Important Notes
The Oxide CLI, Go SDK, and Terraform Provider have been updated for API enhancements described under New Features. Please be sure to upgrade.
The API response payloads for
/v1/instances/{instance}/external-ips
and/v1/vpc-firewall-rules
have been modified in this release to provide additional capabilities. If you have custom integrations using these APIs, please ensure to review the latest API docs and update your integrations as needed.The
/v1/disks/{disk}/metrics
API endpoint has been removed as it duplicates the disk metrics timeseries query. Please refer to the OxQL Tutorial for the query syntax if you are new to Oxide timeseries.
System Requirements
Please refer to v1.0.0 release notes.
Installation
Oxide Computer Model 0 must be installed and configured under the guidance of Oxide technicians. The requirement may change in future releases.
Upgrade Compatibility
Upgrade from version 15 is supported. We recommend shutting down all running instances on the rack before software update commences. Any instances that aren’t stopped for software update are transitioned to the failed
state when the control plane comes up. They can be configured to start automatically with auto-restart policy or they can be started manually by the user.
All existing setup and data (e.g., projects, users, instances) remain intact after the software update.
New Features
Audit log
The audit log tracks user actions within the system. It can answer questions like when a certain authentication event happened and what actions were taken by whom on instances and disks. The log is accessible to users with the fleet viewer role via the /v1/system/audit-log
API endpoint.
In this release, we are logging only a small subset of operations and a few key facts about them, including timestamp, user and silo ID, HTTP status code, and error message (if applicable). In later releases we will log a more comprehensive set of operations and we will log more detailed information about what took place, such as the ID of a created resource and the ID of the API token used. Read the Audit Log guide for more details.
Admin API for user logout
Silo administrators now have the ability to log a given user out by revoking all their existing browser sessions and API tokens with the new /v1/users/{user_id}/logout
endpoint. The user’s account is not disabled, but any further interaction with the system will require them to log in again. The combination of disabling a user in the identity provider and calling the logout endpoint for that user effectively eliminates their ability to interact with the Oxide system.
Intra-VPC network performance
In this release, we have made further improvements in VPC network performance and exception handling:
Support bundle
Support bundles provide a wide variety of diagnostic information to both operators and Oxide support staff for troubleshooting purposes. Bundle content may cover system log files, health and operational metrics, and error reports. These system artifacts do not include any guest operating system in-memory or on-disk data in VM instances, nor any data within detached disks, snapshots, and images.
Users with the fleet administrator role can create, download, and inspect support bundle content via the bundle APIs. See the Troubleshooting guide for more details and command examples.
Web console
There are no major new console features. We made changes to support API improvements like a higher instance memory limit, SNAT IPs in the instance external IPs list, and firewall rule ICMP code/type filters.
Full console changelog
Fix date picker re-renders by breaking debounce loop (console#2874)
Add SNAT IPs to instance external IPs list (console#2868)
Support protocol filters on firewall rules (console#2850)
Bump max instance memory to 1536 GiB (console#2858)
Add sled policy data to sled page (console#2838)
Add tooltip to ephemeral IP cells in Instance Networking tab (console#2840)
Move IP address column in internet gateways table (console#2839)
Add empty MiniTable state (console#2811)
Bug fixes and other enhancements
Raise instance maximum memory limit to 1.5 TiB on sleds with 2 TiB DRAM (omicron#8527)
Expose SNAT IPs in instance external IP list (omicron#8163)
Firewall rules support filtering by ICMP code/type (opte#730, omicron#8194)
Remove
default-silo
from resource utilization query (omicron#5731)Do not add routes or advertise tunnel exit for down links (maghemite#514)
Improve large snapshot creation error handling (crucible#1758)
Firmware update
None
Known Behavior and Limitations
End-user features
Feature Area | Known Issue/Limitation | Issue Number |
---|---|---|
Disk/image management | Disks in | |
Disk/image management | Disk rejected by guest OS due to duplicate nvme device names. The issue is caused by a 20-character limit in applying the disk name to the device serial number. See the Troubleshooting guide for more information. | - |
Disk/image management | Image upload sometimes stalls with HTTP/2 on Firefox. | |
Disk/image management | The ability to modify image metadata is not available at this time. | |
Instance orchestration | Instances fail to start when one of the switch zones is unavailable. | |
Instance orchestration | New instances cannot be created when the total number of NAT entries (private-to-external IP mappings) in the system exceeds 1024. | |
Instance performance | The | |
Instance performance | Linux guests unable to capture hardware events using | |
VPC internet gateway | Changing a silo’s default IP pool causes some instances to lose their outbound internet access. This is due to a mismatch between the pool containing the instances' external IP (which are allocated from the new default pool) and the pool attached to the system-created internet gateways (which are linked to the old pool during creation time). Please see the Troubleshooting Guide for some possible options for restoring instance outbound connectivity. | |
VPC routing | Subnet update clears custom router ID when the field is left out of the request body. | |
VPC routing | Network interface update clears transit ips when the field is left out of the request body. | - |
Telemetry | VM instance memory utilization and VPC network/firewall metrics are unavailable at this time. | - |
Operator features
Feature Area | Known Issue/Limitation | Issue Number |
---|---|---|
Silo management | The ability to modify silo and IDP metadata is not available at this time. | |
System management | Sled and physical storage availability real-time status are not available in the inventory UI and API yet. | |
System management | Operator-driven software update is currently unavailable. All updates need to be performed by Oxide technicians. | - |
System management | Operator-driven instance migration across sleds is currently unavailable. | - |