From 3f4da440620e61d0706b8d35d046ef8d2937e8ee Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Tue, 7 Apr 2020 11:44:14 +0200 Subject: [PATCH 1/5] doc: releases: v15.2.1 release notes Signed-off-by: Abhishek Lekshmanan --- doc/releases/octopus.rst | 43 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/doc/releases/octopus.rst b/doc/releases/octopus.rst index 04087a40ea6..772cc71faad 100644 --- a/doc/releases/octopus.rst +++ b/doc/releases/octopus.rst @@ -1,3 +1,46 @@ +v15.2.1 Octopus +=============== + +This is the first bugfix release of Ceph Octopus, we recommend all Octopus users +upgrade. This release fixes an upgrade issue and also has 2 security fixes + +Notable Changes +~~~~~~~~~~~~~~~ + +* issue#44759: Fixed luminous->nautilus->octopus upgrade asserts +* CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode +* CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting + +Changelog +~~~~~~~~~ + +* build/ops: fix ceph_release type to 'stable' (`pr#34194 `_, Sage Weil) +* build/ops: vstart_runner.py: fix OSError when checking if non-existent path is mounted (`pr#34132 `_, Alfonso Martínez) +* cephadm: Add alertmanager adopt (`pr#34157 `_, Eric Jackson) +* cephadm: Add alertmanager sample (`pr#34158 `_, Eric Jackson) +* cephadm: Fix truncated output of "ceph mgr dump" (`pr#34258 `_, Sebastian Wagner) +* mgr/cephadm: Add example to run when debugging ssh failures (`pr#34153 `_, Sebastian Wagner) +* mgr/cephadm: DriveGroupSpec needs to support/ignore _unmanaged_ (`pr#34185 `_, Joshua Schmid) +* mgr/cephadm: bind grafana to all interfaces (`pr#34191 `_, Sage Weil) +* mgr/cephadm: fix 'orch ps --refresh' (`pr#34190 `_, Sage Weil) +* mgr/cephadm: fix 'upgrade start' message when specifying a version (`pr#34186 `_, Sage Weil) +* mgr/cephadm: include alerts in prometheus deployment (`pr#34155 `_, Sage Weil) +* mgr/cephadm: point alertmanager at all mgr/dashboard URLs (`pr#34154 `_, Sage Weil) +* mgr/cephadm: provision nfs-ganesha via orchestrator (`pr#34192 `_, Michael Fritch) +* mgr/dashboard: Check for missing npm resolutions (`pr#34202 `_, Tiago Melo) +* mgr/dashboard: NoRebalance flag is added to the Dashboard (`pr#33939 `_, Nizamudeen) +* mgr/dashboard: correct Orchestrator documentation link (`pr#34212 `_, Tatjana Dehler) +* mgr/dashboard: do not fail on user creation (CLI) (`pr#34280 `_, Tatjana Dehler) +* mgr/orch: allow list daemons by service_name (`pr#34160 `_, Kiefer Chang) +* mgr/prometheus: ceph_pg\_\* metrics contains last value instead of sum across all reported states (`pr#34163 `_, Jacek Suchenia) +* mgr/rook: Blinking lights (`pr#34199 `_, Juan Miguel Olmo Martínez) +* osd/PeeringState: drop mimic assert (`pr#34204 `_, Sage Weil) +* osd/PeeringState: fix pending want_acting vs osd offline race (`pr#34123 `_, xie xingguo) +* pybind/mgr: fix config_notify handling of default values (`pr#34178 `_, Nathan Cutler) +* rbd: librbd: fix client backwards compatibility issues (`issue#39450 `_, `issue#38834 `_, `pr#34323 `_, Jason Dillaman) +* tools: ceph-backport.sh: add deprecation warning (`pr#34125 `_, Nathan Cutler) + + v15.2.0 Octopus =============== From d8d2d76c94c8e4ddd7ee447380f29c7183d86c10 Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Thu, 16 Apr 2020 16:40:21 +0200 Subject: [PATCH 2/5] doc: releases: release notes for v13.2.9 mimic Signed-off-by: Abhishek Lekshmanan --- doc/releases/mimic.rst | 143 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) diff --git a/doc/releases/mimic.rst b/doc/releases/mimic.rst index 79ce8c8f4a9..006c683db52 100644 --- a/doc/releases/mimic.rst +++ b/doc/releases/mimic.rst @@ -1,3 +1,146 @@ +v13.2.9 Mimic +============= + +This is the ninth and very likely the last stable release in the Ceph Mimic +stable release series. This release fixes bugs across all components and also +contains a RGW security fix. We recommend all mimic users to upgrade to this +version. + +Notable Changes +--------------- + +* CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting + +* The configuration value ``osd_calc_pg_upmaps_max_stddev`` used for upmap + balancing has been removed. Instead use the mgr balancer config + ``upmap_max_deviation`` which now is an integer number of PGs of deviation + from the target PGs per OSD. This can be set with a command like + ``ceph config set mgr mgr/balancer/upmap_max_deviation 2``. The default + ``upmap_max_deviation`` is 1. There are situations where crush rules + would not allow a pool to ever have completely balanced PGs. For example, if + crush requires 1 replica on each of 3 racks, but there are fewer OSDs in 1 of + the racks. In those cases, the configuration value can be increased. + +* The ``cephfs-data-scan scan_links`` command now automatically repair inotables + and snaptable. + + +Changelog +--------- + +* bluestore: os/bluestore: fix improper setting of STATE_KV_SUBMITTED (`pr#31673 `_, Igor Fedotov) +* ceph-volume/batch: check lvs list before access (`pr#34479 `_, Jan Fajerski) +* ceph-volume/batch: fail on filtered devices when non-interactive (`pr#33201 `_, Jan Fajerski) +* ceph-volume/batch: return success when all devices are filtered (`pr#34476 `_, Jan Fajerski) +* ceph-volume/lvm/activate.py: clarify error message: fsid refers to osd_fsid (`pr#32865 `_, Yaniv Kaul) +* ceph-volume/test: patch VolumeGroups (`pr#32559 `_, Jan Fajerski) +* ceph-volume: Dereference symlink in lvm list (`pr#32876 `_, Benoît Knecht) +* ceph-volume: add db and wal support to raw mode (`pr#33622 `_, Sébastien Han) +* ceph-volume: add methods to pass filters to pvs, vgs and lvs commands (`pr#33215 `_, Rishabh Dave) +* ceph-volume: add proper size attribute to partitions (`pr#32529 `_, Jan Fajerski) +* ceph-volume: add raw mode (`pr#33580 `_, Jan Fajerski, Sage Weil, Guillaume Abrioux) +* ceph-volume: add sizing arguments to prepare (`pr#33578 `_, Jan Fajerski) +* ceph-volume: add utility functions (`pr#32544 `_, Mohamad Gebai) +* ceph-volume: allow raw block devices everywhere (`pr#32869 `_, Jan Fajerski) +* ceph-volume: allow to skip restorecon calls (`pr#32530 `_, Alfredo Deza) +* ceph-volume: avoid calling zap_lv with a LV-less VG (`pr#33610 `_, Jan Fajerski) +* ceph-volume: batch bluestore fix create_lvs call (`pr#33579 `_, Jan Fajerski) +* ceph-volume: batch bluestore fix create_lvs call (`pr#33623 `_, Jan Fajerski) +* ceph-volume: check if we run in an selinux environment (`pr#32866 `_, Jan Fajerski) +* ceph-volume: check if we run in an selinux environment, now also in py2 (`pr#32867 `_, Jan Fajerski) +* ceph-volume: devices/simple/scan: Fix string in log statement (`pr#34444 `_, Jan Fajerski) +* ceph-volume: don't create osd['block.db'] by default (`pr#33626 `_, Jan Fajerski) +* ceph-volume: don't remove vg twice when zapping filestore (`pr#33615 `_, Jan Fajerski) +* ceph-volume: finer grained availability notion in inventory (`pr#33606 `_, Jan Fajerski) +* ceph-volume: fix is_ceph_device for lvm batch (`pr#33608 `_, Jan Fajerski, Dimitri Savineau) +* ceph-volume: fix the integer overflow (`pr#32872 `_, dongdong tao) +* ceph-volume: import mock.mock instead of unittest.mock (py2) (`pr#32871 `_, Jan Fajerski) +* ceph-volume: lvm deactivate command (`pr#33208 `_, Jan Fajerski) +* ceph-volume: lvm/deactivate: add unit tests, remove --all (`pr#32862 `_, Jan Fajerski) +* ceph-volume: lvm: get_device_vgs() filter by provided prefix (`pr#33617 `_, Jan Fajerski, Yehuda Sadeh) +* ceph-volume: make get_devices fs location independent (`pr#33124 `_, Jan Fajerski) +* ceph-volume: minor clean-up of "simple scan" subcommand help (`pr#32557 `_, Michael Fritch) +* ceph-volume: mokeypatch calls to lvm related binaries (`pr#31406 `_, Jan Fajerski) +* ceph-volume: pass journal_size as Size not string (`pr#33611 `_, Jan Fajerski) +* ceph-volume: rearrange api/lvm.py (`pr#31407 `_, Rishabh Dave) +* ceph-volume: refactor listing.py + fixes (`pr#33603 `_, Jan