October 2025 Release

The latest release of Platform9 Private Cloud Director includes new features, usability improvements, and resolved issues to enhance product stability and performance.

New Features

OVN Database High Availability for Self-Hosted Deployments

OVN database pods are now running with multiple replicas in self-hosted environments, eliminating network control plane downtime during node failures or maintenance operations. The enhancement ensures continuous network service availability and prevents disruptions to VM connectivity during infrastructure updates or unplanned outages.

CLI-Based Host Upgrades for Self-Hosted Deployments

Host upgrades are now being executed via the airctl upgrade-hosts command with mandatory region specification and optional host filtering, replacing previous kpctl workflows. The enhancement provides more granular control over upgrade operations, ensuring that upgrades target the correct region in multi-region deployments.

To upgrade hosts in a specific region:

airctl upgrade-hosts --region <region-name>

Custom Certificate Support for Self-Hosted Deployments

Self-hosted Private Cloud Director deployments now support custom SSL/TLS certificates across multiple regions, enabling enterprise-level certificate management, compliance with specific requirements, and trusted connections. The feature allows organizations to use their own certificate authority and domain names for each region.

Configurable Storage Classes for Service Deployments

Storage class assignments are now configurable per service, enabling cost optimization through tiered storage selection and separate RWX/RWO storage class definitions for varied infrastructure requirements.

VM Ownership Reassignment

Administrators can now change VM ownership through the UI or API, enabling seamless management of VM ownership after migrations or organizational changes.

To reassign VM ownership, navigate to Virtual Machines and then select a specific VM, select Actions > Change Ownership.

IP Multicast Support for OVN Networks

Multicast traffic is now supported on OVN networks with IGMP snooping configuration, enabling workloads that rely on multicast. The feature now supports enterprise applications that require efficient one-to-many data transmission patterns.

Tenant-Specific Network Sharing

Networks can now be shared with specific tenants via PCD UI, enabling secure multi-tenant network access. Providing granular network access control for shared infrastructure scenarios while maintaining tenant isolation.

To share a network with specific tenant(s), navigate to Network and Security > Virtual Networks, then select a specific network and choose Actions > Share Network.

PCI MMIO Configuration for GPU Passthrough

GPU passthrough on UEFI VMs now supports a configurable PCI MMIO size via the image property hw_pci_mmio_size , eliminating the need for manual libvirt XML edits for high-memory GPUs. The enhancement is enabling the proper allocation of memory-mapped I/O space for GPUs with large frame buffers, ensuring reliable GPU functionality in UEFI boot mode.

Set the property when creating or updating an image with the required MMIO size in Gibibyte, mebibyte (e.g. 64GiB, 128GiB) are supported. hw_pci_ mmio_size=64GiB

GPU Passthrough Support for Ubuntu 24.04

GPU passthrough is now being supported on Ubuntu 24.04 hosts with kernel 6.8+, enabling GPU-accelerated workloads on the latest LTS release. The enhancement is extending GPU capabilities to environments standardized on Ubuntu 24.04, providing access to improved driver support and kernel features.

Automated pcdctl CLI Updates

Running pcdctl setup now upgrades the existing pcdctl installations to the latest version. This ensures that administrators always have access to the latest pcdctl features and bug fixes, without requiring manual download and installation steps.

Enhancements

vTPM VM High Availability Support

VMs with vTPM enabled now support automatic evacuation during host failures, enabling High Availability for security-critical workloads requiring TPM functionality.

Service Monitoring Commands for Self-Hosted Deployments

Enhanced airctl CLI with region listing and per-region service count queries, enabling direct integration with external monitoring tools like Zabbix. Commands return numeric-only output for programmatic consumption:

• airctl get-regions lists all regions

• airctl status --region <region-name> --desired returns the desired service count

• airctl status --region <region-name> --ready returns the ready service count

These commands support automated health checks and integration with monitoring systems.

Enhanced Maintenance Mode workflow for Hypervisors

Host maintenance mode now supports parallel VM migrations, reducing maintenance windows for large deployments. Migration progress is visible in real-time through the UI, enabling administrators to monitor and manage maintenance operations efficiently.

