As of Apache CloudStack 4.20, support for running with Java 17 has been added. In later versions, support for Java 11 will be removed.
- If you are running CloudStack with Java 17, for CloudStack versions 4.20 and later:
- Verify /etc/default/cloudstack-management is consistent with https://github.com/apache/cloudstack/blob/main/packaging/systemd/cloudstack-management.default; Specifically, ensure that the following is present in the JAVA_OPTS:
--add-opens=java.base/java.lang=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED
- Verify /etc/default/cloudstack-usage is also consistent with the same file in the repository.
- Perform the same check for /etc/default/cloudstack-agent on the hypervisor hosts.
As of Apache CloudStack 4.14, Java version required is 11 for the management-server, cloudstack-usage, KVM agent and system-VMs.
The current jQuery-based CloudStack UI is deprecated in this release of CloudStack and will be removed in the next release of Apache CloudStack.
As of Apache CloudStack 4.9, dynamic roles feature can be enabled after an upgrade. Dynamic roles feature is enabled by default on new installations.
Please read more about :ref:`using-dynamics-roles` feature and process of migrating to using this after an upgrade.
Starting 4.11, a new CA framework has been introduced that is used to secure agent and management server connections. Starting 4.11.1, KVM hosts in UP state that are not secured (i.e. the KVM host agent and libvirtd don't have CA framework provisioned X509 certificates) will show up as 'Unsecure'. A new button in the UI is available as well as an API to secure and onboard such hosts.
Please read more about :ref:`host-security` and the process of migrating existing KVM hosts and agents to use the new security feature.
OVS plug-in functionality is disrupted if ovsdaemon crashes
A critical functionality issue came out with CLOUDSTACK-6779. On XenServer it is observed that on VIF unplug Ovs-Vswitchd is crashing resulting in loosing all the openflow rules added to the bridge. Ovs daemon gets started and creates a bridge but configure openflow rules are lost resulting in the disruption of connectivity for the Instances on the host.
If using Active-Directory (LDAP/LDAPs) as User authentication; Upgrading to 4.3 and later require changes in Global Settings. After upgrading CloudStack to 4.3 or latest, following Global Settings must be change:
.. cssclass:: table-striped table-bordered table-hover
| Global Settings | Default | New |
|---|---|---|
| ldap.user.object | inetOrgPerson | user |
| ldap.username.attribute | uid | sAMAccountName |
32bit versions of System VM Templates are in the process of being deprecated. Upgrade instructions from this Release Notes use 64bit Templates.