- Issued:
- 2019-12-12
- Updated:
- 2019-12-12
RHBA-2019:4229 - Bug Fix Advisory
Synopsis
Red Hat Virtualization Manager (ovirt-engine) 4.3.7
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated ovirt-engine and its dependent packages that fix several bugs and add various enhancements are now available.
Description
The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.
A list of bugs fixed in this update is available in the Technical Notes
book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes
Changes to the ovirt-engine component:
- Read permissions were not restricted in 10-setup-ovirt-provider-ovn.conf
In this release, only the necessary read permissions are defined. (BZ#1750801)
- After updating the IPv6 gateway, the host IPv6 default route was not defined.
In this release, the IPv6 Default Route is configured correctly following an IPv6 gateway update (BZ#1759461)
- The following improvements have been made to host certificates used for encrypted communication between the RHV Manager and the Virtual Desktop Server Manager:
1. All newly added host will have certificates with correct SAN field
2. A periodic check for certificate validity is performed and if the SAN field is not populated an error is reported in the audit log, notifying administrators that the host certificate needs to be re-enrolled.
3. The SAN field in the certificate is also checked during host upgrade, so that the host certificate can be re-enrolled during host upgrade. (BZ#1763109)
- The default maximum timeout for an Ansible playbook executed from the engine was 30 minutes.
As a result, the upgrade process of the host failed due to the short timeout.
In this release the timeout was raised to 120 minutes. (BZ#1765161)
- A missing alias name prevented the Virtual Desktop Server Manager from identifying the VNIC which required a hot unplug.
As a result, the hot unplug failed.
In this release, if an alias name is not defined in the RHV Manager, it will be generated on the fly, and the hot unplug will succeed. (BZ#1766666)
- When importing a KVM in RHV, "Hardware Clock Time Offset" was not set.
In this release a default engine setting is set for the "Hardware Clock Time Offset" field.
As a result, the engine will recognize the guest agent on a virtual machine imported from KVM. (BZ#1743427)
Changes to the rhvm-setup-plugins component:
- The Windows Guest Tools ISO was automatically attached to a Windows virtual machine even when it was an older version.
In this release the ISO version is checked in the data domains and the ISO domains, and the ISO is automatically attached only if it is a newer version than the existing one. (BZ#1730538)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Virtualization Manager 4.3 x86_64
Fixes
- BZ - 1588932 - [RFE] Update "virtual-host" tuned profile with "latency-performance" profile settings
- BZ - 1730538 - Engine compares incorrect versions when deciding to attach Tools ISO to Windows VMs
- BZ - 1741148 - [downstream clone - 4.3.7] Memory snapshots' deletion logging unnecessary WARNINGS in engine.log
- BZ - 1741902 - [rhv-analyzer-insights] analyzer doesn't have --help/-h and man page
- BZ - 1743427 - VMs migrated from KVM to RHV show warning 'The latest guest agent needs to be installed and running on the guest'
- BZ - 1746444 - rhv-log-collector-analyzer version flag is not shown on help and exists printing random string
- BZ - 1746976 - Problem installing Hosted Engine in disconnected with latest installation media
- BZ - 1749202 - [downstream clone - 4.3.7] "Field 'foo' can not be updated when status is 'Up'" in engine.log when listing 'NEXT_RUN' configuration snapshot VMs
- BZ - 1753941 - [metric] Information how to enable verbose mode for scripts
- BZ - 1753955 - description of public_hosted_zone in /etc/ovirt-engine-metrics/config.yml.d/metrics-store-config.yml
- BZ - 1755869 - [downstream clone - 4.3.6] RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels
- BZ - 1759461 - [downstream clone - 4.3.7] [IPv6 Static] Engine should allow updating network's static ipv6gateway
- BZ - 1763109 - [downstream clone - 4.3.7] Fix invalid host certificates by filling-in subject alternate name during host upgrade or certificate reenrollment
- BZ - 1765161 - [downstream clone - 4.3.7] upgrade of host fails on timeout after 30 minutes
- BZ - 1766666 - [z-stream clone - 4.3.7] [REST] VM interface hot-unplug right after VM boot up fails over missing vnic alias name
- BZ - 1766957 - [BREW BUILD ENABLER] Build version 4.3.7 of the oVirt Ansible roles for RHV 4.3.7
- BZ - 1767335 - [downstream clone - 4.3.7] Removing of Affinity Label in Edit VM window throws java.lang.UnsupportedOperationException
- BZ - 1767344 - [Metrics] Rebase bug - for the 4.3.7 release
- BZ - 1768168 - [downstream clone - 4.3.7] VM fails to be re-started with error: Failed to acquire lock: No space left on device
