winterhazel commented on code in PR #449: URL: https://github.com/apache/cloudstack-documentation/pull/449#discussion_r1815802873
########## source/releasenotes/about.rst: ########## @@ -17,128 +17,40 @@ What's New in |release| ======================= -Apache CloudStack |release| is a 4.19 LTS minor release with over 300 fixes -and improvements since the 4.19.0.0 release. Some of the highlights include: - -• Improvements for VMware migration to KVM -• Support to manage/unmanage DATA volume of a primary storage on KVM -• Support for NFS mount options for a primary storage on KVM -• Support to change storage pool scope from Cluster to Zone and vice versa -• Support for RHEL/OL/Rocky/Alma Linux in the same cluster -• Import from remote KVM enhancements -• Storage plugins, PowerFlex, StorPool, Linstor related fixes and improvements -• Some CKS, Veeam (B&R) related fixes and improvements -• Several UI fixes and improvements +Apache CloudStack |release| is the initial 4.20 LTS release. It has over 190 fixes +and features since the 4.19.1.0 release. The full list of fixes and improvements can be found in the project release notes at -https://docs.cloudstack.apache.org/en/4.19.1.0/releasenotes/changes.html +https://docs.cloudstack.apache.org/en/4.20.0.0/releasenotes/changes.html -What's in since 4.19.0.0 +What's in since 4.20.0.0 ======================== -Apache CloudStack 4.19.0.0 is the initial 4.19 LTS release with 300+ new -features, improvements and bug fixes since 4.18, including 26 major +Apache CloudStack 4.20.0.0 is the initial 4.20 LTS release with 190f+ new +features, improvements and bug fixes since 4.19, including 15 major new features. Some of the highlights include: -• CloudStack Object Storage Feature -• VMware to KVM Migration -• KVM Import -• CloudStack DRS -• OAuth2 Authentication -• VNF Appliances Support -• CloudStack DRS -• CloudStack Snapshot Copy -• Scheduled Instance Lifecycle Operations -• Guest OS Management -• Pure Flash Array and HPE-Primera Support -• User-specified source NAT -• Storage Browser -• Safe CloudStack Shutdown -• New CloudStack Dashboard -• Domain migration -• Flexible tags for hosts and storage pools -• Support for Userdata in Autoscale Groups -• KVM Host HA for StorPool storage -• Dynamic secondary storage selection -• Domain VPCs -• Global ACL for VPCs +• Webhooks +• Dynamic and Static Routing +• Ceph RGW Object Store Support +• NSX integration +• Shared Filesystem +• Multi-arch Zones + The full list of new features can be found in the project release notes at -https://docs.cloudstack.apache.org/en/4.19.0.0/releasenotes/changes.html +https://docs.cloudstack.apache.org/en/4.20.0.0/releasenotes/changes.html .. _guestosids -Possible Issue with volume snapshot revert with KVM -=================================================== - -Between versions 4.17.x, 4.18.0 and 4.18.1, KVM volume snapshot backups were -not full snapshots and they rely on the primary storage as a backing store. -To prevent any loss of data, care must be taken during revert operation and -it must be ensured that the source primary storage snapshot file is present -if the snapshot is created with any of these CloudStack versions. - -Users will have a backing store in their volume snapshots in the following cases: - -- the snapshots are from a ROOT volume created from template; - -Users will not have a backing store in their volume snapshots in the following cases: - -- the snapshots are from ROOT volumes created with ISO; -- the snapshots are from DATADISK volumes; - -Following there are two queries to help users identify snapshots with a backing store: - -Identify snapshots that were not removed yet and were created from a volume that was created from a template: - -.. parsed-literal:: - SELECT s.uuid AS "Snapshot ID", - s.name AS "Snapshot Name", - s.created AS "Snapshot creation datetime", - img_s.uuid AS "Sec Storage ID", - img_s.name AS "Sec Storage Name", - ssr.install_path AS "Snapshot path on Sec Storage", - v.uuid AS "Volume ID", - v.name AS "Volume Name" - FROM cloud.snapshots s - INNER JOIN cloud.volumes v ON (v.id = s.volume_id) - INNER JOIN cloud.snapshot_store_ref ssr ON (ssr.snapshot_id = s.id - AND ssr.store_role = 'Image') - INNER JOIN cloud.image_store img_s ON (img_s.id = ssr.store_id) - WHERE s.removed IS NULL - AND v.template_id IS NOT NULL; - -With that, one can use qemu-img info in the snapshot file to check if they have a backing store. - -For those snapshots that have a backing store, one can use the following query to check which template is it and in which storage pool it is: - -.. parsed-literal:: - SELECT vt.uuid AS "Template ID", - vt.name AS "Template Name", - tsr.install_path AS "Template file on Pri Storage", - sp.uuid AS "Pri Storage ID", - sp.name AS "Pri Storage Name", - sp.