3.4. Red Hat OpenStack Platform 10 Maintenance Release 17 September 2018

With this enhancement, the OS::Aodh::EventAlarm Heat resource type is now included in RHEL-OSP 10. This enhancement provides a Heat interface to allow users to define alarms that can be evaluated based on events that other OpenStack services emit. For example; service update, create, or delete events.

With this update, bare metal node introspection reports both the /dev/XXX block device name and the /dev/disk/by-path/XXX name. Unlike the /dev/XXX name, the /dev/disk/by-path/XXX name does not change at system reboot and may be the same across similarly configured hardware. This update improves reliability of deployments by using /dev/disk/by-path/XXX information in the cloud configuration.

The hypervisor kernel thread can pre-empt Virtual CPUs (vCPUs) even with strong partitioning enabled (isolcpus, tuned). These pre-emptions are not frequent, but with 256 descriptors per virtio queue, even one single pre-emption of the vCPU can cause packet drop in network function virtualization (NFC) virtual machines that have a packet rate of 1 Mpps (1 million packets per second) or higher.

With this update, there are two new tunable options for configuring the RX queue size and TX queue size of virtio NICs and reducing packet drop:

- 'rx_queue_size'
- 'tx_queue_size'

Nova's libvirt driver now allows the specification of granular CPU feature flags when configuring CPU models.  

One benefit of this change is the alleviation of a performance degradation that has been experienced on guests running with certain Intel-based virtual CPU models after application of the "Meltdown" CVE fixes. This guest performance impact is reduced by exposing the CPU feature flag 'PCID' ("Process-Context ID") to the *guest* CPU, assuming that the PCID flag is available in the physical hardware itself.

For more details, refer to the  documentation of ``[libvirt]/cpu_model_extra_flags`` in ``nova.conf`` for usage details.

With this enhancement, the Nova libvirt driver now allows the specification of granular CPU feature flags when configuring CPU models.  

One benefit of this change is the alleviation of a performance degradation experienced on guests running with certain Intel-based virtual CPU models after application of the "Meltdown" CVE fixes. This guest performance impact is reduced by exposing the CPU feature flag 'PCID' ("Process-Context ID") to the *guest* CPU, assuming that the PCID flag is available in the physical hardware.

In this update, the restriction of using only the PCID flag is extended to expose multiple CPU feature flags.

For more details, refer to the  documentation of ``[libvirt]/cpu_model_extra_flags`` in ``nova.conf`` for usage details.

With this update, parallelization of the selinux permission change enables faster upgrade of Ceph OSD.

Previously, when an OpenStack service logs at DEBUG level, Oslo Messaging logs the message "Timed out waiting for RPC response" unnecessarily.

With this fix, Oslo Messaging no longer logs this message in instances when the timeout is recoverable.

With this update, the hugetlbfs gid value correlates to the kolla fixed gid value to allow easy migration to Red Hat OpenStack Platform 13, where libvirt runs in a kolla container.

With this update, the neutron OVS agent has a new configuration option `bridge_mac_table_size`. This value controls the maximum number of MAC addresses that can be learned on a bridge. The default value for this new option is 50,000, which should be enough for most systems. Values outside a reasonable range (10 to 1,000,000) might be overridden by Open vSwitch.

When using the linuxbridge ml2 driver, non-privileged tenants can create and attach ports without specifying an IP address, bypassing IP address validation. A potential Denial of Service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool.