Important Notes
The Oxide CLI, Go SDK, and Terraform Provider have been updated for API enhancements described under New Features. Please be sure to upgrade.
System Requirements
Please refer to v1.0.0 release notes.
Installation
Oxide Computer Model 0 must be installed and configured under the guidance of Oxide technicians. The requirement may change in future releases.
Upgrade Compatibility
Upgrade from version 14 is supported. We recommend shutting down all running instances on the rack before software update commences. Any instances that aren’t stopped for software update are transitioned to the failed state when the control plane comes up. They can be configured to start automatically with auto-restart policy or they can be started manually by the user.
All existing setup and data (e.g., projects, users, instances) remain intact after the software update.
New Features
API access token management
API access tokens have no expiration time prior to this release. Release 15 provides the following token management capabilities for administrators and users to control the lifespan of access tokens:
Silo admin can configure API token expiration time with the
/v1/auth-settingsAPIUsers can list and expire their own tokens via the
/v1/me/access-tokensAPI or the Console
For more information, please refer to the User Settings and Silo Management guides.
More enhancements will come in future releases to allow users to manage their Console session tokens and for administrators to expire tokens on behalf of other users.
Large memory instances
The maximum instance memory size has been increased to 1 TiB on sleds with 2 TiB DRAM. On 1 TiB sleds, you can deploy instances with up to 809 GiB of memory. The maximum instance vcpu size remains as 64 for all existing Oxide hardware configurations.
Intra-VPC network performance
In this release, we leverage the Chelsio NIC’s Large Send Offload (LSO) and Checksum Offload (CSO) capabilities to split large TCP segments and to fill in checksums for TCP/UDP inner frames, in a way which correctly handles Geneve/VXLAN/NVGRE tunneling. Tunneled TCP Segmentation Offload (TSO) allows for faster data transfers and reduced latency, in particular, enabling the use of the full MTU for rack-local traffic. More details can be found in the main commit and the related fixes (opte#746 and opte#749).
Improved DNS service
The DNS service managed by Oxide has been enhanced to cover the SOA (Start of Authority), NS (Name Server) and A (Address) records for the delegated subdomain to facilitate DNS troubleshooting and auditing. More details about the implementation can be found in omicron#8047.
System alerts infrastructure
We have put in place the alerts infrastructure in preparation for exposing Fault Management notifications to operators in future releases. Alerts are the mechanism through which the Oxide control plane notifies the outside world of events that occur within the system. Webhooks provide a mechanism for receiving such notifications. There are no events available for subscription at this time but you can use the Alerts guides and the corresponding API endpoints to explore how to leverage alerts when they become available.
Web console
In addition to the new functionality provided in the Access Token UI, there are a number of minor enhancements and fixes to further improve the web console experience.
Full console changelog
List and delete my access tokens (console#2833)
Bump max instance RAM to 1024 GiB (console#2825)
Fix target for checkbox on instance create form (console#2808)
Tighter spacing on full page forms like instance create (console#2815)
Disable primary NIC delete when multiple NICs present (console#2806)
Convert attach disk form to regular modal (console#2746)
Subtle mousedown animation on buttons (console#2772)
Thinner table rows for higher density (console#2803)
Fix label and title on docs popover button (console#2804)
Bug fixes and other enhancements
Apply NAT to headers/packets carried within ICMP messages, enabling features such as
traceroutein the guest (opte#369)VPC Subnet address allocations re-use the first available address in the subnet (omicron#8208)
Improve usability of switch port settings to reduce the need for queries by Id (omicron#7966, related: oxide.go#278 and tf#25)
Prevent network reconciler from adding and removing a BGP peer at the same time (omicron#8207)
Set a default empty array for the nullable attribute
VpcFirewallRuleUpdateto eliminate client-side handling (omicron#8175)Make silo query param optional in
saml_identity_provider_view(omicron#8136)Add protections for password handling in Nexus (omicron#8093)
Improve reliability of region snapshot replacement for deleted snapshots and regions with multiple subvolumes (omicron#7862, crucible#1551)
Experimental API for support bundle plumbing and export (for Oxide technician use only at this time)
Various enhancements around Oxide software download and update (for Oxide technician use only at this time)
Firmware update
None
Known Behavior and Limitations
End-user features
| Feature Area | Known Issue/Limitation | Issue Number |
|---|---|---|
Disk/image management | Disks in | |
Disk/image management | Image upload sometimes stalls with HTTP/2 on Firefox. | |
Disk/image management | The ability to modify image metadata is not available at this time. | |
Instance orchestration | Instances fail to start when one of the switch zones is unavailable. | |
Instance orchestration | New instances cannot be created when the total number of NAT entries (private-to-external IP mappings) in the system exceeds 1024. | |
Instance performance | The | |
Instance performance | Linux guests unable to capture hardware events using | |
VPC internet gateway | Changing a silo’s default IP pool causes some instances to lose their outbound internet access. This is due to a mismatch between the pool containing the instances' external IP (which are allocated from the new default pool) and the pool attached to the system-created internet gateways (which are linked to the old pool during creation time). See the Troubleshooting Guide for some possible options for restoring instance outbound connectivity. | |
VPC routing | Subnet update clears custom router ID when the field is left out of the request body. | |
VPC routing | Network interface update clears transit ips when the field is left out of the request body. | - |
Telemetry | VM instance memory utilization and VPC network/firewall metrics are unavailable at this time. | - |
Operator features
| Feature Area | Known Issue/Limitation | Issue Number |
|---|---|---|
Silo management | The ability to modify silo and IDP metadata is not available at this time. | |
System management | Sled and physical storage availability real-time status are not available in the inventory UI and API yet. | |
System management | The built-in test silo named "default-silo" has resource quotas and should be removed. | |
System management | Operator-driven software update is currently unavailable. All updates need to be performed by Oxide technicians. | - |
System management | Operator-driven instance migration across sleds is currently unavailable. | - |
User management | User offboarding from the rack is not supported at this time. Apart from updating the identity provider to remove obsolete users from the relevant groups, operators will need to remove any IAM roles granted directly to those users in silos and projects. |