for those node resource locks where >>> + the node lock is held. >>> +- Lock requests are repeatable now; this avoids failure of a job in a >>> + race condition with a signal sent to the job. >>> +- Various improvements to the QA. >>> + >>> + >>> +Version 2.14.0 rc2 >>> +------------------ >>> + >>> +*(Released Tue, 19 May 2015)* >>> + >>> +This was the second release candidate in the 2.14 series. All important >>> +changes are listed in the 2.14.0 entry. >>> + >>> +Since 2.14.0 rc1 >>> +~~~~~~~~~~~~~~~~ >>> + >>> +- private parameters are now properly exported to instance create >>> scripts >>> +- unnecessary config unlocks and upgrades have been removed, improving >>> + performance, in particular of cluster verification >>> +- some rarely occuring file-descriptor leaks have been fixed >>> +- The checks for orphan and lost volumes have been fixed to also work >>> + correctly when multiple volume groups are used. >>> + >>> + >>> +Version 2.14.0 rc1 >>> +------------------ >>> + >>> +*(Released Wed, 29 Apr 2015)* >>> + >>> +This was the first release candidate in the 2.14 series. All important >>> +changes are listed in the latest 2.14 entry. >>> + >>> +Since 2.14.0 beta2 >>> +~~~~~~~~~~~~~~~~~~ >>> + >>> +The following issue has been fixed: >>> + >>> +- A race condition where a badly timed kill of WConfD could lead to >>> + an incorrect configuration. >>> + >>> +Version 2.16.0 beta1 >>> +-------------------- >>> + >>> +*(Released Tue, 28 Jul 2015)* >>> + >>> +This was the first beta release of the 2.16 series. All important >>> changes >>> +are listed in the latest 2.16 entry. >> >> >> The order of Version entries here is odd. you have 2.15 stuff below >> 2.16.0 beta1, but also above? Please check how it should be from previous >> commit and ensure consistency! >> >> >>> Version 2.15.2 >>> -------------- >>> @@ -439,7 +883,6 @@ Version 2.14.0 beta1 >>> This was the first beta release of the 2.14 series. All important >>> changes >>> are listed in the latest 2.14 entry. >>> >>> - >>> >> >> Randomly removed line? >> >> >>> Version 2.13.3 >>> -------------- >>> >>> -- >>> 2.7.0.rc3.207.g0ac5344 >>> >>> >> Please run doclint on it, the formatting of the NEWS file is checked >> really thoroughly there! >> >> Cheers, >> Helga >> -- >> >> Helga Velroyen >> Software Engineer >> [email protected] <javascript:> >> >> Google Germany GmbH >> Erika-Mann-Strasse 33 >> 80636 München >> >> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle >> Registergericht und -nummer: Hamburg, HRB 86891 >> Sitz der Gesellschaft: Hamburg >> >> Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, >> leiten Sie diese bitte nicht weiter, informieren Sie den Absender und >> löschen Sie die E-Mail und alle Anhänge. Vielen Dank. >> >> This e-mail is confidential. If you are not the right addressee please do >> not forward it, please inform the sender, and please erase this e-mail >> including any attachments. Thanks. >> >> > Hrvoje Ribicic > Ganeti Engineering > Google Germany GmbH > Dienerstr. 12, 80331, München > > Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > > Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, > leiten Sie diese bitte nicht weiter, informieren Sie den Absender und > löschen Sie die E-Mail und alle Anhänge. Vielen Dank. > > This e-mail is confidential. If you are not the right addressee please do > not forward it, please inform the sender, and please erase this e-mail > including any attachments. Thanks. > >
