diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 4397883f30..4fc99ea922 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -3823,7 +3823,7 @@ Topics: Distros: openshift-enterprise Topics: - Name: OpenShift Virtualization release notes - File: virt-4-14-release-notes + File: virt-4-15-release-notes - Name: Getting started Dir: getting_started Topics: diff --git a/virt/about_virt/about-virt.adoc b/virt/about_virt/about-virt.adoc index 75dbd4f710..086ddc63c5 100644 --- a/virt/about_virt/about-virt.adoc +++ b/virt/about_virt/about-virt.adoc @@ -7,17 +7,17 @@ include::_attributes/common-attributes.adoc[] toc::[] //To prepare to release asynchronously, uncomment the text below and (if necessary) update the version numbers. Then, comment out the rest of the module. -Documentation for {VirtProductName} will be available for {product-title} {product-version} in the near future. +//Documentation for {VirtProductName} will be available for {product-title} {product-version} in the near future. -ifdef::openshift-origin[] -In the meantime, the link:https://docs.okd.io/4.13/virt/about-virt.html[{VirtProductName} 4.13 documentation] is available as part of the {product-title} 4.13 documentation. -endif::[] +//ifdef::openshift-origin[] +//In the meantime, the link:https://docs.okd.io/4.13/virt/about-virt.html[{VirtProductName} 4.13 documentation] is available as part of the {product-title} 4.13 documentation. +//endif::[] + +//ifdef::openshift-enterprise[] +//In the meantime, the link:https://docs.openshift.com/container-platform/4.13/virt/about-virt.html[{VirtProductName} 4.13 documentation] is available as part of the {product-title} 4.13 documentation. +//endif::[] -ifdef::openshift-enterprise[] -In the meantime, the link:https://docs.openshift.com/container-platform/4.13/virt/about-virt.html[{VirtProductName} 4.13 documentation] is available as part of the {product-title} 4.13 documentation. -endif::[] -//// Learn about {VirtProductName}'s capabilities and support scope. @@ -48,4 +48,3 @@ include::modules/virt-sno-differences.adoc[leveloffset=+1] * xref:../../virt/nodes/virt-node-maintenance.adoc#eviction-strategies[Eviction strategies] * link:https://access.redhat.com/articles/6994974[Tuning & Scaling Guide] -//// \ No newline at end of file diff --git a/virt/release_notes/virt-4-14-release-notes.adoc b/virt/release_notes/virt-4-14-release-notes.adoc deleted file mode 100644 index 37d835fa68..0000000000 --- a/virt/release_notes/virt-4-14-release-notes.adoc +++ /dev/null @@ -1,287 +0,0 @@ -:_mod-docs-content-type: ASSEMBLY -[id="virt-4-14-release-notes"] -= {VirtProductName} release notes -include::_attributes/common-attributes.adoc[] -:context: virt-4-14-release-notes - -toc::[] - -[id="virt-4-14-inclusive-language"] -== Making open source more inclusive - -Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see link:https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language[our CTO Chris Wright's message]. - - -== About Red Hat {VirtProductName} - -Red Hat {VirtProductName} enables you to bring traditional virtual machines (VMs) into {product-title} where they run alongside containers, and are managed as native Kubernetes objects. - -{VirtProductName} is represented by the image:virt-icon.png[{VirtProductName},40,40] icon. - -You can use {VirtProductName} with either the xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes] or the xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[OpenShiftSDN] default Container Network Interface (CNI) network provider. - -Learn more about xref:../../virt/about_virt/about-virt.adoc#about-virt[what you can do with {VirtProductName}]. - -Learn more about xref:../../virt/about_virt/virt-architecture.adoc#virt-architecture[{VirtProductName} architecture and deployments]. - -xref:../../virt/install/preparing-cluster-for-virt.adoc#preparing-cluster-for-virt[Prepare your cluster] for {VirtProductName}. - -include::modules/virt-supported-cluster-version.adoc[leveloffset=+2] - - -[id="virt-guest-os"] -=== Supported guest operating systems -//CNV-16390 Supported guest operating systems -To view the supported guest operating systems for {VirtProductName}, see link:https://access.redhat.com/articles/973163#ocpvirt[Certified Guest Operating Systems in Red Hat OpenStack Platform, Red Hat Virtualization, OpenShift Virtualization and Red Hat Enterprise Linux with KVM]. - - -[id="virt-4-14-new"] -== New and changed features - -//CNV-28173 SVVP 4.14 Release Note: NEW -//Remove CNV-21735 when text for this version is set. - -//CNV-21735 SVVP for 4.13: Ensure platform passes Windows Server Virtualization