DNS Zone Deletion Safeguards

DNS zone deletion now automatically cleans up network references, preventing stale DNS domain assignments across the infrastructure, ensuring DNS consistency.

Simplified Image Upload CLI Workflow

Image upload and download operations now automatically handle endpoint configuration, eliminating the need for CLI users to set the OS_INTERFACE environment variable manually. The enhancement streamlines image management workflows and reduces the potential for configuration errors.

Volume Force Delete with Cascade

When force deleting volumes with snapshots from PCD UI, snapshots will get automatically cleaned up. The enhancement eliminates the need for stuck volume cleanup and simplifies storage management.

Volume State Management in UI

Administrators can now force-reset volume states directly from PCD UI. This capability accelerates troubleshooting for volumes stuck in transitional states, such as attaching, detaching, or creating.

Access this feature by navigating to Virtual Machines > Volumes, then select a specific volume and choose Actions > Reset State.

Version-Specific Host Agent Downloads for Self-Hosted Airgapped Deployments

Host agent download URLs now reference specific release versions instead of "latest" for airgapped environments, preventing version mismatches in isolated infrastructure deployments. The enhancement ensures consistent agent versions across airgapped installations and eliminates compatibility issues.

Simplified Allocation Ratio Configuration

The allocation ratio editor populates current values and includes a reset-to-defaults option for easier management of resource overcommitment. The enhancement reduces configuration errors and provides better visibility into resource allocation policies.

Access allocation ratios at Infrastructure > Clusters and then navigate to a specific cluster and select Edit > Allocation Ratios.

Dashboard Tenant View Toggle

The tenant view slider now correctly filters dashboard content between single-tenant quota view and multi-tenant resource utilization, including VM/hypervisor counts. The enhancement ensures that dashboard metrics are accurate based on the selected view mode.

Improved UI Performance in Large Environments

Performance optimization ensures UI responsiveness in environments with a large number of resources.

Automatic VM Pausing on Network Isolation

The VMs pause automatically when the host loses network connectivity to any peer hosts for 270 seconds or more, preventing split-brain scenarios in distributed environments. The safeguard protects data integrity during network partitions and enables safe recovery after connectivity restoration.

GPU Configuration Updates for Existing Hosts

GPU passthrough can now be configured and enabled on hosts with an existing hostconfig. GPU live migration is now supported for GPU passthrough hosts.

Additional Virtual Machine Power Operations

Pause and unpause actions are now available on the VM details page and row-level menus. In a Paused state, the VM's state is stored in RAM and continues to run in a frozen state, with resources remaining allocated but the instance being temporarily inaccessible.

Tenant-Level Volume Type Defaults

Tenants now define their own default volume types, eliminating shared system-wide defaults and enabling proper storage tier separation across tenants. Customers can align storage defaults with per-tenant SLAs without cross-tenant interference.

Secured Dex Client Secret in Authentication Flow

The Dex client_secret is no longer exposed in the unauthenticated features.json file, thereby securing the authentication provider for Kubernetes clusters.

Consolidated Container Image Sources

All container images are now pulled exclusively from Quay.io and registry.k8s.io, eliminating dependencies on docker.io.

VM Console Security Enhancement: VNC Proxy Support

Private Cloud Director now provides enhanced security for VM console access through optional VNC proxy node configuration. Organizations can now route noVNC traffic through dedicated proxy nodes instead of exposing port 6080 directly on hypervisor hosts, addressing security compliance requirements.

Upgrade Notes

The October 2025 release includes improvements to volume type management from the Private Cloud Director UI.

• We now recommend setting a default volume type per tenant so that any volumes created without an explicitly defined volume type use the tenant-level default.

The Cluster Blueprint now supports the addition of an optional VNC proxy node configuration. If you are upgrading from a previous version of Private Cloud Director and wish to set up a VNC proxy via the Cluster Blueprint, you will need to restart or live migrate VMs that were created before the upgrade for the VNC configuration to take effect.

Bug Fixes

Infrastructure Management

• Cold migration operations now preserve hotplug configuration, maintaining CPU and memory hotplug capabilities after the operation completes. This enhancement ensures consistent VM behavior across lifecycle operations, preventing the loss of dynamic resource scaling capabilities.

