Chapter 2. RHSA-2022:4712-04 Moderate: RHV Engine and Host Common Packages security update

BZ#2064795

python-passlib/python38-passlib are runtime dependencies for several RHV components. With this release, they are provided in the RHEL-8-RHEV-4, RHEL-8-RHEV-S-4.4 and RHEL-8-RHV-4-TOOLS channels.

BZ#2064798

python-pycurl/python38-pycurl are runtime dependencies for several RHV components. With this release, they are provided in the RHEL-8-RHEV-4, RHEL-8-RHEV-S-4.4 and RHEL-8-RHV-4-TOOLS channels.

BZ#2064799

python-jmespath/python38-jmespath are runtime dependencies for several RHV components. With this release, they are provided in the RHEL-8-RHEV-4, RHEL-8-RHEV-S-4.4 and RHEL-8-RHV-4-TOOLS channels.

BZ#2064801

python-netaddr/python38-netaddr are runtime dependencies for several RHV components. With this release, they are provided in the RHEL-8-RHEV-4, RHEL-8-RHEV-S-4.4 and RHEL-8-RHV-4-TOOLS channels.

BZ#2034313

Rebase package(s) to version: 1.10.0 Highlights, important fixes, or notable enhancements:

BZ#2006721

The ovirt_disk module released as a part of ovirt-ansible-collection 2.0.0 uses the imageio python client to upload images into Red Hat Virtualization Manager.

BZ#2017070

The manageiq role has been removed from oVirt Ansible Collection 2.0.0.

BZ#2071365

Red Hat Virtualization 4.4 SP1 now requires ansible-core [= 2.12.0 to execute Ansible playbooks/roles internally from RHV components.

BZ#2020620

In this release, support has been added for self-hosted engine deployment on a host with a DISA STIG profile.

BZ#2066811

Previously, DISA STIG profile used fapolicyd that blocked ansible command execution as non-root, and self-hosted engine deployment failed. In this release, calls to psql as postgres are replaced with engine_psql.sh, and deployment succeeds.

BZ#1883949

In this release,the following enhancements were made: 1. Adding 2 new backup phases: - SUCCEEDED - FAILED 2. Disable 'vm_backups' & 'image_transfers' DB tables cleanup after backup / image transfer operation is over. 3. Added DB cleanup scheduled thread to automatically clean backups and image transfers once in a while. 4. Minor user experience improvements.

BZ#1932149

Previously, 'hosted-engine --deploy' always created the hosted storage domain in the default format, which is the latest, and deployment failed. With this release, the process now checks the compatibility version of the cluster/DC we deploy/restore to, and creates the storage domain with a proper format for their version. As a result, deploy/restore does not fail while creating the storage.

BZ#2004018

With this release, an error message has been added to the ovirt_disk module, warning that the parameters 'interface', 'activate', 'bootable', 'uses_scsi_reservation' and 'pass_discard' cannot be used without specifying a VM.

BZ#2004852

The following parameters have been added to the ovirt_vm module: virtio_scsi_enabled - If true, it enables Virtio SCSI support. multi_queues_enabled - If true, each virtual interface will get the optimal number of queues, depending on the available virtual CPUs.

BZ#1940824

Upgrade from OvS/OVN 2.11 to OVN 2021 and OvS 2.15. The upgrade is transparent to the user as long as these conditions are met: 1. Upgrade the engine first. 2. Before you upgrade the hosts, disable the ovirt-provider-ovn security groups for all OVN networks that are expected to work between hosts with OVN/OvS version 2.11. 3. Upgrade the hosts to match the OVN version 2021 or higher and OvS version to 2.15. This step should be done with the web console, in order to reconfigure OVN and to refresh the certificates. 4. Reboot the host after upgrade. 5. Verify that the provider and OVN were configured successfully by launching the web console and checking the "OVN configured" field on the "General" tab for each host. (You can also obtain the value using the REST API.) Note that the value might be "No" if the host configuration has not been refreshed.

BZ#2044362

Rebase ovirt-setup-lib package to version: 1.3.3 Highlights, important fixes, or notable enhancements: BZ#1971863 - Queries of type 'ANY' are deprecated - RFC8482

BZ#1933555

The Python SDK package for Red Hat Virtualization is now supported in RHEL 9.

BZ#2065665

A race condition was found in Paramiko. This flaw allows unauthorized information disclosure from an attacker with access to the write_private_key_file.