Validation Program - with RHCOS workers -//NOTE: This is a recurring release note. Modify the existing note text below if recommended by QE. -* {VirtProductName} is certified in Microsoft's Windows Server Virtualization Validation Program (SVVP) to run Windows Server workloads. -+ -The SVVP Certification applies to: -+ -** Red Hat Enterprise Linux CoreOS workers. In the Microsoft SVVP Catalog, they are named __Red Hat OpenShift Container Platform 4 on RHEL CoreOS 9__. -** Intel and AMD CPUs. - -//CNV-16553 Release notes: NEW (VM Backup and Restore with OADP (GA) -* As a cluster administrator, you can back up and restore applications running on {VirtProductName} by using the xref:../../virt/backup_restore/virt-backup-restore-overview.adoc#virt-backup-restore-overview[OpenShift API for Data Protection (OADP)]. - -//CNV-29935 -* You can add a static xref:../../virt/virtual_machines/virt-accessing-vm-ssh#static-key-management-vm[authorized SSH key] to a project by using the web console. The key is then added to all VMs that you create in the project. - -//CNV-19436 Release note: NEW Retrieve a temporary token to access the VNC endpoint of a VM - -//CNV-20240 Release notes: CHANGE -* {VirtProductName} now supports persisting the virtual Trusted Platform Module (vTPM) device state by using Persistent Volume Claims (PVCs) for VMs. You must xref:../../virt/virtual_machines/virt-using-vtpm-devices.adoc#virt-about-vtpm-devices_virt-using-vtpm-devices[specify the storage class] to be used by the PVC by setting the `vmStateStorageClass` attribute in the `HyperConverged` custom resource (CR). - -//CNV-20458 Release notes: NEW - -//CNV-25428 -* You can enable xref:../../virt/virtual_machines/virt-accessing-vm-ssh#adding-dynamic-key-vm[dynamic SSH key injection] for {op-system-base} 9 VMs. Then, you can update the authorized SSH keys at runtime. - -//CNV-28096 Release note: NEW feature -- clone from cached snapshot -* You can now enable volume snapshots as boot sources. - -//CNV-28726 Release note: New -* By default, Windows 11 and Windows Server 2022 virtual machines (VMs) have a non-persistent trusted platform module (TPM) device state, which is required to enable the VM snapshot feature. A non-persistent TPM will, however, render the VM incompatible with software that relies on TPM persistence, such as BitLocker. - -//CNV-28731 Release note: NEW - -//CNV-28732 Release note: NEW - -//CNV-28729 Release note: New -* You can use a xref:../../virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc#virt-vm-custom-scheduler_virt-schedule-vms[custom scheduler] to schedule a virtual machine (VM) on a node. - -//CNV-30838 Release note: datavolume garbage collection no longer default -* Garbage collection for data volumes is disabled by default. - -//CNV-28733 Release note: NEW - -//CNV-29935 -* You can add a static xref:../../virt/virtual_machines/virt-accessing-vm-ssh#static-key-management-vm[authorized SSH key] to a project by using the web console. The key is then added to all VMs that you create in the project. - -//CNV-29942 Release note: NEW - -// CNV-30800 Release note: CHANGE -* The following runbooks have been changed: -** xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-SingleStackIPv6Unsupported[`SingleStackIPv6Unsupported`] and xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-VirtualMachineCRCErrors[`VirtualMachineCRCErrors`] have been added. -** `KubeMacPoolDown` has been renamed xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-KubemacpoolDown[`KubemacpoolDown`]. -** `KubevirtHyperconvergedClusterOperatorInstallationNotCompletedAlert` has been renamed xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-HCOInstallationIncomplete[`HCOInstallationIncomplete`]. -** `KubevirtHyperconvergedClusterOperatorCRModification` has been renamed xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-KubeVirtCRModified[`KubeVirtCRModified`]. -** `KubevirtHyperconvergedClusterOperatorUSModification` has been renamed xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-UnsupportedHCOModification[`UnsupportedHCOModification`]. -** `SSPOperatorDown` has been renamed xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbook-SSPDown[`SSPDown`]. - -[id="virt-4-14-quick-starts"] -=== Quick starts - -* Quick start tours are available for several {VirtProductName} features. To view the tours, click the *Help* icon *?