Merge branch 'one-6.10-maintenance' into one-6.10

rsmontero · rsmontero · commit 048d1880359a · 2025-06-03T11:56:00.000+02:00
diff --git a/source/conf.py b/source/conf.py
@@ -88,7 +88,7 @@
 # The short X.Y version.
 version = '6.10'
 # The full version, including alpha/beta/rc tags.
-release = '6.10.3'
+release = '6.10.4'
 # The context packages released version
 context_release = '6.10.0'
 
diff --git a/source/installation_and_configuration/configuration_management/conflicts.rst b/source/installation_and_configuration/configuration_management/conflicts.rst
@@ -58,7 +58,9 @@ Each different type of file you can find :ref:`here <cfg_files>` has the followi
 | oned.conf-like          | ``skip``               |
 +-------------------------+------------------------+
 
-These default patching modes can be used in the upgrade process (``onecfg upgrade``) using the parameter ``--patch-safe``.
+Safe patching is enabled by default, allowing the ``onecfg upgrade`` command to run in best effort mode, which prevents failures in non-critical situations.
+
+To enforce strict patching, you can use the ``--patch-strict`` parameter.
 
 Examples
 --------
diff --git a/source/installation_and_configuration/opennebula_services/fireedge.rst b/source/installation_and_configuration/opennebula_services/fireedge.rst
@@ -31,7 +31,7 @@ Main Features
 .. _fireedge_install_configuration:
 .. note::
 
-    We are continually expanding the feature set of FireEdge Sunstone, and hence its configuration files are in constant change. In versions 6.10.3 and later, configuration files in ``/etc/one/fireedge/`` can be replaced by the ones that can be downloaded from `here <https://bit.ly/one-6103-sunstone-config>`__ in order to activate the latest features.
+    We are continually expanding the feature set of FireEdge Sunstone, and hence its configuration files are in constant change. In versions 6.10.3 and later, configuration files in ``/etc/one/fireedge/`` can be replaced by the ones that can be downloaded from `here <https://bit.ly/one-6104-config>`__ in order to activate the latest features.
 
 Configuration
 ================================================================================
diff --git a/source/intro_release_notes/release_notes/arm64.rst b/source/intro_release_notes/release_notes/arm64.rst
@@ -4,7 +4,7 @@
 ARM64 packages
 ================================================================================
 
-6.10.3-EE and 6.10.0.1-CE release includes ARM64 packages for all supported operating systems.
+6.10.4-EE and 6.10.0.1-CE release includes ARM64 packages for all supported operating systems.
 
 These ARM packages are being released in beta mode, allowing the community to test them and provide feedback. This initiative aims to extend OpenNebula’s flexibility by enabling deployment on ARM-based servers (both hypervisors and front-end nodes), opening new possibilities for lightweight, distributed cloud environments.
 