`path` AS "Pri Storage Path", - sp.pool_type as "Pri Storage type" - FROM cloud.template_spool_ref tsr - INNER JOIN cloud.storage_pool sp ON (sp.id = tsr.pool_id AND sp.removed IS NULL) - INNER JOIN cloud.vm_template vt ON (vt.id = tsr.template_id) - WHERE tsr.install_path = "<template file in the snapshot backing store>"; - -After identifying the snapshots with a backing store and the related templates, one can mount the secondary storage on a host that has access to the template and use qemu-img convert on the snapshot to consolidate it: - -.. parsed-literal:: - qemu-img convert -O qcow2 -U --image-opts driver=qcow2,file.filename=<path to snapshot on secondary storage> <path to snapshot on secondary storage>-converted - -Issue regarding LDAP authentication on version 4.19.0 -===================================================== - -In version 4.19.0, the encryption of scoped configurations of Accounts and Domains was changed to only encrypt if there were sensitive data (e.g, they belonged to the Hidden or Secure category) as all configurations for Accounts and Domains were encrypted in previous versions. However, when using the encrypted values from these scopes, ACS did not correctly decrypt these values. For this reason, a simple solution was to update these configurations to their plain values with manual DB intervention, as reported in issue `#8637`. +Log4j Upgrade +============= -This issue has been fixed in Apache CloudStack 4.19.1.0. However, for users that manually set the configurations ``ldap.bind.password`` and ``ldap.truststore.password`` to a plain value in order to fix the faulty behaviour, it is required to store them encrypted after upgrading to version 4.19.1 and onwards. It will not be possible to update the configuration via UI, as an exception will be thrown when ACS tries to decrypt the plain value. To fix this, it is required to set the password again for ACS to encrypt it. There are two options: +Up until 4.19.x.x, the logging library used for the project was Log4j 1.29. The 4.20.0.0 version has updated the library to Log4j2. The new Log4j2 configuration file format is not backwards compatible with the old one. The 4.20.0.0 packages will come with the default configuration files updated. Users that have made customizations to their files must update their configuration files to match with the new format, the `official log4j documentation` might help you migrate your custom configurations. -#. Manually set the configuration via CloudMonkey, for example ``update configuration domainid=<domain-uuid> name="ldap.bind.password" value="password"``; -#. Or, removing the defined configuration through the database via the query ``DELETE from cloud.domain_details WHERE name like "%ldap%password%"``, and setting the configuration via UI for the affected domains. +JRE Upgrade +============ -After updating these configurations, LDAP authentication should be working as expected. +Up until 4.19.x.x, the JRE used for ACS was JRE 11. In 4.20.0.0, the JRE was upgraded to JRE 17 as JRE 11 has reached EOL. This means that Centos7 (EL7) is no longer supported. -.. _`#8637`: https://github.com/apache/cloudstack/pull/8637 +.. _`#official documentation`: https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html Review Comment: ```suggestion .. _official Log4j documentation: https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html ``` ########## source/releasenotes/about.rst: ########## @@ -17,128 +17,40 @@ What's New in |release| ======================= -Apache CloudStack |release| is a 4.19 LTS minor release with over 300 fixes -and improvements since the 4.19.0.0 release. Some of the highlights include: - -• Improvements for VMware migration to KVM -• Support to manage/unmanage DATA volume of a primary storage on KVM -• Support for NFS mount options for a primary storage on KVM -• Support to change storage pool scope from Cluster to Zone and vice versa -• Support for RHEL/OL/Rocky/Alma Linux in the same cluster -• Import from remote KVM enhancements -• Storage plugins, PowerFlex, StorPool, Linstor related fixes and improvements -• Some CKS, Veeam (B&R) related fixes and improvements -• Several UI fixes and improvements +Apache CloudStack |release| is the initial 4.20 LTS release. It has over 190 fixes +and features since the 4.19.1.0 release. The full list of fixes and improvements can be found in the project release notes at -https://docs.cloudstack.apache.org/en/4.19.1.0/releasenotes/changes.html +https://docs.cloudstack.apache.org/en/4.20.0.0/releasenotes/changes.html -What's in since 4.19.0.0 +What's in since 4.20.0.0 ======================== -Apache CloudStack 4.19.0.0 is the initial 4.19 LTS release with 300+ new -features, improvements and bug fixes since 4.18, including 26 major +Apache CloudStack 4.20.0.0 is the initial 4.20 LTS release with 190f+ new +features, improvements and bug fixes since 4.19, including 15 major new features. Some of the highlights include: -• CloudStack Object Storage Feature -• VMware to KVM Migration -• KVM Import -• CloudStack DRS -• OAuth2 Authentication -• VNF Appliances Support -• CloudStack DRS -• CloudStack Snapshot Copy -• Scheduled Instance Lifecycle Operations -• Guest OS Management -• Pure Flash Array and HPE-Primera Support -• User-specified source NAT -• Storage Browser -• Safe CloudStack Shutdown -• New CloudStack Dashboard -• Domain migration -• Flexible tags for hosts and storage pools -• Support for Userdata in Autoscale Groups -• KVM Host HA for StorPool storage -• Dynamic secondary storage selection -• Domain VPCs -• Global ACL for VPCs +• Webhooks +• Dynamic and Static Routing +• Ceph RGW Object Store Support +• NSX integration +• Shared Filesystem +• Multi-arch Zones + The full list of new features can be found in the project release notes at -https://docs.cloudstack.apache.org/en/4.19.0.0/releasenotes/changes.html +https://docs.cloudstack.apache.org/en/4.20.0.0/releasenotes/changes.html .. _guestosids -Possible Issue with volume snapshot revert with KVM -=================================================== - -Between versions 4.17.x, 4.18.0 and 4.18.1, KVM volume snapshot backups were -not full snapshots and they rely on the primary storage as a backing store. -To prevent any loss of data, care must be taken during revert operation and -it must be ensured that the source primary storage snapshot file is present -if the snapshot is created with any of these CloudStack versions. - -Users will have a backing store in their volume snapshots in the following cases: - -- the snapshots are from a ROOT volume created from template; - -Users will not have a backing store in their volume snapshots in the following cases: - -- the snapshots are from ROOT volumes created with ISO; -- the snapshots are from DATADISK volumes; - -Following there are two queries to help users identify snapshots with a backing store: - -Identify snapshots that were not removed yet and were created from a volume that was created from a template: - -.. parsed-literal:: - SELECT s.uuid AS "Snapshot ID", - s.name AS "Snapshot Name", - s.created AS "Snapshot creation datetime", - img_s.uuid AS "Sec Storage ID", - img_s.name AS "Sec Storage Name", - ssr.install_path AS "Snapshot path on Sec Storage", - v.uuid AS "Volume ID", - v.name AS "Volume Name" - FROM cloud.snapshots s - INNER JOIN cloud.volumes v ON (v.id = s.volume_id) - INNER JOIN cloud.snapshot_store_ref ssr ON (ssr.snapshot_id = s.id - AND ssr.store_role = 'Image') - INNER JOIN cloud.image_store img_s ON (img_s.id = ssr.store_id) - WHERE s.removed IS NULL - AND v.template_id IS NOT NULL; - -With that, one can use qemu-img info in the snapshot file to check if they have a backing store. - -For those snapshots that have a backing store, one can use the following query to check which template is it and in which storage pool it is: - -.. parsed-literal:: - SELECT vt.uuid AS "Template ID", - vt.name AS "Template Name", - tsr.install_path AS "Template file on Pri Storage", - sp.uuid AS "Pri Storage ID", - sp.name AS "Pri Storage Name", - sp.`path` AS "Pri Storage Path", - sp.pool_type as "Pri Storage type" - FROM cloud.template_spool_ref tsr - INNER JOIN cloud.storage_pool sp ON (sp.id = tsr.pool_id AND sp.removed IS NULL) - INNER JOIN cloud.vm_template vt ON (vt.id = tsr.template_id) - WHERE tsr.install_path = "<template file in the snapshot backing store>"; - -After identifying the snapshots with a backing store and the related templates, one can mount the secondary storage on a host that has access to the template and use qemu-img convert on the snapshot to consolidate it: - -.. parsed-literal:: - qemu-img convert -O qcow2 -U --image-opts driver=qcow2,file.filename=<path to snapshot on secondary storage> <path to snapshot on secondary storage>-converted - -Issue regarding LDAP authentication on version 4.19.0 -===================================================== - -In version 4.19.0, the encryption of scoped configurations of Accounts and Domains was changed to only encrypt if there were sensitive data (e.g, they belonged to the Hidden or Secure category) as all configurations for Accounts and Domains were encrypted in previous versions. However, when using the encrypted values from these scopes, ACS did not correctly decrypt these values. For this reason, a simple solution was to update these configurations to their plain values with manual DB intervention, as reported in issue `#8637`. +Log4j Upgrade +============= -This issue has been fixed in Apache CloudStack 4.19.1.0. However, for users that manually set the configurations ``ldap.bind.password`` and ``ldap.truststore.password`` to a plain value in order to fix the faulty behaviour, it is required to store them encrypted after upgrading to version 4.19.1 and onwards. It will not be possible to update the configuration via UI, as an exception will be thrown when ACS tries to decrypt the plain value. To fix this, it is required to set the password again for ACS to encrypt it. There are two options: +Up until 4.19.x.x, the logging library used for the project was Log4j 1.29. The 4.20.0.0 version has updated the library to Log4j2. The new Log4j2 configuration file format is not backwards compatible with the old one. The 4.20.0.0 packages will come with the default configuration files updated. Users that have made customizations to their files must update their configuration files to match with the new format, the `official log4j documentation` might help you migrate your custom configurations. Review Comment: ```suggestion Up until 4.19.x.x, the logging library used for the project was Log4j 1.29. The 4.20.0.0 version has updated the library to Log4j2. The new Log4j2 configuration file format is not backwards compatible with the old one. The 4.20.0.0 packages will come with the default configuration files updated. Users that have made customizations to their files must update their configuration files to match with the new format, the `official Log4j documentation`_ might help you migrate your custom configurations. ``` The link is not working -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
