v4

Important Notes

This release includes bug fixes that are essential for configuring BGP. It also includes an OpenSSL update that has no impact on the product features. If you do not plan to use BGP for rack networking, you may consider skipping this release.

There is also additional operator documentation on how to configure BGP and a new version of the CLI binaries that support the BGP configuration API.

System Requirements

Please refer to v1.0.0 release notes.

Installation

Oxide Computer Model 0 must be installed and configured under the guidance of Oxide technicians. The requirement may change in future releases.

Upgrade Compatibility

Upgrade from version 3 is supported. We recommend shutting down all running instances on the rack before the software update commences.

All existing setup and data (e.g. projects, users, instances) should remain intact after the software update.

New Features

Changes in this release:

OpenSSL version upgrade from 3.0.11 to 3.0.12 for CVE-2023-5363 (see also security advisory).
Rack networking configuration fixes and improvements (omicron#4406).
- A port settings update resulted in the ASIC and switch-zone updates going to different sidecars.
- Determine nexthop dynamically based on peer connection.
- Improve link configurability (technician tool to set/clear PRBS mode, better identification scheme, allowing manual lane selection)

Firmware update:

None in this release

Known Behavior and Limitations

End-user features

Feature Area Known Issue/Limitation Issue Number

Feature Area	Known Issue/Limitation	Issue Number
Image/snapshot management	Disk in `importing_from_bulk_writes` state cannot be deleted directly. The current procedures to unstick a canceled disk import are not obvious to CLI users.	omicron#2987
Image/snapshot management	Image upload sometimes stalls with HTTP/2.	omicron#3559
Image/snapshot management	Unable to create snapshots for disks attached to stopped instances.	omicron#3289
Image/snapshot management	The ability to modify image metadata is not available at this time.	omicron#2800
Instance orchestration	The ability to select which SSH keys to be passed to a new instance is not available at this time.	omicron#3056
Instance orchestration	Disk create or instance start requests under high concurrency may fail to complete. Users can reduce the concurrency level to avoid the error or retry failed requests.	omicron#3304
Instance orchestration	Instance or disk provisioning requests may fail due to unhandled sled or storage failure on rare occasions. Users can retry the requests to work around the failures.	omicron#3480, omicron#2483
Instance orchestration	Instances sometimes fail to boot up when they are created under very high concurrency. Rebooting the instances should allow the guest OS to come up.	propolis#535
Instance orchestration	Disk volume backend is occasionally stuck in repair state, preventing instances from starting or stopping.	crucible#837
Telemetry	Guest VM cpu and memory metrics are unavailable at this time.	-
VPC and routing	Inter-subnet traffic routing is not available by default. Router and routing rules will be supported in future releases.	omicron#2232

Image/snapshot management

Disk in importing_from_bulk_writes state cannot be deleted directly. The current procedures to unstick a canceled disk import are not obvious to CLI users.

omicron#2987

Image/snapshot management

Image upload sometimes stalls with HTTP/2.

omicron#3559

Image/snapshot management

Unable to create snapshots for disks attached to stopped instances.

omicron#3289

Image/snapshot management

The ability to modify image metadata is not available at this time.

omicron#2800

Instance orchestration

The ability to select which SSH keys to be passed to a new instance is not available at this time.

omicron#3056

Instance orchestration

Disk create or instance start requests under high concurrency may fail to complete. Users can reduce the concurrency level to avoid the error or retry failed requests.

omicron#3304

Instance orchestration

Instance or disk provisioning requests may fail due to unhandled sled or storage failure on rare occasions. Users can retry the requests to work around the failures.

omicron#3480, omicron#2483

Instance orchestration

Instances sometimes fail to boot up when they are created under very high concurrency. Rebooting the instances should allow the guest OS to come up.

propolis#535

Instance orchestration

Disk volume backend is occasionally stuck in repair state, preventing instances from starting or stopping.

crucible#837

Telemetry

Guest VM cpu and memory metrics are unavailable at this time.

VPC and routing

Inter-subnet traffic routing is not available by default. Router and routing rules will be supported in future releases.

omicron#2232

Operator features

Feature Area	Known Issue/Limitation	Issue Number
Access control	Device tokens do not expire.	omicron#2302
Control plane	Sled and physical storage availability status are not available in the inventory UI and API yet.	omicron#2035
Control plane	When sleds attached to the switches are restarted outside of rack cold-start, a full rack power cycle may be required to re-propagate sled NAT configurations.	omicron#3631
Control plane	Operator-driven software update is currently unavailable. All updates need to be performed by Oxide technicians.	-
Control plane	Operator-driven instance migration across sleds is currently unavailable. Instance migrations need to be performed by Oxide technicians.	-
Network management	End users cannot query the names of non-default IP pools. The ability to set up and query different IP pools (e.g. per-project IP pools) will be available soon in future releases.	omicron#2148
Telemetry	Hardware metrics such as temperatures, fan speeds, and power consumption are not exposed to the control plane at this time.	-
User management	User offboarding from the rack is not supported at this time. Apart from updating the identity provider to remove obsolete users from the relevant groups, operators will need to remove any IAM roles granted directly to those users in silos and projects.	omicron#2587

Feature Area

Known Issue/Limitation

Issue Number

Access control

Device tokens do not expire.

omicron#2302

Control plane

Sled and physical storage availability status are not available in the inventory UI and API yet.

omicron#2035

Control plane

When sleds attached to the switches are restarted outside of rack cold-start, a full rack power cycle may be required to re-propagate sled NAT configurations.

omicron#3631

Control plane

Operator-driven software update is currently unavailable. All updates need to be performed by Oxide technicians.

Control plane

Operator-driven instance migration across sleds is currently unavailable. Instance migrations need to be performed by Oxide technicians.

Network management

End users cannot query the names of non-default IP pools. The ability to set up and query different IP pools (e.g. per-project IP pools) will be available soon in future releases.

omicron#2148

Telemetry

Hardware metrics such as temperatures, fan speeds, and power consumption are not exposed to the control plane at this time.

User management

User offboarding from the rack is not supported at this time. Apart from updating the identity provider to remove obsolete users from the relevant groups, operators will need to remove any IAM roles granted directly to those users in silos and projects.

omicron#2587