diff --git a/source/intro_release_notes/release_notes_enterprise/index.rst b/source/intro_release_notes/release_notes_enterprise/index.rst
@@ -11,3 +11,4 @@ Release Notes |version| Enterprise Edition
    Resolved Issues 6.10.1 <resolved_issues_6101>
    Resolved Issues 6.10.2 <resolved_issues_6102>
    Resolved Issues 6.10.3 <resolved_issues_6103>
+   Resolved Issues 6.10.4 <resolved_issues_6104>
diff --git a/source/intro_release_notes/release_notes_enterprise/resolved_issues_6104.rst b/source/intro_release_notes/release_notes_enterprise/resolved_issues_6104.rst
@@ -0,0 +1,72 @@
+.. _resolved_issues_6104:
+
+Resolved Issues in 6.10.4
+--------------------------------------------------------------------------------
+
+A complete list of solved issues for 6.10.4 can be found in the `project development portal <https://github.com/OpenNebula/one/milestone/83?closed=1>`__.
+
+The following new features have been backported to 6.10.4:
+
+- `Add support of using defined timezone by oneacct utility with flag -t/--timezone  <https://github.com/OpenNebula/one/issues/821>`__.
+- Console logging for :ref:`LXC Driver <lxc_logs>`.
+- Add architecture and hypervisor scheduling requirements to public marketplaces :ref:`public marketplaces <public_marketplaces>`
+
+The following new features have been backported in the Sunstone Web UI to 6.10.4:
+
+- `Update backup configuration on a virtual machine <https://github.com/OpenNebula/one/issues/6880/>`__.
+
+The following issues has been solved in 6.10.4:
+
+- `Fix a bug when Restic passwords include quotes <https://github.com/OpenNebula/one/issues/6666/>`__.
+- `Fix onevrouter instantiate command prompts for user input unnecessarily <https://github.com/OpenNebula/one/issues/6948/>`__.
+- `Fix user-input option for CLI to support values containing commas and equal signs <https://github.com/OpenNebula/one/issues/6975/>`__.
+- `Fix VM migration not executed on vCenter when src host ID is 0 <https://github.com/OpenNebula/one/issues/6997/>`__.
+- `Fix VNet instance doesn't update BRIDGE_TYPE, when VN_MAD is updated <https://github.com/OpenNebula/one/issues/6858/>`__.
+- `Fix oneacl rules not being cleaned-up after removing a group admin <https://github.com/OpenNebula/one/issues/6993/>`__.
+- `Fix vGPU profile monitoring for legacy mode <https://github.com/OpenNebula/one/issues/7012/>`__.
+- `Fix README.md links to old paths <https://github.com/OpenNebula/one/issues/7032>`__.
+- `Fix a silent LXC container start fail <https://github.com/OpenNebula/one/issues/7028>`__.
+- `Fix the use of hardcoded DNS for linuxcontainers marketplace <https://github.com/OpenNebula/one/issues/7041>`__.
+- `Fix Restic backup driver when the server is not deployed together with the frontend <https://github.com/OpenNebula/one/issues/7054>`__.
+- `Fix resource names to not allow special characters '\\t', '\\n', '\\v', '\\f', '\\r' <https://github.com/OpenNebula/one/issues/6950>`__.
+- `Fix HA in case of wrong SQL query <https://github.com/OpenNebula/one/issues/7025>`__.
+
+The following issues have been solved in the Sunstone Web UI:
+
+- `Fix ability to add and remove existing users to existing groups and change main group from an user <https://github.com/OpenNebula/one/issues/6980/>`__. In order to add, remove or change main group from and user, please see **Changes in Configuration Files** section below.
+- `Fix image upload not working <https://github.com/OpenNebula/one/issues/6426/>`__.
+- `Fix Sunstone has issues with Disk IDs when updating boot order <https://github.com/OpenNebula/one/issues/7014/>`__.
+
+Security Advisory: VLAN Trunking Exposure via VLAN_TAGGED_ID
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A security issue has been identified when using OpenvSwitch with VLAN Trunking enabled. The ``VLAN_TAGGED_ID`` attribute allows users to specify a range of VLANs accessible from their virtual ``NIC``. If not properly restricted, non-privileged users can exploit this attribute (e.g., by setting ``VLAN_TAGGED_ID = 1-4096``) to gain access to all VLANs available on the OpenvSwitch bridge, potentially exposing critical network segments. To mitigate this risk, it is strongly recommended to restrict this attribute by adding the following line to the ``oned.conf`` configuration file:
+
+.. code::
+
+    VM_RESTRICTED_ATTR = "NIC/VLAN_TAGGED_ID"
+
+Changes in Configuration Files
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Since version 6.10.3 the following changes apply to OpenNebula services configuration files:
+
+
+.. warning:: The following attributes are not included in the configuration files distributed with 6.10.4. If you wish to use these attributes, add them manually to the corresponding file.
+
+
+FireEdge Service
+^^^^^^^^^^^^^^^^
+
++----------------------+--------------------------------------------------------------+-------------------------------------------------------+-------------+
+| Config file          | Description                                                  | Action                                                | Values      |
++======================+==============================================================+=======================================================+=============+
+| group-tab.yaml       | New attribute: info-tabs.user.actions.add_users              | Sets the 'Add user' button in Groups page             | true, false |
++----------------------+--------------------------------------------------------------+-------------------------------------------------------+-------------+
+| group-tab.yaml       | New attribute: info-tabs.user.actions.remove_users           | Sets the 'Remove user' button in Groups page          | true, false |
++----------------------+--------------------------------------------------------------+-------------------------------------------------------+-------------+
+| user-tab.yaml        | New attribute: info-tabs.group.actions.add_to_group          | Sets the 'Add to group' button in Users page          | true, false |
++----------------------+--------------------------------------------------------------+-------------------------------------------------------+-------------+
+| user-tab.yaml        | New attribute: info-tabs.group.actions.remove_from_group     | Sets the 'Remove from group' button in Groups page    | true, false |
++----------------------+--------------------------------------------------------------+-------------------------------------------------------+-------------+
+| user-tab.yaml        | New attribute: info-tabs.group.actions.change_primary_group  | Sets the 'Change primary group' button in Groups page | true, false |
++----------------------+--------------------------------------------------------------+-------------------------------------------------------+-------------+
diff --git a/source/open_cluster_deployment/kvm_node/kvm_driver.rst b/source/open_cluster_deployment/kvm_node/kvm_driver.rst
@@ -9,7 +9,7 @@ Requirements
 