• Fixed vTPM-enabled Windows VMs failing to start or migrate when managed by users with self-service roles. Users without explicit admin privileges can now perform standard VM lifecycle operations within their tenant.

• Fixed the orphaned QEMU processes that remain on hypervisors after VM deletion. The compute service now automatically reaps deleted instances, preventing resource consumption by stale processes and maintaining a consistent state between the control plane and compute nodes.

• Fixed live migration and evacuation for hotplug VMs using boot-from-volume or zero-disk ephemeral configurations. These VMs can now be live-migrated and evacuated.

• The Image Library API should now return correct public endpoint URLs instead of localhost (127.0.0.1) addresses, enabling proper integration with third-party backup tools and pcdctl CLI operations.

• If a GPU host running vGPU VMs is rebooted, vGPU VMs are recovered automatically.

• Fixed Mors pod stability lease the Mors pod may become unresponsive, preventing the timely execution of operations such as VM deletion or stopping. As a workaround, the mors pod would need to be restarted manually to restore responsiveness. A permanent fix is now implemented

PCD User Interface

• Temporary snapshots created during VM clone operations are now automatically deleted upon completion, eliminating the need for manual cleanup.

• The dashboard now correctly includes vCPU and RAM allocations for VMs using hotplug-enabled flavors in total resource usage across the Virtual Machines pages.

• Multiple volume types can now be created that reference the volume backends configured in the Cluster Blueprint.

• pcdctl now sets up a script to automatically upgrade existing pcdctl installations to the latest version.

Self-Hosted PCD

• Management cluster nodes now automatically remove shutdown taints upon recovery, eliminating the need for manual kubectl commands for pod scheduling after unplanned outages.

• Custom Image Library service settings specified in /etc/glance/glance-api-override.conf are now preserved across upgrades, eliminating the need for manual reconfiguration after upgrades.

Storage Service

• The NetApp ONTAP storage backend now works with default self-signed certificates when the ssl_cert_path is not configured, eliminating the need for certificate extraction during initial deployment.

• PureStorage Cinder driver fails to initialize during performance metrics collection. The driver starts successfully even when the array performance data is unavailable.

Kubernetes on Private Cloud Director

• Improved the cluster creation flow with automatic conflict resolution that lists, deletes, and recreates Keystone application credentials when idRef secrets already exist.

• Addressed breaking changes caused by API groups without resources by displaying "None" in the resource dropdown when no resources are available.

• Resolved an issue during the Kubernetes version upgrade, where the Cluster Autoscaler upgrade was also impacted.

• Resolved an issue where SSO users cannot create Kubernetes clusters, though dashboard access and cluster management remain available.

Known Limitations

• VM Migration During Ubuntu Host Upgrades: VM migration supports only Ubuntu 22.04 to 24.04 host upgrades (not reverse direction). VMHA and DRR must be disabled and hosts drained before the upgrade.

Known Issues

• For vGPU support, please refer to the GPU documentation for more information on the issues below:

  • If a GPU PCI device is already bound to a driver/module, it needs to be unbound to enable vGPU on the same PCI.

• DRR does not support vTPM-enabled VMs. Live migration of such VMs is not possible, so these VMs will not be migrated automatically.

• VM HA does not support the evacuation of VMs belonging to server groups with a hard affinity policy; therefore, these VMs will not be evacuated automatically in the event of host failure.

• If a host with a persistent storage role assigned goes down and VMs running on that host are also served their block storage volumes from the same host, a known race condition may result in the evacuation of those VMs failing. To avoid this, we recommend assigning a block storage role to hosts that are not assigned a hypervisor role. This issue is being fixed in the December release of Private Cloud Director.

• If you are using NFS as the backend for block storage, set the image_volume_cache_enabled flag to false. If the flag is set to true , creating a VM from a cached image volume may lead to incorrect root disk sizing.

• pcdctl config set command is not supported for users with MFA enabled.

• Image upload to encrypted volumes is currently unsupported. Volume encryption is currently only supported for empty volumes.

• SSO users cannot log in to PCD Grafana.

• If you have a network with a DNS domain assigned, and one of its subnets has DNS Publish Fixed IP enabled, then a port created on any subnet within that network will publish a DNS record, irrespective of the subnet's DNS Publish Fixed IP setting.