====
+Version 2.15.1
+--------------
+
+*(Released Mon, 7 Sep 2015)*
+
+New features
+~~~~~~~~~~~~
+
+- The ext template now allows userspace-only disks to be used
+
+Bugfixes
+~~~~~~~~
+
+- Fixed the silently broken 'gnt-instance replace-disks --ignore-ipolicy'
+ command.
+- User shutdown reporting can now be disabled on Xen using the
+ '--user-shutdown' flag.
+- Remove falsely reported communication NIC error messages on instance start.
+- Fix 'gnt-node migrate' behavior when no instances are present on a node.
+- Fix the multi-allocation functionality for non-DRBD instances.
+
+
+Version 2.15.0
+--------------
+
+*(Released Wed, 29 Jul 2015)*
+
+Incompatible/important changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- In order to improve allocation efficiency when using DRBD, the cluster
+ metric now takes the total reserved memory into account. A consequence
+ of this change is that the best possible cluster metric is no longer 0.
+ htools(1) interprets minimal cluster scores to be offsets of the theoretical
+ lower bound, so only users interpreting the cluster score directly should
+ be affected.
+- This release contains a fix for the problem that different encodings in
+ SSL certificates can break RPC communication (issue 1094). The fix makes
+ it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates'
+ after the cluster is fully upgraded to 2.14.1
+
+New features
+~~~~~~~~~~~~
+
+- On dedicated clusters, hail will now favour allocations filling up
+ nodes efficiently over balanced allocations.
+
+New dependencies
+~~~~~~~~~~~~~~~~
+
+- The indirect dependency on Haskell package 'case-insensitive' is now
+ explicit.
+
+
+Version 2.15.0 rc1
+------------------
+
+*(Released Wed, 17 Jun 2015)*
+
+This was the first release candidate in the 2.15 series. All important
+changes are listed in the latest 2.15 entry.
+
+Known issues:
+~~~~~~~~~~~~~
+
+- Issue 1094: differences in encodings in SSL certificates due to
+ different OpenSSL versions can result in rendering a cluster
+ uncommunicative after a master-failover.
+
+
+Version 2.15.0 beta1
+--------------------
+
+*(Released Thu, 30 Apr 2015)*
+
+This was the second beta release in the 2.15 series. All important changes
+are listed in the latest 2.15 entry.
+
+
+ Version 2.14.2
+ --------------
+
+ *(Released Tue, 15 Dec 2015)*
+
+ Important changes and security notes
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Security release.
+
+ CVE-2015-7944
+
+ Ganeti provides a RESTful control interface called the RAPI. Its HTTPS
+ implementation is vulnerable to DoS attacks via client-initiated SSL
+ parameter renegotiation. While the interface is not meant to be exposed
+ publicly, due to the fact that it binds to all interfaces, we believe
+ some users might be exposing it unintentionally and are vulnerable. A
+ DoS attack can consume resources meant for Ganeti daemons and instances
+ running on the master node, making both perform badly.
+
+ Fixes are not feasible due to the OpenSSL Python library not exposing
+ functionality needed to disable client-side renegotiation. Instead, we
+ offer instructions on how to control RAPI's exposure, along with info
+ on how RAPI can be setup alongside an HTTPS proxy in case users still
+ want or need to expose the RAPI interface. The instructions are
+ outlined in Ganeti's security document: doc/html/security.html
+
+ CVE-2015-7945
+
+ Ganeti leaks the DRBD secret through the RAPI interface. Examining job
+ results after an instance information job reveals the secret. With the
+ DRBD secret, access to the local cluster network, and ARP poisoning,
+ an attacker can impersonate a Ganeti node and clone the disks of a
+ DRBD-based instance. While an attacker with access to the cluster
+ network is already capable of accessing any data written as DRBD
+ traffic is unencrypted, having the secret expedites the process and
+ allows access to the entire disk.
+
+ Fixes contained in this release prevent the secret from being exposed
+ via the RAPI. The DRBD secret can be changed by converting an instance
+ to plain and back to DRBD, generating a new secret, but redundancy will
+ be lost until the process completes.
+ Since attackers with node access are capable of accessing some and
+ potentially all data even without the secret, we do not recommend that
+ the secret be changed for existing instances.
+
+ Minor changes
+ ~~~~~~~~~~~~~
+
+ - Allow disk attachment to diskless instances
+ - Calculate correct affected nodes set in InstanceChangeGroup
+ (Issue 1144)
+ - Do not retry all requests after connection timeouts to prevent
+ repeated job submission
+ - Fix reason trails of expanding opcodes
+ - Make lockConfig call retryable
+ - Extend timeout for gnt-cluster renew-crypto
+ - Return the correct error code in the post-upgrade script
+ - Make OpenSSL refrain from DH altogether
+ - Fix faulty iallocator type check
+ - Improve cfgupgrade output in case of errors
+ - Fix upgrades of instances with missing creation time
+ - Make htools tolerate missing "dtotal" and "dfree" on luxi
+ - Fix default for --default-iallocator-params
+ - Renew-crypto: stop daemons on master node first
+ - Don't warn about broken SSH setup of offline nodes (Issue 1131)
+ - At IAlloc backend guess state from admin state
+ - Set node tags in iallocator htools backend
+ - Only search for Python-2 interpreters
+ - Handle Xen 4.3 states better
+ - Improve xl socat migrations
+ - replace-disks: fix --ignore-ipolicy
+ - Fix disabling of user shutdown reporting
+ - Allow userspace-only disk templates
+ - Fix instance failover in case of DTS_EXT_MIRROR
+ - Fix operations on empty nodes by accepting allocation of 0 jobs
+ - Fix instance multi allocation for non-DRBD disks
+ - Redistribute master key on downgrade
+ - Allow more failover options when using the --no-disk-moves flag
+
+
Version 2.14.1
--------------
projects / ganeti-github.git / commitdiff