 The Hosts will need a CPU with `Intel VT <http://www.intel.com/content/www/us/en/virtualization/virtualization-technology/intel-virtualization-technology.html>`__ or `AMD's AMD-V <http://www.amd.com/en-us/solutions/servers/virtualization>`__ features in order to support virtualization. KVM's `Preparing to use KVM <http://www.linux-kvm.org/page/FAQ#Preparing_to_use_KVM>`__ guide will clarify any doubts you may have regarding whether your hardware supports KVM.
 
-Also, since OpenNebula 6.10.3-EE and 6.10.0.1-CE ARM64 architecture is supported (in beta mode).
+Also, since OpenNebula 6.10.4-EE and 6.10.0.1-CE ARM64 architecture is supported (in beta mode).
 
 KVM will be installed and configured after following the :ref:`KVM Host Installation <kvm_node>` section.
 
diff --git a/source/open_cluster_deployment/lxc_node/lxc_driver.rst b/source/open_cluster_deployment/lxc_node/lxc_driver.rst
@@ -14,6 +14,8 @@ Requirements
 Considerations & Limitations
 ================================================================================
 
+.. _lxc_security:
+
 Privileged Containers and Security
 --------------------------------------------------------------------------------
 
@@ -188,6 +190,8 @@ Containers supports remote access via VNC protocol which allows easy access to t
       LISTEN="0.0.0.0",
       TYPE="VNC" ]
 
+.. _lxc_raw:
+
 Additional Attributes
 -----------------------
 
@@ -221,3 +225,27 @@ After defining the profiles they can be used by adding the ``PROFILES`` attribut
   PROFILES = "extra-performance, production"
 
 Profiles, are implemented by using the LXC ``include`` configuration attribute, note that the profiles will be included in the provided order and this order might affect the final configuration of the container.
+
+.. _lxc_logs:
+
+Troubleshooting
+---------------
+
+On top of the regular OpenNebula logs at ``/var/log/one``, the LXC driver generates additional logs for more specific LXC operations. Sometimes a container might fail to start or not behave as intended. You can find out more about what happened by inspecting the log files at ``/var/log/lxc/``:
+
+- ``one-<vm_id>.console`` — Contains the console output seen when starting a container. This includes information regarding how the init process within the container starts and can help identify problems that occur after a successful start yet a failed initialization.
+- ``one-<vm_id>.log`` — Contains information about how LXC handles different container operations.
+
+You can also verify the low-level configuration of the container generated by OpenNebula by inspecting the file ``/var/lib/lxc/one-<vm_id>/config``.
+
+Common Issues
+-------------
+
+- Sometimes the Guest OS may refuse to start completely or some systemd services might fail. In these cases, it might be worth using :ref:`Privileged Containers <lxc_security>`.
+- When running Linux distributions with `AppArmor <https://documentation.ubuntu.com/server/how-to/security/apparmor/index.html>`_, it might be necessary to relax this configuration. Otherwise, services like :ref:`one-context <kvm_contextualization>` have dependencies which do not start. For this, you can set the following :ref:`RAW <lxc_raw>` configuration:
+
+.. code::
+
+  RAW = [
+    TYPE = "lxc",
+    DATA = "lxc.apparmor.profile=unconfined" ]
