Important Notes
The Oxide CLI, Go SDK, and Terraform Provider have been updated for API enhancements described under New Features. Please be sure to upgrade.
IP pools now have a
versionfield ("v4"or"v6"), which is set at create time (omicron#8885, omicron#8951). Pools can only contain IPs of one version. Accordingly, the IP pool utilization API response no longer includes separate counts for IPv4 and IPv6 (omicron#8928). If you have custom integrations relying on this endpoint, be sure to review the latest API docs and update your integrations as needed.
System Requirements
Please refer to v1.0.0 release notes.
Installation
Oxide Computer Model 0 must be installed and configured under the guidance of Oxide technicians. The requirement may change in future releases.
Upgrade Compatibility
Upgrade from version 16 or 16.1 is supported. We recommend shutting down all
running instances on the rack before software update commences. Any instances
that aren’t stopped for software update are transitioned to the failed state
when the control plane comes up. They can be configured to start automatically
with auto-restart policy or
they can be started manually by the user.
All existing setup and data (e.g., projects, users, instances) remain intact after the software update.
New Features
Self-service system update
We now support online update of system software. This new update mechanism enables operators to manage system updates independently without Oxide involvement. The API and web console are used for initiating and monitoring the update process.
This first version of online update does not support live migration. While a given instance will likely be up for most of the duration of the update, the timing and duration of instance reboots and downtime are unpredictable. For this reason, we recommend shutting down running instances during the process. More details about the impact and current limitations of system update can be found in the System Update guide.
SCIM v2.0 support
The System for Cross-Domain Identity Management (SCIM) protocol defines a standardized schema and API for managing users and groups in a centralized Identity Provider (IdP) and synchronizing them to a service provider. Prior to this release, users and groups could only be imported on a just-in-time (JIT) basis from the IdP during login events. SCIM is now available as an option for instant data synchonization from the identity provider along with SAML authentication. This new integration option allows operators to configure silo access permissions ahead of the first user login. See the Identity Providers guide for the configuration requirements and an end-to-end example with Okta as the IdP.
Limited collaborator role
We’ve added a limited_collaborator role alongside our existing viewer,
collaborator, and admin roles. A limited collaborator can create and
manage instances and related resources like disks, but they cannot modify
the networking resources nested under VPCs, like subnets, firewall rules, and
internet gateways. See the Access Control guide
for more details.
Web console
Operators can use the new System Update page to track update progress, list available releases, and initiate an update by setting a target release. The ability to upload a release through the console will be added in a future release; for now, use the CLI.
To support SCIM, we added a tab to the silo detail page where you can manage tokens for authenticating the IdP’s requests to our SCIM endpoints.
We added support for the new limited collaborator role on the silo and project access pages and improved the help copy on the role assignment form.
Full console changelog
Limited collaborator on silo and project access pages (console#2960)
Manage SCIM tokens + add SCIM option to silo create (console#2926, console#2955)
Add IP pool type to IP pool create (console#2951)
Remove underlines in firewall rule messages (console#2950)
System update page (console#2915, console#2922, console#2946, console#2947)
Convert silo page tabs to route-based navigation (console#2912, console#2954)
Badges with integrated spinners (console#2742)
Update IP pool utilization for new API response (console#2897)
Add IP pool name to Attach Floating IP dropdown (console#2870)
Bug fixes and other enhancements
Support bundle failed to collect large log files (omicron#8771)
Don’t fail active bundles with expunged Nexuses (omicron#9286)
Do not fail switch slot resolution when one switch zone is unresponsive (omicron#8914)
Ability for OxQL query to optionally return I/O summary and the ClickHouse query statement executed (omicron#9017)
Bump MAXCPU to 254 on Helios (propolis#960)
Increase viona receive queue length to enable virtio queue size tuning (propolis#935)
Unable to delete disk hitting import failure after crucible-pantry in use went away (omicron#9196)
Fix crucible-pantry panic during zone halt/termination (crucible#1721)
Improve live-repair handling when one or more downstairs are offline or faulted (crucible#1776, crucible#1777, crucible#1783, crucible#1798)
Fix
port_settings_applyto update tx-eq link settings (dendrite#135)Update network-interface to resolve memory leak (pumpkind#17)
SMBIOS 3.9 support (illumos-gate#17579)
NVMe telemetry log support (illumos-gate#17640)
Fix cxgbe stack overflow in t4_eth_tx() (illumos-gate#17674)
Patches
None
Firmware update
None
Known Behavior and Limitations
End-user features
| Feature Area | Known Issue/Limitation | Issue Number |
|---|---|---|
Disk/image management | Disks in | |
Disk/image management | Disk rejected by guest OS due to duplicate nvme device names. The issue is caused by a 20-character limit in applying the disk name to the device serial number. See the Troubleshooting guide for more information. | - |
Disk/image management | The ability to modify image metadata is not available at this time. | |
Instance orchestration | Instances fail to start when one of the switch zones is unavailable. | |
Instance orchestration | New instances cannot be created when the total number of NAT entries (private-to-external IP mappings) in the system exceeds 1024. | |
Instance performance | The | |
Instance performance | Linux guests unable to capture hardware events using | |
VPC internet gateway | Changing a silo’s default IP pool causes some instances to lose their outbound internet access. This is due to a mismatch between the pool containing the instances' external IP (which are allocated from the new default pool) and the pool attached to the system-created internet gateways (which are linked to the old pool during creation time). Please see the Troubleshooting guide for some possible options for restoring instance outbound connectivity. | |
VPC routing | Subnet update clears custom router ID when the field is left out of the request body. | |
VPC routing | Network interface update clears transit ips when the field is left out of the request body. | - |
Telemetry | VM instance memory utilization and VPC network/firewall metrics are unavailable at this time. | - |
Operator features
| Feature Area | Known Issue/Limitation | Issue Number |
|---|---|---|
Silo management | The ability to modify silo and IDP metadata is not available at this time. | |
System management | Sled and physical storage availability real-time status are not available in the inventory UI and API yet. | |
System management | Operator-driven instance migration across sleds is currently unavailable. | - |
System management | Some running instances transitioned to the "stopped" state after online update. | |
System management | Disk I/O issues observed after online update (see also suggested mitigations) |