* in the menu bar on the header of the {VirtProductName} console and then select *Quick Starts*. You can filter the available tours by entering the `virtualization` keyword in the *Filter* field. - - -//[id="virt-4-14-installation-new"] -//=== Installation - - -[id="virt-4-14-networking-new"] -=== Networking -//CNV-18090 OVN-Kubernetes secondary network -* You can connect a virtual machine (VM) to an xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#virt-connecting-vm-to-ovn-secondary-network[OVN-Kubernetes secondary network] by using the web console or the CLI. - -//[id="virt-4-14-storage-new"] -//=== Storage - - -[id="virt-4-14-web-new"] -=== Web console - -* Cluster administrators can now enable automatic subscription for {op-system-base-full} virtual machines in the {VirtProductName} xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[web console]. - -//CNV-18298 force stop -* You can now force stop an unresponsive VM from the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-page_virt-web-console-overview[action menu]. To force stop a VM, select *Stop* and then *Force stop* from the action menu. - -// CNV-28720 -// pending merge of bootable volumes PR -* The *DataSources* and the *Bootable volumes* pages have been merged into the xref:../../virt/getting_started/virt-web-console-overview.adoc#bootablevolumes-page_virt-web-console-overview[*Bootable volumes* page] so that you can manage these similar resources in a single location. - -// CNV-29848: Release: Mechanism to manage DP/TP features in the UI -* Cluster administrators can enable or disable link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] features on the xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings_virt-web-console-overview[*Settings*] tab on the *Virtualization* -> *Overview* page. - - -//CNV-19436 Release note: NEW Retrieve a temporary token to access the VNC endpoint of a VM -* You can now generate a temporary token to access the VNC of a VM. - -//NOTE: Comment out deprecated and removed features (and their IDs) if not used in a release -[id="virt-4-14-deprecated-removed"] -== Deprecated and removed features - - -[id="virt-4-14-deprecated"] -=== Deprecated features -// NOTE: when uncommenting deprecated features list, change the Removed features header level below to === - -Deprecated features are included in the current release and supported. However, they will be removed in a future release and are not recommended for new deployments. - -//CNV-26426 [DOCS] Release note: Deprecate TTO -* The `tekton-tasks-operator` is deprecated and Tekton tasks and example pipelines are now deployed by the `ssp-operator`. - -//CNV-26316: Release note: Align tekton tasks with instancestypes -* The `copy-template`, `modify-vm-template`, and `create-vm-from-template` tasks are deprecated. - -//CNV-29048 Release note: DEPRECATED FEATURE (Metrics backlog 4.14) - -//CNV-32032 Release note: DEPRECATED FEATURE (Windows 2012R2 templates deprecated) -* Support for Windows Server 2012 R2 templates is deprecated. - - -[id="virt-4-14-removed"] -=== Removed features - -Removed features are not supported in the current release. - -//CNV-23499: Carry over/repeat removed feature from version 4.12 and 4.13 -* Support for the legacy HPP custom resource, and the associated storage class, has been removed for all new deployments. In {VirtProductName} {VirtVersion}, the HPP Operator uses the Kubernetes Container Storage Interface (CSI) driver to configure local storage. A legacy HPP custom resource is supported only if it had been installed on a previous version of {VirtProductName}. - -//NOTE: RNs related to 4.14 Removed features begin here. - -//CNV-27160 Release note: REMOVED RHEL 7/virtctl RPMs -* Installing the `virtctl` client as an RPM is no longer supported for {op-system-base-full} 7 and {op-system-base} 9. - -//[id="virt-4-14-changes"] -//== Notable technical changes - -[id="virt-4-14-technology-preview"] -== Technology Preview features - -Some features in this release are currently in Technology Preview. These experimental features are not intended for production use. Note the following scope of support on the Red Hat Customer Portal for these features: - -link:https://access.redhat.com/support/offerings/techpreview[Technology Preview Features Support Scope] - -//CNV-27107 -* You can now install and edit xref:../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-instance-types.adoc#virt-creating-vm-instancetype_virt-creating-vms-from-instance-types[customized instance types] and preferences to create a VM from a volume or PersistentVolumeClaim (PVC). - -//CNV-20965 Release note: PREVIEW Default creation and deployment of common set of instancetypes and preferences that eventually replace common templates -//NOTE: This is a TP item for virt-4.14 - -//CNV-21991 Release notes: PREVIEW (CNV hypershift) -//NOTE: Targeted for 4.13.1 per Avital and Pan - -//CNV-28723 Release note: PREVIEW - -//CNV-28944 Release note: Preview Cluster level eviction strategy change - -//CNV-29940 Release note: Preview UI Bridged network interface hot-plug for VMs -* You can xref:../../virt/vm_networking/virt-hot-plugging-network-interfaces.adoc#virt-hot-plugging-network-interfaces[hot plug a bridge network interface] to a running virtual machine (VM). Hot plugging and hot unplugging is supported only for VMs created with {VirtProductName} 4.14 or later. - -[id="virt-4-14-bug-fix"] -== Bug fixes - -//CNV-20106 BZ 2092412 -* Virtual machines created from common templates on a Single Node OpenShift (SNO) cluster no longer display a `VMCannotBeEvicted` alert when the template’s default eviction strategy is LiveMigrate. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2092412[*BZ#2092412*]) - -//CNV-18526 BZ 2089301 -* Windows 11 virtual machines now boot on clusters running in link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#con_federal-information-processing-standard-fips_assembly_installing-the-system-in-fips-mode[FIPS mode]. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2089301[*BZ#2089301*]) - -//BZ 2151169 -* In a heterogeneous cluster with different compute nodes, virtual machines that have HyperV Reenlightenment enabled can be scheduled on nodes that do not support timestamp-counter scaling (TSC) or have the appropriate TSC frequency. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2151169[*BZ#2151169*]) - -* When you use two pods with different SELinux contexts, VMs with the `ocs-storagecluster-cephfs` storage class no longer fail to migrate. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2092271[*BZ#2092271*]) - -//OCPBUGS-8398 -* If you stop a node on a cluster and then use the Node Health Check Operator to bring the node back up, connectivity to Multus is retained. (link:https://issues.redhat.com/browse/OCPBUGS-8398[*OCPBUGS-8398*]) - -* When restoring a VM snapshot for storage whose binding mode is `WaitForFirstConsumer`, the restored PVCs no longer remain in the `Pending` state and the restore operation proceeds. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2149654[*BZ#2149654*]) - -[id="virt-4-14-known-issues"] -== Known issues - -//CNV-24889 (Avital mentions possible RN in CNV-32472) - -//Known issues from 4.13 (and several carried over from 4.12) begin here.Leave in all for now; will be re-reviewed for 4.14. - -//BZ-1885605 -//4.13 Leave in per Petr; not sure about 4.14 -* If your {product-title} cluster uses OVN-Kubernetes as the default Container Network Interface (CNI) provider, you cannot attach a Linux bridge or bonding device to a host's default interface because of a change in the host network topology of OVN-Kubernetes. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1885605[*BZ#1885605*]) -** As a workaround, you can use a secondary network interface connected to your host, or switch to the OpenShift SDN default CNI provider. - -//4.14 Leave in per Adam -* In some instances, multiple virtual machines can mount the same PVC in read-write mode, which might result in data corruption. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1992753[*BZ#1992753*]) -** As a workaround, avoid using a single PVC in read-write mode with multiple VMs. - -//CNV-33789: Cannot SSH into VM over NodePort and Console's FQDN when using OVNKubernetes networking -* You cannot SSH into a VM when using the `networkType: OVNKubernetes` option in your `install-config.yaml` file. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2165895[*BZ#2165895*]) - -//4.14 Leave in per Stu (fix deferring to 4.15) -* The Pod Disruption Budget (PDB) prevents pod disruptions for migratable virtual machine images. If the PDB detects pod disruption, then `openshift-monitoring` sends a `PodDisruptionBudgetAtLimit` alert every 60 minutes for virtual machine images that use the `LiveMigrate` eviction strategy. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2026733[*BZ#2026733*]) -** As a workaround, xref:../../monitoring/managing-alerts.adoc#silencing-alerts_managing-alerts[silence alerts]. - -//4.14 Leave in per Stu -* {VirtProductName} links a service account token in use by a pod to that specific pod. {VirtProductName} implements a service account volume by creating a disk image that contains a token. If you migrate a VM, then the service account volume becomes invalid. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2037611[*BZ#2037611*]) -** As a workaround, use user accounts rather than service accounts because user account tokens are not bound to a specific pod. - -//4.14 Leave in per Adam -* If you clone more than 100 VMs using the `csi-clone` cloning strategy, then the Ceph CSI might not purge the clones. Manually deleting the clones might also fail. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2055595[*BZ#2055595*]) -** As a workaround, you can restart the `ceph-mgr` to purge the VM clones. - -// 4.13 CNV-31344 FIPS and TLS; not sure about 4.14 -* With the release of the link:https://access.redhat.com/errata/RHSA-2023:3722[RHSA-2023:3722] advisory, the TLS `Extended Master Secret` (EMS) extension (link:https://datatracker.ietf.org/doc/html/rfc7627[RFC 7627]) is mandatory for TLS 1.2 connections on FIPS-enabled RHEL 9 systems. This is in accordance with FIPS-140-3 requirements. TLS 1.3 is not affected. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2157951[*BZ#2157951*]) -+ -Legacy OpenSSL clients that do not support EMS or TLS 1.3 now cannot connect to FIPS servers running on RHEL 9. Similarly, RHEL 9 clients in FIPS mode cannot connect to servers that only support TLS 1.2 without EMS. This in practice means that these clients cannot connect to servers on RHEL 6, RHEL 7 and non-RHEL legacy operating systems. This is because the legacy 1.0.x versions of OpenSSL do not support EMS or TLS 1.3. For more information, see link:https://access.redhat.com/solutions/7018256[TLS Extension "Extended Master Secret" enforced with Red Hat Enterprise Linux 9.2]. -+ -As a workaround, upgrade legacy OpenSSL clients to a version that supports TLS 1.3 and configure {VirtProductName} to use TLS 1.3, with the `Modern` TLS security profile type, for FIPS mode. - -// 4.13; not sure about 4.14 -* The `TopoLVM` provisioner name string has changed in {VirtProductName} 4.12. As a result, the automatic import of operating system images might fail with the following error message (link:https://bugzilla.redhat.com/show_bug.cgi?id=2158521[*BZ#2158521*]): -+ -[source,terminal] ----- -DataVolume.storage spec is missing accessMode and volumeMode, cannot get access mode from StorageProfile. ----- -** As a workaround: -. Update the `claimPropertySets` array of the storage profile: -+ -[source,terminal] ----- -$ oc patch storageprofile --type=merge -p '{"spec": {"claimPropertySets": [{"accessModes": ["ReadWriteOnce"], "volumeMode": "Block"}, \ - {"accessModes": ["ReadWriteOnce"], "volumeMode": "Filesystem"}]}}' ----- -. Delete the affected data volumes in the `openshift-virtualization-os-images` namespace. They are recreated with the access mode and volume mode from the updated storage profile. - -//4.14 leave in per Dan K -* You cannot run {VirtProductName} on a single-stack IPv6 cluster. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2193267[*BZ#2193267*]) - -//4.13 Leave in per Simone; not sure about 4.14 -* Uninstalling {VirtProductName} does not remove the `feature.node.kubevirt.io` node labels created by {VirtProductName}. You must remove the labels manually. (link:https://issues.redhat.com/browse/CNV-22036[*CNV-22036*]) - -//4.14 to be added by Pan -//CNV-34198 (BZ 2237287) - - - - - diff --git a/virt/release_notes/virt-4-15-release-notes.adoc b/virt/release_notes/virt-4-15-release-notes.adoc new file mode 100644 index 0000000000..0724993070 --- /dev/null +++ b/virt/release_notes/virt-4-15-release-notes.adoc @@ -0,0 +1,259 @@ +:_mod-docs-content-type: ASSEMBLY +[id="virt-4-15-release-notes"] += {VirtProductName} release notes +include::_attributes/common-attributes.adoc[] +:context: virt-4-15-release-notes + +toc::[] + +include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1] + +[id="virt-doc-feedback"] +== Providing documentation feedback + +To report an error or to improve our documentation, log in to your link:https://issues.redhat.com[Red Hat Jira account] and submit a link:https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12323181&issuetype=1&components=12333768&priority=10200&summary=%5BDoc%5D&customfield_12316142[Jira issue]. + +[id="virt-about-virt"] +== About Red Hat {VirtProductName} + +With Red Hat {VirtProductName}, you can bring traditional virtual machines (VMs) into {product-title} and run them alongside containers. In {VirtProductName}, VMs are native Kubernetes objects that you can manage by using the {product-title} web console or the command line. + +{VirtProductName} is represented by the image:virt-icon.png[{VirtProductName},40,40] icon. + +You can use {VirtProductName} with either the xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes] or the xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[OpenShiftSDN] default