- BZ - 1768873 - Fix rhv-log-collector-analyzer tool or doc
CVEs
(none)
References
(none)
Red Hat Virtualization Manager 4.3
SRPM | |
---|---|
ovirt-ansible-cluster-upgrade-1.1.14-1.el7ev.src.rpm | SHA-256: 0c9bca3981a854923a13436cf66aa4fa99a90e69ed0b9535df5ff05663a5bcdc |
ovirt-ansible-infra-1.1.13-1.el7ev.src.rpm | SHA-256: d63c82fe9f11aeff8b6be2d145188d0526de44dafed22ba61028ca963df4e478 |
ovirt-ansible-vm-infra-1.1.22-1.el7ev.src.rpm | SHA-256: 9b70c82439441864cef0f1a6310ede620a1a24a934f580796b6e8987c479f5f1 |
ovirt-engine-4.3.7.2-0.1.el7.src.rpm | SHA-256: 7371f593f61a45a5e67f7160b3e79b2377a70e45f4f8d5f3c26595a6327f86cb |
ovirt-engine-metrics-1.3.5.1-1.el7ev.src.rpm | SHA-256: 8e697bad20070d4f8f65dfea37b7a32e61abb5532739cb2c418ea6d14f013536 |
rhv-log-collector-analyzer-0.2.14-0.el7ev.src.rpm | SHA-256: 408c7f0cc07460a8d6d1ee80b106a91eac2f399f0bd6f549b6fd492b5dfbd7a2 |
rhvm-setup-plugins-4.3.5-1.el7ev.src.rpm | SHA-256: 25d604e535803d565b5b1329e1fe045e6f3aaecabe1f56b4292827f6ef391661 |
x86_64 | |
ovirt-ansible-cluster-upgrade-1.1.14-1.el7ev.noarch.rpm | SHA-256: 193ed7794a9dfb3bdbfc395af358c7c14ff6c1988b9d9ebf05507689d179adb3 |
ovirt-ansible-infra-1.1.13-1.el7ev.noarch.rpm | SHA-256: 95952d7080b9c8481f959ca9a0215a7fd982f559cd389e9b040d7e563b53d2f4 |
ovirt-ansible-vm-infra-1.1.22-1.el7ev.noarch.rpm | SHA-256: 67ff12582a30f7856fb3bb1a76d7dd71dd80089bff25d541078218c921e40267 |
ovirt-engine-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 6ab1b7834f3c0101d22b486c3c765eb7b02c6f37add3654f13e94089c3d2f9b2 |
ovirt-engine-backend-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 6ee7eb9d86adb33db532fe2417a32d075ba227a717a971c69c15a9e0a97b1bf7 |
ovirt-engine-dbscripts-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 0e1a7897d82c24e7495d93a4574c4bf24b61a66d69357efea52356aa87dcf8a3 |
ovirt-engine-extensions-api-impl-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 66bbc14a50a4daba89ceb3c8b421638b61b6b136456dd30dcb704c9c303f665b |
ovirt-engine-extensions-api-impl-javadoc-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 83e500ec076180b2dfbbbe22e16dd17d5f51ccf946e534138e9c0fb887c8b166 |
ovirt-engine-health-check-bundler-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 7b03e65a4d6674860a3cb04fb2f0812c6391c0e790d0523a723de40880f40722 |
ovirt-engine-metrics-1.3.5.1-1.el7ev.noarch.rpm | SHA-256: ad73bf5caa5be8953d58b673f536bfa9e211b948094834f614602c487e42cc52 |
ovirt-engine-restapi-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 3df818d4bfca656eb3ed0df9c812460a6aa2209bd412863f2586e6446b23a547 |
ovirt-engine-setup-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 2729326f0ede94691d62b2d64a6df1d3168d503114a3cf8a288f6d9f5fc44fb2 |
ovirt-engine-setup-base-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: f293e69c3d661a51b1ed82954e135fd085b26816c80896457efd3029c3d7ccbb |
ovirt-engine-setup-plugin-cinderlib-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: dc4827f7dd78368877c6c375295c97a26653346e474eeddf62a0515696ac2b01 |
ovirt-engine-setup-plugin-ovirt-engine-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 8eb73bbfbec50e2884dca652f97b410c86311871657f1124eeced8b48f148fba |
ovirt-engine-setup-plugin-ovirt-engine-common-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: eb53af7077d2b763300f574fde474f547461b507599b11af631c9a70099ea70d |
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 12240c7c8d20e8cfaa8a8d4ffe2812d4fb6cacee03e6098fad2b0913ee88d462 |
ovirt-engine-setup-plugin-websocket-proxy-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: a5fb6d75e8699916876d9b9231d4dc48c2b08f68d395e92c4c0e138f484b978a |
ovirt-engine-tools-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 60a3d51f79716a05f8ac5e1d06b335aea7d959b473bfb951fc04817172ac1ec7 |
ovirt-engine-tools-backup-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: b0834af8bfae89acfa03be6e9bb63c758fc5abf82c82e972d40a0f1d89a3d388 |
ovirt-engine-vmconsole-proxy-helper-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 608ec2281bc7565cb633e955b4235704c261da69ca6dc23f86832eaf640ced92 |
ovirt-engine-webadmin-portal-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: 0b5210361f98d6e45e8f22a2a0d057fc6b7bdf1d40a154359d0d53c70b5aab2e |
ovirt-engine-websocket-proxy-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: cc4872a49bb01a888f98fabf61147e79aeaadcf691966ff6138953d78751b447 |
python2-ovirt-engine-lib-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: bdc6a66e16a7ac3fb62dca52762c3fd754ea754f647ed6152261d49f05062c1b |
rhv-log-collector-analyzer-0.2.14-0.el7ev.noarch.rpm | SHA-256: 76d52e1f9ceb4afe0824eaa63acae907bfc173e10dee75036be3eb151c462ab8 |
rhvm-4.3.7.2-0.1.el7.noarch.rpm | SHA-256: d889011dd13f5989245035644dfd1ab14ee49a910261c82f27249205d9cfc074 |
rhvm-setup-plugins-4.3.5-1.el7ev.noarch.rpm | SHA-256: 1c6a14bffc37843f50553dc7ac09acd9b582ff30b04711706158261b83ffae5e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.