v15.2.17 Octopus released
This is the 17th and final backport release in the Octopus series. We recommend all users update to this release.
Notable Changes ¶
Octopus modified the SnapMapper key format from
<LEGACY_MAPPING_PREFIX><snapid>_<shardid>_<hobject_t::to_str()>
to
<MAPPING_PREFIX><pool>_<snapid>_<shardid>_<hobject_t::to_str()>
When this change was introduced, 94ebe0e also introduced a conversion with a crucial bug which essentially destroyed legacy keys by mapping them to <MAPPING_PREFIX>
without the object-unique suffix. The conversion is fixed in this release. Relevant tracker: https://tracker.ceph.com/issues/5614 The ability to blend all RBD pools together into a single view by invoking "rbd perf image iostat" or "rbd perf image iotop" commands without any options or positional arguments is resurrected. Such invocations accidentally became limited to just the default pool (
rbd_default_pool
) in v15.2.14.Users who were running OpenStack Manila to export native CephFS, who upgraded their Ceph cluster from Nautilus (or earlier) to a later major version, were vulnerable to an attack by malicious users (CVE-2022-0670: Native-CephFS Manila Path-restriction bypass). The vulnerability allowed users to obtain access to arbitrary portions of the CephFS filesystem hierarchy, instead of being properly restricted to their own subvolumes. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This plugin is responsible for managing Ceph File System subvolumes which are used by OpenStack Manila services as a way to provide shares to Manila users.
With this release, the vulnerability is fixed. Administrators who are concerned they may have been impacted should audit the CephX keys in their cluster for proper path restrictions.
Again, this vulnerability only impacts OpenStack Manila clusters which provided native CephFS access to their users.
Changelog ¶
admin/doc-requirements: bump sphinx to 4.4.0 (pr#45972, Kefu Chai)
backport qemu-iotests fixup for centos stream 8 (pr#45206, Ken Dreyer, Ilya Dryomov)
Catch exception if thrown by __generate_command_map() (pr#45891, Nikhil Kshirsagar)
ceph-volume: abort when passed devices have partitions (pr#45147, Guillaume Abrioux)
ceph-volume: fix error 'KeyError' with inventory (pr#44883, Guillaume Abrioux)
ceph-volume: fix tags dict output in
lvm list
(pr#44768, Guillaume Abrioux)ceph-volume: zap osds in rollback_osd() (pr#44770, Guillaume Abrioux)
ceph/admin: s/master/main (pr#46219, Zac Dover)
cephadm: infer the default container image during pull (pr#45570, Michael Fritch)
cephadm: preserve
authorized\_keys
file during upgrade (pr#45356, Michael Fritch)client: do not dump mds twice in Inode::dump() (pr#45162, Xue Yantao)
cls/rbd: GroupSnapshotNamespace comparator violates ordering rules (pr#45076, Ilya Dryomov)
cls/rgw: rgw_dir_suggest_changes detects race with completion (pr#45902, Casey Bodley)
cmake: pass RTE_DEVEL_BUILD=n when building dpdk (pr#45261, Kefu Chai)
common: avoid pthread_mutex_unlock twice (pr#45465, Dai Zhiwei)
common: replace BitVector::NoInitAllocator with wrapper struct (pr#45180, Casey Bodley)
crush: cancel upmaps with up set size != pool size (pr#43416, huangjun)
doc/dev: update basic-workflow.rst (pr#46308, Zac Dover)
doc/start: s/3/three/ in intro.rst (pr#46328, Zac Dover)
doc/start: update "memory" in hardware-recs.rst (pr#46451, Zac Dover)
Fixes for make check (pr#46230, Kefu Chai, Adam C. Emerson)
krbd: return error when no initial monitor address found (pr#45004, Burt Holzman)
librados: check latest osdmap on ENOENT in pool_reverse_lookup() (pr#45587, Ilya Dryomov)
librbd: bail from schedule_request_lock() if already lock owner (pr#47160, Christopher Hoffman)
librbd: fix use-after-free on ictx in list_descendants() (pr#45000, Ilya Dryomov, Wang ShuaiChao)
librbd: honor FUA op flag for write_same() in write-around cache (pr#44992, Ilya Dryomov)
librbd: readv/writev fix iovecs length computation overflow (pr#45560, Jonas Pfefferle)
librbd: track complete async operation requests (pr#45019, Mykola Golub)