Container Network Interface (CNI) network provider. + +Learn more about xref:../../virt/about_virt/about-virt.adoc#about-virt[what you can do with {VirtProductName}]. + +Learn more about xref:../../virt/about_virt/virt-architecture.adoc#virt-architecture[{VirtProductName} architecture and deployments]. + +xref:../../virt/install/preparing-cluster-for-virt.adoc#preparing-cluster-for-virt[Prepare your cluster] for {VirtProductName}. + +include::modules/virt-supported-cluster-version.adoc[leveloffset=+2] + + +[id="virt-guest-os"] +=== Supported guest operating systems +To view the supported guest operating systems for {VirtProductName}, see link:https://access.redhat.com/articles/973163#ocpvirt[Certified Guest Operating Systems in Red Hat OpenStack Platform, Red Hat Virtualization, OpenShift Virtualization and Red Hat Enterprise Linux with KVM]. + +//Ensure platform passes Windows Server Virtualization Validation Program. Otherwise, comment out the section below. +[id="virt-svvp-certification"] +=== Microsoft Windows SVVP certification + +//CNV-31842 SVVP 4.15 Release Note: NEW +//NOTE: This is a recurring release note. Modify the existing note text below if recommended by QE. +{VirtProductName} is certified in Microsoft's Windows Server Virtualization Validation Program (SVVP) to run Windows Server workloads. + +The SVVP certification applies to: + +* Red Hat Enterprise Linux CoreOS workers. In the Microsoft SVVP Catalog, they are named __Red Hat OpenShift Container Platform 4 on RHEL CoreOS 9__. +* Intel and AMD CPUs. + +[id="virt-quick-starts"] +== Quick starts + +Quick start tours are available for several {VirtProductName} features. To view the tours, click the *Help* icon *?* in the menu bar on the header of the {product-title} web console and then select *Quick Starts*. You can filter the available tours by entering the keyword `virtualization` in the *Filter* field. + + +[id="virt-4-15-new"] +== New and changed features + +This release adds new features and enhancements related to the following components and concepts: + +[id="virt-4-15-installation-update"] +=== Installation and update + +//CNV-34757: Guest OS console logs are collected by default + +//CNV-34680: Metrics update. This is probably related to the note in the Deprecated features section. + +[id="virt-4-15-infrastructure"] +=== Infrastructure + +//CNV-29987: Move instancetype API from v1alpha2 to v1beta1. As of 01/03/2024, this is an In Progress TP RN for 4.14 (CNV-21920). + +//CNV-31433: virtio-serial channel for SAP + +[id="virt-4-15-virtualization"] +=== Virtualization + +//CNV-29983: Free page reporting + +//CNV-28880: KSM configuration + +[id="virt-4-15-networking"] +=== Networking + +//CNV-30170: NetworkPolicies filtering using IP blocks with OVN-Kubernetes + +//CNV-30164: NIC hot plug feature is now GA. This was TP for 4.14. Moved the release note from the TP section to here. +* You can xref:../../virt/vm_networking/virt-hot-plugging-network-interfaces.adoc#virt-hot-plugging-network-interfaces[hot plug a bridge network interface] to a running virtual machine (VM). Hot plugging and hot unplugging is supported only for VMs created with {VirtProductName} 4.14 or later. + +//CNV-30167: SR-IOV NIC hot plug + +//CNV-13680: Connecting OVN-Kubernetes to underlying physical networks. Remove known issue BZ-1885605 after adding this note. + +//CNV-30296: Running DPDK workloads on SR-IOV is now GA. The TP note from 4.13 should have been part of 4.14 as well. + + +[id="virt-4-15-storage"] +=== Storage + +//CNV-35029: PVC annotation to explain host-assisted cloning + +[id="virt-4-15-web"] +=== Web console + +//CNV-33122: Virtualization page updates for 4.15 + +//CNV-36165: VM disks with persistent reservation + +//CNV-36162: Search option in VM configuration tab + +//CNV-36159: New configuration option "SSH over NodePort service" + +//CNV-36603: Mark bootable volumes as favorite + +//CNV-36464: Run a test that shows that the SR-IOV settings are correct + +//CNV-34697: Instance types is now GA. Move the 4.14 RN from the TP section to here. + +//CNV-33131: Set KSM from the UI + +//CNV-33127: SR-IOV NIC hot plug from the UI + +//NOTE: Comment out deprecated and removed features (and their IDs) if not used in a release +[id="virt-4-15-deprecated-removed"] +== Deprecated and removed features + + +[id="virt-4-15-deprecated"] +=== Deprecated features +// NOTE: when uncommenting deprecated features list, change the Removed features header level below to === + +Deprecated features are included in the current release and supported. However, they will be