RHBA-2019:1053 - Bug Fix Advisory

Topic

Updated ​​redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.

Description

The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime.

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Changes to the imgbased component:

• Previously, Red Hat Virtualization Host entered emergency mode after it was updated to the latest version and rebooted twice. This was due to the presence of a local disk WWID in /etc/multipath/wwids.

In the current release, /etc/multipath/wwids has been removed. During upgrades, imgbased now calls "vdsm-tool configure --force" in the new layer, using the SYSTEMD_IGNORE_CHROOT environment variable. (BZ#1636028)

• Previously, the default ntp.conf file was migrated to chrony even when NTP was disabled, overwriting chrony.conf file with incorrect values. In the current release, ntp.conf is only migrated if NTP is enabled. (BZ#1638606)
• Previously, imgbased failed upon receiving the e2fsck return code 1 when creating a new layer. In the current release, imgbased handles the e2fsck return code 1 as a success, since the new file system is correct and the new layer is installed successfully. (BZ#1645395)
• Previously, even if lvmetad was disabled in the configuration, the lvmetad service left a pid file hanging. As a result, entering lvm commands displayed warnings.

The current release masks the lvmetad service during build so it never starts and lvm commands do not show warnings. (BZ#1652795)

Changes to the redhat-virtualization-host component:

• Previously, during an upgrade, dracut running inside chroot did not detect the cpuinfo and the kernel config files because /proc was not mounted and /boot was bindmounted. As a result, the correct microcode was missing from the initramfs.

The current release bindmounts /proc to the chroot and removes the --hostonly flag. This change inserts both AMD and Intel microcodes into the initramfs and boots the host after an upgrade. (BZ#1652519)

• The current release applies the OpenSCAP security profile when installing and upgrading RHV-H. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards. (BZ#1654253)
• Do not use a VNC-based connection to deploy Red Hat Virtualization Manager as a self-hosted engine. The VNC protocol does not support password auth in FIPS mode. As a result, the self-hosted engine will fail to deploy.

Instead, deploy the Manager as a self-hosted engine, use a SPICE-based connection. (BZ#1591693)

• The current release ships a new version of Red Hat Gluster Storage, RHGS 3.4.4, in Red Hat Virtualization Host (RHVH). (BZ#1679133)
• Previously, changing log levels required editing libvirt.conf and restarting the libvirtd service. This restart prevented support from collecting data and made reproducing issues more difficult.

The current release adds the libvirt-admin package to the optional channel for Red Hat Virtualization Host. Installing this package enables you to run the virt-admin command to change libvirt logging levels on the fly. (BZ#1571283)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Affected Products

• Red Hat Virtualization 4 for RHEL 7 x86_64
• Red Hat Virtualization Host 4 for RHEL 7 x86_64

Fixes

• BZ - 1436519 - Rpm verify fails for newly installed libvirt-daemon-config-nwfilter package .
• BZ - 1571283 - [RFE] Include virt-admin in RHV-H optional channel so libvirt logging levels can be changed on the fly
• BZ - 1591693 - [RFE] Add support for STIG compliant RHV hosts
• BZ - 1630263 - [TestOnly] Test RSyslog metrics working on RHV-H
• BZ - 1630267 - [TestOnly] Ensure Static IPv6 only deployment works also when RHV-H is used
• BZ - 1632741 - rpm --eval "%dist" doesn't work within RHV-H 4.2
• BZ - 1633069 - Build redhat-release-virtualization-host for RHV 4.3 EL7
• BZ - 1633075 - Build RHV-H for RHV 4.3 EL7
• BZ - 1636028 - RHVH enters emergency mode when updated to the latest version and rebooted twice
• BZ - 1638606 - NTP config is migrated to chrony on every upgrade
• BZ - 1645395 - Imgbase check FAILED in redhat-virtualization-host-4.3-20181018.0.el7_6
• BZ - 1646147 - RHVH4.3: incorrect version info
• BZ - 1652519 - host does not meet the cluster's minimum CPU level. Missing CPU features : spec_ctrl
• BZ - 1652789 - RHVH 4.3: The wrong RHV branding was used in anaconda.
• BZ - 1652795 - RHVH 4.3: There are warnings when running lvm commands
• BZ - 1652817 - RHVH4.3: Failed to install RHVH on multipath disks
• BZ - 1653137 - ifcfg-* file for the PXE NIC is missing under /etc/sysconfig/network-scripts during installation
• BZ - 1653669 - [Tracker] RHV-H for 4.3
• BZ - 1654253 - [RFE] STIG compliance for RHV-H
• BZ - 1655003 - Failed to start OpenSSH server daemon
• BZ - 1669377 - RHVH product version displays 4.2 in Subscription page with cockpit UI
• BZ - 1673953 - Include gluster-ansible role into RHV-H
• BZ - 1679133 - Include RHGS 3.4.4 build in RHV-H 4.3
• BZ - 1693710 - katello.facts gets invalid hostname while updating RHV hypervisor
• BZ - 1693897 - Consume RHSA-2019:0512 for fixing "Paths are not recovered after 3PAR upgrade with persistent port mode."

CVEs

• CVE-2018-5407

References

(none)