librbd: unlink newest mirror snapshot when at capacity, bump capacity (pr#46592, Ilya Dryomov)
librbd: update progress for non-existent objects on deep-copy (pr#46912, Ilya Dryomov)
librgw: make rgw file handle versioned (pr#45496, Xuehan Xu)
mds: add heartbeat_reset() in start_files_to_reover() (pr#45157, Yongseok Oh)
mds: check rejoin_ack_gather before enter rejoin_gather_finish (pr#45161, chencan)
mds: directly return just after responding the link request (pr#44624, Xiubo Li)
mds: ensure that we send the btime in cap messages (pr#45164, Jeff Layton)
mds: fix possible mds_lock not locked assert (pr#45156, Xiubo Li)
mds: fix seg fault in expire_recursive (pr#45055, 胡玮文)
mds: ignore unknown client op when tracking op latency (pr#44976, Venky Shankar)
mds: mds_oft_prefetch_dirfrags default to false (pr#45015, Dan van der Ster)
mds: progress the recover queue immediately after the inode is enqueued (pr#45158, "Yan, Zheng", Xiubo Li)
mds: reset the return value for heap command (pr#45155, Xiubo Li)
mds: skip directory size checks for reintegration (pr#44668, Patrick Donnelly)
mgr/cephadm: fix and improve osd draining (pr#46645, Sage Weil)
mgr/cephadm: try to get FQDN for active instance (pr#46787, Tatjana Dehler)
mgr/cephadm: try to get FQDN for configuration files (pr#45621, Tatjana Dehler)
mgr/dashboard: dashboard turns telemetry off when configuring report (pr#45110, Sarthak0702, Aaryan Porwal)
mgr/dashboard: fix "NullInjectorError: No provider for I18n (pr#45613, Nizamudeen A)
mgr/dashboard: fix Grafana OSD/host panels (pr#44924, Patrick Seidensal)
mgr/dashboard: Notification banners at the top of the UI have fixed height (pr#44763, Waad AlKhoury)
mgr/dashboard: Table columns hiding fix (issue#51119, pr#45726, Daniel Persson)
mgr/devicehealth: fix missing timezone from time delta calculation (pr#45287, Yaarit Hatuka)
mgr/prometheus: Added
avail\_raw
field for Pools DF Prometheus mgr module (pr#45238, Konstantin Shalygin)mgr/rbd_support: cast pool_id from int to str when collecting LevelSpec (pr#45530, Ilya Dryomov)
mgr/rbd_support: fix schedule remove (pr#45006, Sunny Kumar)
mgr/telemetry: fix waiting for mgr to warm up (pr#45772, Yaarit Hatuka)
mgr/volumes: A few volumes plugin backport (issue#51271, pr#44800, Kotresh HR, Venky Shankar, Jan Fajerski)
mgr/volumes: Fix permission during subvol creation with mode (pr#43224, Kotresh HR)
mgr/volumes: Fix subvolume discover during upgrade (pr#47236, Kotresh HR)
mgr: limit changes to pg_num (pr#44541, Sage Weil)
mirror snapshot schedule and trash purge schedule fixes (pr#46777, Ilya Dryomov)
mon/MonCommands.h: fix target_size_ratio range (pr#45398, Kamoltat)
mon: Abort device health when device not found (pr#44960, Benoît Knecht)
octopus rgw: on FIPS enabled, fix segfault performing s3 multipart PUT (pr#46701, Mark Kogan)
octopus rgw: under fips, set flag to allow md5 in select rgw ops (pr#44806, Mark Kogan)
os/bluestore: Always update the cursor position in AVL near-fit search (pr#46687, Mark Nelson)
osd/OSD: Log aggregated slow ops detail to cluster logs (pr#45154, Prashant D)
osd/OSD: osd_fast_shutdown_notify_mon not quite right (pr#45655, Nitzan Mordechai, Satoru Takeuchi)
osd/OSDMap: Add health warning if 'require-osd-release' != current release (pr#44260, Sridhar Seshasayee)
osd/OSDMapMapping: fix spurious threadpool timeout errors (pr#44546, Sage Weil)
osd/PGLog.cc: Trim duplicates by number of entries (pr#46253, Nitzan Mordechai)
osd/PrimaryLogPG.cc: CEPH_OSD_OP_OMAPRMKEYRANGE should mark omap dirty (pr#45593, Neha Ojha)
osd/SnapMapper: fix pacific legacy key conversion and introduce test (pr#47108, Manuel Lausch, Matan Breizman)
osd: log the number of 'dups' entries in a PG Log (pr#46609, Radoslaw Zarzynski)
osd: require osd_pg_max_concurrent_snap_trims > 0 (pr#45324, Dan van der Ster)
qa/rgw: add failing tempest test to blocklist (pr#45437, Casey Bodley)
qa/rgw: update apache-maven mirror for rgw/hadoop-s3a (pr#45446, Casey Bodley)
qa/suites/rados/thrash-erasure-code-big/thrashers: add
osd max backfills
setting to mapgap and pggrow (pr#46392, Laura Flores)qa/suites: clean up client-upgrade-octopus-pacific test (pr#45334, Ilya Dryomov)
qa/tasks/qemu: make sure block-rbd.so is installed (pr#45071, Ilya Dryomov)
qa/tasks: teuthology octopus backport (pr#46149, Kefu Chai, Shraddha Agrawal)
qa/tests: added upgrade-clients/client-upgrade-octopus-quincy tests (pr#45282, Yuri Weinstein)
qa: always format the pgid in hex (pr#45159, Xiubo Li)
qa: check mounts attribute in ctx (pr#45633, Jos Collin)
qa: remove .teuthology_branch file (pr#46489, Jeff Layton)
radosgw-admin: 'reshard list' doesn't log ENOENT errors (pr#45452, Casey Bodley)
radosgw-admin: 'sync status' is not behind if there are no mdlog entries (pr#45443, Casey Bodley)
radosgw-admin: skip GC init on read-only admin ops (pr#45423, Mark Kogan)
rbd-fuse: librados will filter out -r option from command-line (pr#46952, wanwencong)
rbd-mirror: don't prune non-primary snapshot when restarting delta sync (pr#46589, Ilya Dryomov)
rbd-mirror: generally skip replay/resync if remote image is not primary (pr#46812, Ilya Dryomov)
rbd-mirror: make mirror properly detect pool replayer needs restart (pr#45169, Mykola Golub)
rbd-mirror: remove bogus completed_non_primary_snapshots_exist check (pr#47117, Ilya Dryomov)
rbd-mirror: synchronize with in-flight stop in ImageReplayer::stop() (pr#45177, Ilya Dryomov)
rbd: don't default empty pool name unless namespace is specified (pr#47142, Ilya Dryomov)
rbd: mark optional positional arguments as such in help output (pr#45009, Ilya Dryomov, Jason Dillaman)
rbd: recognize rxbounce map option (pr#45001, Ilya Dryomov)
Revert "rocksdb: do not use non-zero recycle_log_file_num setting" (pr#47053, Laura Flores)
revert of #46253, add tools: ceph-objectstore-tool is able to trim solely pg log dups' entries (pr#46611, Radosław Zarzyński, Radoslaw Zarzynski)
rgw/amqp: add default case to silence compiler warning (pr#45479, Casey Bodley)
rgw: add the condition of lock mode conversion to PutObjRentention (pr#45441, wangzhong)
rgw: bucket chown bad memory usage (pr#45492, Mohammad Fatemipour)
rgw: change order of xml elements in ListRoles response (pr#45449, Casey Bodley)
rgw: cls_bucket_list_unordered() might return one redundent entry every time is_truncated is true (pr#45458, Peng Zhang)
rgw: document rgw_lc_debug_interval configuration option (pr#45454, J. Eric Ivancich)
rgw: document S3 bucket replication support (pr#45485, Matt Benjamin)
rgw: Dump Object Lock Retain Date as ISO 8601 (pr#43656, Preben Berg)
rgw: fix leak of RGWBucketList memory (octopus only) (pr#45283, Casey Bodley)
rgw: fix md5 not match for RGWBulkUploadOp upload when enable rgw com… (pr#45433, yuliyang_yewu)
rgw: fix segfault in UserAsyncRefreshHandler::init_fetch (pr#45412, Cory Snyder)
rgw: have "bucket check --fix" fix pool ids correctly (pr#45456, J. Eric Ivancich)
rgw: init bucket index only if putting bucket instance info succeeds (pr#45481, Huber-ming)
rgw: parse tenant name out of rgwx-bucket-instance (pr#45523, Casey Bodley)
rgw: resolve empty ordered bucket listing results w/ CLS filtering *and* bucket index list produces incorrect result when non-ascii entries (pr#45088, J. Eric Ivancich)
rgw: return OK on consecutive complete-multipart reqs (pr#45488, Mark Kogan)
rgw: RGWCoroutine::set_sleeping() checks for null stack (pr#46042, Or Friedmann, Casey Bodley)
rgw: RGWPostObj::execute() may lost data (pr#45503, Lei Zhang)
rgw: url_decode before parsing copysource in copyobject (issue#43259, pr#45431, Paul Reece)
rgw:When KMS encryption is used and the key does not exist, we should… (pr#45462, wangyingbin)
rgwlc: fix segfault resharding during lc (pr#46745, Mark Kogan)
rocksdb: do not use non-zero recycle_log_file_num setting (pr#45040, Igor Fedotov)
src/rgw: Fix for malformed url (pr#45460, Kalpesh Pandya)
test/bufferlist: ensure rebuild_aligned_size_and_memory() always rebuilds (pr#46216, Radoslaw Zarzynski)
test/librbd: add test to verify diff_iterate size (pr#45554, Christopher Hoffman)
test: fix wrong alarm (HitSetWrite) (pr#45320, Myoungwon Oh)
tools/rbd: expand where option rbd_default_map_options can be set (pr#45182, Christopher Hoffman, Ilya Dryomov)