removed in a future release and are not recommended for new deployments. + +//CNV-26426 [DOCS] Release note: Deprecate TTO +* The `tekton-tasks-operator` is deprecated and Tekton tasks and example pipelines are now deployed by the `ssp-operator`. + +//CNV-26316: Release note: Align tekton tasks with instancestypes +* The `copy-template`, `modify-vm-template`, and `create-vm-from-template` tasks are deprecated. + +//CNV-29048 Release note: Metrics name changes +* Many OpenShift Virtualization metrics have changed or will change in a future version. These changes could affect your custom dashboards. See link:https://access.redhat.com/articles/7028805[OpenShift Virtualization 4.14 metric changes] for details. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2179660[*BZ#2179660*]) + +//CNV-32032 Release note: DEPRECATED FEATURE (Windows 2012R2 templates deprecated) +* Support for Windows Server 2012 R2 templates is deprecated. + + +[id="virt-4-15-removed"] +=== Removed features + +Removed features are not supported in the current release. + +//CNV-23499: Carry over/repeat removed feature from version 4.12 and 4.13 +//Check if this is still needed for 4.15 +* Support for the legacy HPP custom resource, and the associated storage class, has been removed for all new deployments. In {VirtProductName} {VirtVersion}, the HPP Operator uses the Kubernetes Container Storage Interface (CSI) driver to configure local storage. A legacy HPP custom resource is supported only if it had been installed on a previous version of {VirtProductName}. + + +[id="virt-4-15-technology-preview"] +== Technology Preview features + +Some features in this release are currently in Technology Preview. These experimental features are not intended for production use. Note the following scope of support on the Red Hat Customer Portal for these features: + +link:https://access.redhat.com/support/offerings/techpreview[Technology Preview Features Support Scope] + +//CNV-27107 and CNV-28723 +* You can now install and edit xref:../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-instance-types.adoc#virt-creating-vm-instancetype_virt-creating-vms-from-instance-types[customized instance types] and preferences to create a VM from a volume or PersistentVolumeClaim (PVC). + +//CNV-28944 Release note: Preview Cluster level eviction strategy change +* You can now configure a xref:../../virt/nodes/virt-node-maintenance.adoc#eviction-strategies[VM eviction strategy] for the xref:../../virt/nodes/virt-node-maintenance.adoc#virt-configuring-cluster-eviction-strategy-cli_virt-node-maintenance[entire cluster]. + +//CNV-15028: Nested virt in virt hosts. This feature will remain in tech preview indefinitely. + +//CNV-29768: Memory hot plug + +//CNV-29882: CPU hot plug + +//CNV-33125: Add CPU limits to the UI + + +[id="virt-4-15-bug-fixes"] +== Bug fixes + + +[id="virt-4-15-known-issues"] +== Known issues + +[discrete] +[id="virt-4-15-ki-monitoring"] +==== Monitoring +//4.14 Leave in per Stu (fix deferring to 4.15) +* The Pod Disruption Budget (PDB) prevents pod disruptions for migratable virtual machine images. If the PDB detects pod disruption, then `openshift-monitoring` sends a `PodDisruptionBudgetAtLimit` alert every 60 minutes for virtual machine images that use the `LiveMigrate` eviction strategy. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2026733[*BZ#2026733*]) +** As a workaround, xref:../../monitoring/managing-alerts.adoc#silencing-alerts_managing-alerts[silence alerts]. + +[discrete] +[id="virt-4-15-ki-networking"] +==== Networking +//CNV-10590 - This issue can be removed for 4.15 when CNV-13680 RN is added. +//BZ-1885605 +//4.14 leave in per Miguel Duarte de Mora Barroso +* If your {product-title} cluster uses OVN-Kubernetes as the default Container Network Interface (CNI) provider, you cannot attach a Linux bridge or bonding device to a host's default interface because of a change in the host network topology of OVN-Kubernetes. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1885605[*BZ#1885605*]) +** As a workaround, you can use a secondary network interface connected to your host, or switch to the OpenShift SDN default CNI provider. + +//CNV-33789: Cannot SSH into VM over NodePort and Console's FQDN when using OVNKubernetes networking +* You cannot SSH into a VM when using the `networkType: OVNKubernetes` option in your `install-config.yaml` file. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2165895[*BZ#2165895*]) + +//4.14 leave in per Dan K +* You cannot run {VirtProductName} on a single-stack IPv6 cluster. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2193267[*BZ#2193267*]) + +[discrete] +[id="virt-4-15-ki-nodes"] +==== Nodes +//4.14 Leave in per Simone +* Uninstalling {VirtProductName} does not remove the `feature.node.kubevirt.io` node labels created by {VirtProductName}. You must remove the labels manually. +//(link:https://issues.redhat.com/browse/CNV-22036[*CNV-22036*]) +//Commenting out the above link. The doc bug has a security level "Red Hat Employee". This is causing Travis build failure in the RN PR. + +[discrete] +[id="virt-4-15-ki-storage"] +==== Storage +//4.14 Leave in per Adam +* In some instances, multiple virtual machines can mount the same PVC in read-write mode, which might result in data corruption. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1992753[*BZ#1992753*]) +** As a workaround, avoid using a single PVC in read-write mode with multiple VMs. + +//4.14 Leave in per Adam and Stu; will be doc'd in 4.15 +* If you clone more than 100 VMs using the `csi-clone` cloning strategy, then the Ceph CSI might not purge the clones. Manually deleting the clones might also fail. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2055595[*BZ#2055595*]) +** As a workaround, you can restart the `ceph-mgr` to purge the VM clones. + +//CNV-34198 (BZ 2237287) +* If you use Portworx as your storage solution on AWS and create a VM disk image, the created image might be smaller than expected due to the filesystem overhead being accounted for twice. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2237287[*BZ#2237287*]) +** As a workaround, you can manually expand the Persistent Volume Claim (PVC) to increase the available space after the initial provisioning process completes. + +//BZ2216038 from Ying +* If you simultaneously clone more than 1000 VMs using the provided DataSources in the `openshift-virtualization-os-images` namespace, it is possible that not all of the VMs will move to a running state. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2216038[*BZ#2216038*]) +** As a workaround, deploy VMs in smaller batches. + +//BZ2247593 from Ying +* Live migration cannot be enabled for a virtual machine instance (VMI) after a hotplug volume has been added and removed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2055595[*BZ#2247593*]) + +[discrete] +[id="virt-4-15-ki-virtualization"] +==== Virtualization +//4.14 Leave in per Stu +* {VirtProductName} links a service account token in use by a pod to that specific pod. {VirtProductName} implements a service account volume by creating a disk image that contains a token. If you migrate a VM, then the service account volume becomes invalid. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2037611[*BZ#2037611*]) +** As a workaround, use user accounts rather than service accounts because user account tokens are not bound to a specific pod. + +// Leave in for 4.14 per Stu; remove from 4.15 RNs and move content to CNV docs, per Avital +* With the release of the link:https://access.redhat.com/errata/RHSA-2023:3722[RHSA-2023:3722] advisory, the TLS `Extended Master Secret` (EMS) extension (link:https://datatracker.ietf.org/doc/html/rfc7627[RFC 7627]) is mandatory for TLS 1.2 connections on FIPS-enabled RHEL 9 systems. This is in accordance with FIPS-140-3 requirements. TLS 1.3 is not affected. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2157951[*BZ#2157951*]) ++ +Legacy OpenSSL clients that do not support EMS or TLS 1.3 now cannot connect to FIPS servers running on RHEL 9. Similarly, RHEL 9 clients in FIPS mode cannot connect to servers that only support TLS 1.2 without EMS. This in practice means that these clients cannot connect to servers on RHEL 6, RHEL 7 and non-RHEL legacy operating systems. This is because the legacy 1.0.x versions of OpenSSL do not support EMS or TLS 1.3. For more information, see link:https://access.redhat.com/solutions/7018256[TLS Extension "Extended Master Secret" enforced with Red Hat Enterprise Linux 9.2]. + +** As a workaround, upgrade legacy OpenSSL clients to a version that supports TLS 1.3 and configure {VirtProductName} to use TLS 1.3, with the `Modern` TLS security profile type, for FIPS mode. + +[discrete] +[id="virt-4-15-ki-webconsole"] +==== Web console +//CNV-34771 from Ying +* If you upgrade {product-title} 4.13 to 4.14 without upgrading {VirtProductName}, the Virtualization pages of the web console crash. (link:https://bugzilla.redhat.com/show_bug.cgi?id=OCPBUGS-22853[*OCPBUGS-22853*]) + +** As a workaround, you must upgrade the {VirtProductName} Operator to 4.14 manually or set your subscription approval strategy to *Automatic*. \ No newline at end of file