RHBA-2021:1134 - Bug Fix Advisory

Topic

Updated container images that fix various bugs are now available for Red Hat Openshift Container Storage 4.6.4 from Red Hat Container Registry.

Description

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

This advisory fixes the following bugs:

• Previously, RGW could not publish notifications to kafka endpoints. With this update, the RGW build code was updated to link correctly to librdkafka. As a result, RGW can publish notifications. (BZ#1937187)
• Earlier, the 'cephcsi' pods exposed the remote procedure call (gRPC) metrics for debugging purposes. The 'cephcsi' node plugin pods used the host ports 9091 for CephFS and 9090 for RBD on the node where the 'cephcsi' node plugin pods were running. This meant the 'cephcsi' pods failed to come up. With this update, gRPC metrics are disabled by default and 'cephcsi' pods do not use ports 9091 and 9090 on the node where the node plugin pods are running. (BZ#1937266)
• Earlier, when running encrypted OSDs on multipath, the expand container failed to find the underlying device of the encrypted block. This was due to the underlying block was located in /dev/mapper and this path was not mounted in the init container 'expand-encrypted-bluefs'. (BZ#1942515

All users of Red Hat OpenShift Container Storage are advised to pull these
new images from the Red Hat Container Registry.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Data Foundation 4 for RHEL 8 x86_64
• Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 8 ppc64le
• Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 8 s390x

Fixes

• BZ - 1917252 - [Backport][4.6] Too strict Content-Length header check refuses valid upload requests
• BZ - 1927922 - Allow shrinking the cluster by removing OSDs
• BZ - 1931451 - Configure pv-pool as backing store if cos creds secret not found in IBM Cloud
• BZ - 1936405 - [RFE] Prevent reconcile of labels on all monitoring resources deployed by ocs-operator
• BZ - 1936406 - [RFE] Prevent reconcile of labels on all monitoring resources deployed by rook
• BZ - 1936870 - Include at OCS Multi-Cloud Object Gateway core container image the fixes on CVEs from RHEL8 on "nodejs"
• BZ - 1937187 - [RGW][notification][kafka]: notification fails with error: pubsub endpoint configuration error: unknown schema in: kafka
• BZ - 1937266 - csi-cephfsplugin pods CrashLoopBackoff in fresh 4.6 cluster due to conflict with kube-rbac-proxy
• BZ - 1937837 - [ROKS] OCS deployment stuck at mon pod in pending state
• BZ - 1941956 - Update to Red Hat Ceph Storage (RHCS) 4.2 Async2 Ceph container image at OCS 4.6.4
• BZ - 1942349 - No permissions in /etc/passwd leads to fail noobaa-operaor
• BZ - 1942354 - No permissions in /etc/passwd leads to fail noobaa-operaor
• BZ - 1942515 - rook-ceph-osd-X gets stuck in initcontainer expand-encrypted-bluefs

CVEs

(none)

References

(none)