RHEA-2020:0307 - Product Enhancement Advisory

Topic

Red Hat container-native virtualization release 2.2.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

Description

Container-native virtualization is Red Hat's virtualization
solution designed for Red Hat OpenShift Container Platform.

This advisory contains the following container-native virtualization 2.2.0
images:

RHEL-7-CNV-2.2
==============
kubevirt-ssp-operator-container-v2.2.0-24

RHEL-8-CNV-2.2
==============
virt-cdi-controller-container-v2.2.0-5
kubevirt-metrics-collector-container-v2.2.0-3
virt-cdi-uploadserver-container-v2.2.0-5
virt-cdi-apiserver-container-v2.2.0-5
virt-cdi-importer-container-v2.2.0-5
node-maintenance-operator-container-v2.2.0-4
virt-cdi-uploadproxy-container-v2.2.0-5
virt-cdi-operator-container-v2.2.0-5
kubevirt-cpu-node-labeller-container-v2.2.0-3
hostpath-provisioner-operator-container-v2.2.0-11
hostpath-provisioner-container-v2.2.0-6
virt-cdi-cloner-container-v2.2.0-5
kubevirt-template-validator-container-v2.2.0-5
ovs-cni-marker-container-v2.2.0-4
cnv-containernetworking-plugins-container-v2.2.0-3
kubernetes-nmstate-handler-container-v2.2.0-13
ovs-cni-plugin-container-v2.2.0-4
kubevirt-cpu-model-nfd-plugin-container-v2.2.0-3
bridge-marker-container-v2.2.0-3
kubevirt-v2v-conversion-container-v2.2.0-9
virtio-win-container-v2.2.0-4
kubevirt-vmware-container-v2.2.0-6
kubevirt-kvm-info-nfd-plugin-container-v2.2.0-3
hyperconverged-cluster-operator-container-v2.2.0-12
kubemacpool-container-v2.2.0-7
virt-operator-container-v2.2.0-15
virt-controller-container-v2.2.0-15
virt-handler-container-v2.2.0-15
virt-api-container-v2.2.0-15
virt-launcher-container-v2.2.0-15
cluster-network-addons-operator-container-v2.2.0-8
cnv-must-gather-container-v2.2.0-14
hco-bundle-registry-container-v2.2.0-274

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Container Native Virtualization 2.2 for RHEL 8 x86_64
• Red Hat Container Native Virtualization 2.2 for RHEL 7 x86_64

Fixes

• BZ - 1686561 - vmi goes to zombie after changing label nodename
• BZ - 1703603 - Migration of VM with containerDisk can forcibly evict another pods when there are not enough space on the node
• BZ - 1710897 - [v2v][UI] VMware providers are saved under too long names
• BZ - 1710901 - [v2v][UI] VM Name\Disk Name validation error do provide details on ALL the compatibility problems
• BZ - 1716685 - mixing CLI and console steps in (un)installing docs
• BZ - 1718944 - CPUManager detection on OCP 4.1 fails
• BZ - 1721018 - [V2V] Failed to create VM after deleting conversion pod
• BZ - 1722416 - [V2V][UI] UI does not validate VM name for migration
• BZ - 1724961 - [v2v][UI] Turn "VMs" Field into "VMs & Templates"
• BZ - 1724973 - [RFE][v2v] v2v import VM dialog: Use a separate v/x button, for each storage entry
• BZ - 1730913 - RHEL 8 based conversion POD to support RHEL 8 VM migration
• BZ - 1739456 - [hostpath-provisioner] Can't upload image using virtctl tool
• BZ - 1740194 - Container-native Virtualization 2.2.0 Images
• BZ - 1741626 - VM masquerade binding not working on RHEL7 worker nodes (OCP 4.2)
• BZ - 1746427 - CDI with hostpath-provisioner does not support scratch pvc
• BZ - 1746954 - Host Path Provisioner - Datavolume image created on wrong node
• BZ - 1751869 - rhel templates use bridge on pod network
• BZ - 1753606 - VM VNC Console doesn't display content
• BZ - 1753660 - PVC for v2v-imported VM does not reflect kubevirt-storageclass-defaults
• BZ - 1755009 - kubemacpool not removed when deleting CNV
• BZ - 1755394 - [SSP] - VMI fails to start if input tablet device 'bus' attribute is not provided
• BZ - 1755915 - VM count is missing at the prometheus
• BZ - 1756328 - the conversion pod does not start with blockMode PVCs
• BZ - 1758917 - bridge created with nmstate not set vlan_filtering to 1
• BZ - 1761301 - Re-apply CRD and config map for VM Import feature
• BZ - 1766630 - CNV2.2 cleanup script - secret delete issue
• BZ - 1766639 - CNV 2.2 cleanup script - appregistry is hardcoded
• BZ - 1767167 - extra pair of quotas around false in default hco cr yaml
• BZ - 1767391 - CNV2.2 unable to deploy using marketplace-testing.sh
• BZ - 1768462 - [CNV-2.2 Deployment] virt-operator failing to pull container - manifest unknown for v2.2.0-2
• BZ - 1768469 - [CNV-2.2 Deployment] cluster-network-addons-operator failing to pull image - unauthorized
• BZ - 1768484 - certificate renewal script
• BZ - 1768529 - no bundle found for csv kubevirt-hyperconverged-operator.v2.1.1 in catalog-operator logs
• BZ - 1770272 - virt-handler fails to start due to a missing SEinux policy file
• BZ - 1771203 - a CSV generated by cdi-operator could not be used with rh-verified-operators AND redhat-operators-stage
• BZ - 1771916 - [must gather] Some of the node's info is not collected by cnv must gather
• BZ - 1771927 - VM cloning fails on permission when cloned to different namespace than original VM
• BZ - 1773314 - HCO deployment CLI script fails on 'production' source deployment
• BZ - 1773905 - [CNV deploy] nmstate pod 2.2.0-8 state is flakey
• BZ - 1773913 - It is better not use hard code "System $DEFAULT DEVICE" for OVS configuration script
• BZ - 1774373 - [CNV 2.2] VMI fails to start on "Unable to set XATTR trusted.libvirt.security.dac"
• BZ - 1774446 - CNV 2.2 unable to install pods are not going into ready state
• BZ - 1777385 - VMI stuck on "Scheduling" due to not found OVS bridge link
• BZ - 1777555 - Cluster preparation assumes reader has the entitlement to create an OpenShift cluster already
• BZ - 1778446 - ovs-cni in CrashLoopBackOff
• BZ - 1778723 - HCO fails to reconcile resources in a different namespace
• BZ - 1779513 - kubemacpool blocks new VMs after OpenShift CA rotation
• BZ - 1779748 - hostpath-provisioner-operator failing with SIGSEGV after CR creation
• BZ - 1779931 - Fedora/RHEL VMI is keeping restarting if CPU Core >=2
• BZ - 1781038 - [must gather] openshift-must-gather has been DEPRECATED. Use `oc adm inspect` instead.
• BZ - 1781044 - [must gather] oc adm must-gather failed to generate the directory, gather never finished: timed out waiting for the condition.
• BZ - 1781243 - [V2V] VM migration fails due to conversion pod problem
• BZ - 1781336 - CDI CRD is been deleted from cluster without record on OLM
• BZ - 1782979 - virt-operator incorrectly assumes previous version will have same pod name
• BZ - 1784727 - [v2v] Import VM: UI becomes blank when picking a VM from VMware VMs list
• BZ - 1785661 - [Support] Running VMs are disappearing from the cluster for unknown reason
• BZ - 1786475 - namespaced cr KUBEVIRT is owner of non-namespaced CRDs
• BZ - 1786477 - non-namespaced cr NetworkAddonsConfig is owned by namespaced cr HCO
• BZ - 1788640 - KubevirtCommonTemplatesBundle custom resource is created on different namespace than its owner
• BZ - 1792199 - The product version in CNV 2.2 product cert 473.pem should be 2.2 instead of 2.3

CVEs

• CVE-2016-10739
• CVE-2017-14503
• CVE-2018-0734
• CVE-2018-0735
• CVE-2018-5745
• CVE-2018-10392
• CVE-2018-10393
• CVE-2018-12181
• CVE-2018-14498
• CVE-2018-16890
• CVE-2018-18751
• CVE-2018-20483
• CVE-2018-20534
• CVE-2018-1000877
• CVE-2018-1000878
• CVE-2019-0160
• CVE-2019-1387
• CVE-2019-1543
• CVE-2019-3817
• CVE-2019-3822
• CVE-2019-3823
• CVE-2019-3829
• CVE-2019-3836
• CVE-2019-5010
• CVE-2019-6465
• CVE-2019-6470
• CVE-2019-6706
• CVE-2019-7146
• CVE-2019-7149
• CVE-2019-7150
• CVE-2019-7664
• CVE-2019-7665
• CVE-2019-9740
• CVE-2019-9893
• CVE-2019-9947
• CVE-2019-9948
• CVE-2019-11459
• CVE-2019-11729
• CVE-2019-11745
• CVE-2019-12450
• CVE-2019-12749
• CVE-2019-12795
• CVE-2019-14287
• CVE-2019-14864
• CVE-2019-15718
• CVE-2019-18397
• CVE-2019-1000019
• CVE-2019-1000020

References

(none)