RHBA-2021:2449 - Bug Fix Advisory

Topic

Updated container images that fix various bugs are now available for Red Hat Openshift Container Storage 4.7.1 from Red Hat Container Registry.

Description

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

Bug Fix(es):

• Previously, a newly restored PVC could not mount if some of the OCP nodes were running on a Red Hat Enterprise Linux version less than 8.2. Additionally, the snapshot from which it was restored is also deleted. With this update, before mounting the Red Hat Enterprise Linux nodes version less than 8.2 kernels the CephCSI flattens the RBD image if the parent RBD image is not present in the pool. (BZ#1962484)
• Previously, Rook did not apply `mds_cache_memory_limit` upon upgrades. This means OpenShift Container Storage 4.2 clusters that did not have that option applied were not updated with the correct value, which is typically half the size of the pod's memory limit. Therefore, MDSs in standby-replay may report oversized cache. (BZ#1944148)
• Earlier, if the operator was restarted during a mon failover, the operator could erroneously remove the new mon. Hence, the mon quorum was at risk when the operator removed the new mon. With this update, the operator will restore the state when the mon failover is in progress and properly complete the mon failover after the operator is restarted. Now, the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959985)

All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Data Foundation 4 for RHEL 8 x86_64
• Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 8 ppc64le
• Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 8 s390x

Fixes

• BZ - 1944148 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay
• BZ - 1950906 - [RFE] XSS Vulnerability with Noobaa version 5.5.0-3bacc6b
• BZ - 1953912 - [4.7.z clone] Under StorageCluster.Status , desired image of noobaaCore is pointing rhceph image
• BZ - 1954123 - [4.7.z clone] Storagecluster phase moves to "ready" state for a moment before its actual installation
• BZ - 1959976 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover
• BZ - 1959985 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout
• BZ - 1962484 - [RHEL7][RBD][4.7.z clone] FailedMount error when using restored PVC on app pod
• BZ - 1964365 - ocs operator does not marshal resource requests and limits for ceph crashcollector pods
• BZ - 1967244 - Upgrade from 4.6.4 to 4.7.0 fails during noobaa-upgrade-job

CVEs

• CVE-2016-10228
• CVE-2017-14502
• CVE-2019-2708
• CVE-2019-3842
• CVE-2019-9169
• CVE-2019-14866
• CVE-2019-25013
• CVE-2020-8231
• CVE-2020-8284
• CVE-2020-8285
• CVE-2020-8286
• CVE-2020-8927
• CVE-2020-13434
• CVE-2020-13776
• CVE-2020-15358
• CVE-2020-24330
• CVE-2020-24331
• CVE-2020-24332
• CVE-2020-24977
• CVE-2020-25659
• CVE-2020-26116
• CVE-2020-26137
• CVE-2020-27618
• CVE-2020-27619
• CVE-2020-27783
• CVE-2020-28196
• CVE-2020-29361
• CVE-2020-29362
• CVE-2020-29363
• CVE-2020-36242
• CVE-2021-3177
• CVE-2021-3326
• CVE-2021-3560
• CVE-2021-23239
• CVE-2021-23240
• CVE-2021-23336
• CVE-2021-27219

References

(none)