Fajerski, Rishabh Dave, Theofilos Mouratidis, Guillaume Abrioux) +* ceph-volume: reject disks smaller then 5GB in inventory (`issue#40776 `_, `pr#32528 `_, Jan Fajerski) +* ceph-volume: silence 'ceph-bluestore-tool' failures (`pr#33605 `_, Sébastien Han) +* ceph-volume: skip missing interpreters when running tox tests (`pr#33489 `_, Andrew Schoen) +* ceph-volume: skip osd creation when already done (`pr#33607 `_, Guillaume Abrioux) +* ceph-volume: strip _dmcrypt suffix in simple scan json output (`pr#33618 `_, Jan Fajerski) +* ceph-volume: use correct extents if using db-devices and >1 osds_per_device (`pr#32875 `_, Fabian Niepelt) +* ceph-volume: use fsync for dd command (`pr#31552 `_, Rishabh Dave) +* ceph-volume: use get_device_vgs in has_common_vg (`pr#33609 `_, Jan Fajerski) +* ceph-volume: util: look for executable in $PATH (`pr#32861 `_, Shyukri Shyukriev) +* cephfs: cephfs: osdc/objecter: Fix last_sent in scientific format and add age to ops (`pr#31384 `_, Varsha Rao) +* cephfs: cephfs: test_volume_client: declare only one default for python version (`issue#40460 `_, `pr#30110 `_, Rishabh Dave) +* cephfs: client: more precise CEPH_CLIENT_CAPS_PENDING_CAPSNAP (`pr#31283 `_, "Yan, Zheng") +* cephfs: client: remove Inode.dir_contacts field and handle bad whence value to llseek gracefully (`pr#31380 `_, Jeff Layton) +* cephfs: mds: avoid calling clientreplay_done() prematurely (`pr#31282 `_, "Yan, Zheng") +* cephfs: mds: fix assert(omap_num_objs <= MAX_OBJECTS) of OpenFileTable (`pr#32757 `_, "Yan, Zheng") +* cephfs: mds: fix infinite loop in Locker::file_update_finish (`pr#31284 `_, "Yan, Zheng") +* cephfs: mds: mds returns -5(EIO) error when the deleted file does not exist (`pr#31381 `_, huanwen ren) +* cephfs: mds: split the dir if the op makes it oversized, because some ops maybe in flight (`pr#31379 `_, simon gao) +* cephfs: tools/cephfs: make 'cephfs-data-scan scan_links' reconstruct snaptable (`pr#31281 `_, "Yan, Zheng") +* common/config: parse --log-early option (`pr#33130 `_, Sage Weil) +* common: common/admin_socket: Increase socket timeouts (`pr#33323 `_, Brad Hubbard) +* common: common/config: update values when they are removed via mon (`pr#33327 `_, Sage Weil) +* common: common/util: use ifstream to read from /proc files (`pr#32902 `_, Kefu Chai, songweibin) +* core,mgr,tests: mgr: Release GIL and Balancer fixes (`pr#31957 `_, Neha Ojha, Kefu Chai, Noah Watkins, David Zafman) +* core,mgr: mgr/prometheus: assign a value to osd_dev_node when obj_store is not filestore or bluestore (`pr#31557 `_, jiahuizeng) +* core,tests: qa/tasks/cbt: install python3 deps (`pr#34193 `_, Sage Weil) +* core: mon/OSDMonitor: fix format error ceph osd stat --format json (`pr#33322 `_, Zheng Yin) +* core: mon: Don't put session during feature change (`pr#33154 `_, Brad Hubbard) +* core: osd/PeeringState.cc: don't let num_objects become negative (`pr#33331 `_, Neha Ojha) +* core: osd/PeeringState.cc: skip peer_purged when discovering all missing (`pr#33329 `_, Neha Ojha) +* core: osd/PeeringState.h: ignore MLogRec in Peering/GetInfo (`pr#33594 `_, Neha Ojha) +* core: osd/PeeringState: do not exclude up from acting_recovery_backfill (`pr#33324 `_, Nathan Cutler, xie xingguo) +* core: osd: Allow 64-char hostname to be added as the "host" in CRUSH (`pr#33145 `_, Michal Skalski) +* core: osd: Diagnostic logging for upmap cleaning (`pr#32717 `_, David Zafman) +* core: osd: backfill_toofull seen on cluster where the most full OSD is at 1% (`pr#32361 `_, David Zafman) +* core: osd: set collection pool opts on collection create, pg load (`pr#32125 `_, Sage Weil) +* core: selinux: Allow ceph to read udev db (`pr#32258 `_, Boris Ranto) +* core: selinux: Allow ceph-mgr access to httpd dir (`pr#34458 `_, Brad Hubbard) +* doc: remove invalid option mon_pg_warn_max_per_osd (`pr#31875 `_, zhang daolong) +* doc: doc/_templates/page.html: redirect to etherpad (`pr#32249 `_, Neha Ojha) +* doc: doc/cephfs/client-auth: description and example are inconsistent (`pr#32782 `_, Ilya Dryomov) +* doc: wrong datatype describing crush_rule (`pr#32255 `_, Kefu Chai) +* mgr,pybind: mgr/prometheus: report per-pool pg states (`pr#33158 `_, Aleksei Zakharov) +* mgr,pybind: mgr/telemetry: check get_metadata return val (`pr#33096 `_, Yaarit Hatuka) +* mount.ceph: give a hint message when no mds is up or cluster is laggy (`pr#32911 `_, Xiubo Li) +* pybind: pybind/mgr: Cancel output color control (`pr#31805 `_, Zheng Yin) +* qa: get rid of iterkeys for py3 compatibility (`pr#33999 `_, Kyr Shatskyy) +* rbd: creating thick-provision image progress percent info exceeds 100% (`pr#33318 `_, Xiangdong Mu) +* rbd: librbd: diff iterate with fast-diff now correctly includes parent (`pr#32470 `_, Jason Dillaman) +* rbd: librbd: don't call refresh from mirror::GetInfoRequest state machine (`pr#32952 `_, Mykola Golub) +* rbd: librbd: fix rbd_open_by_id, rbd_open_by_id_read_only (`pr#33315 `_, yangjun) +* rbd: nautilus: rbd-mirror: fix 'rbd mirror status' asok command output (`pr#32714 `_, Mykola Golub) +* rbd: rbd-mirror: clone v2 mirroring improvements (`pr#31520 `_, Mykola Golub) +* rbd: rbd-mirror: improve detection of blacklisted state (`pr#33598 `_, Mykola Golub) +* rbd: rbd-mirror: make logrotate work (`pr#32598 `_, Mykola Golub) +* rgw: add bucket permission verify when copy obj (`pr#31377 `_, NancySu05) +* rgw: add list user admin OP API (`pr#31754 `_, Oshyn Song) +* rgw: add missing admin property when sync user info (`pr#30804 `_, zhang Shaowen) +* rgw: add num_shards to radosgw-admin bucket stats (`pr#31183 `_, Paul Emmerich) +* rgw: adding mfa code validation when bucket versioning status is changed (`pr#33303 `_, Pritha Srivastava) +* rgw: allow reshard log entries for non-existent buckets to be cancelled (`pr#33302 `_, J. Eric Ivancich) +* rgw: auto-clean reshard queue entries for non-existent buckets (`pr#33300 `_, J. Eric Ivancich) +* rgw: change the "rgw admin status" 'num_shards' output to signed int (`issue#37645 `_, `pr#33305 `_, Mark Kogan) +* rgw: crypt: permit RGW-AUTO/default with SSE-S3 headers (`pr#31861 `_, Matt Benjamin) +* rgw: find oldest period and update RGWMetadataLogHistory() (`pr#33309 `_, Shilpa Jagannath) +* rgw: fix a bug that bucket instance obj can't be removed after resharding completed (`pr#33306 `_, zhang Shaowen) +* rgw: fix bad user stats on versioned bucket after reshard (`pr#33304 `_, J. Eric Ivancich) +* rgw: fix memory growth while deleting objects with (`pr#31378 `_, Mark Kogan) +* rgw: get barbican secret key request maybe return error code (`pr#33966 `_, Richard Bai(白学余)) +* rgw: make max_connections configurable in beast (`pr#33341 `_, Tiago Pasqualini) +* rgw: making implicit_tenants backwards compatible (`issue#24348 `_, `pr#33748 `_, Marcus Watts) +* rgw: maybe coredump when reload operator happened (`pr#33313 `_, Richard Bai(白学余)) +* rgw: move forward marker even in case of many rgw.none indexes (`pr#33311 `_, Ilsoo Byun) +* rgw: prevent bucket reshard scheduling if bucket is resharding (`pr#31299 `_, J. Eric Ivancich) +* rgw: update the hash source for multipart entries during resharding (`pr#33312 `_, dongdong tao) + + v13.2.8 Mimic ============= From a9d303118ccb5576bea282177a545d784aed298e Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Fri, 24 Apr 2020 12:28:44 +0200 Subject: [PATCH 3/5] doc: release notes for v13.2.10 mimic Signed-off-by: Abhishek Lekshmanan --- doc/releases/mimic.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/releases/mimic.rst b/doc/releases/mimic.rst index 006c683db52..6ec6ab851a6 100644 --- a/doc/releases/mimic.rst +++ b/doc/releases/mimic.rst @@ -1,3 +1,15 @@ +v13.2.10 Mimic +============= + +This is the tenth bugfix release of Ceph Mimic, this release fixes a RGW +vulnerability affecting mimic, and we recommend that all mimic users upgrade. + +Notable Changes +--------------- +* CVE 2020 12059: Fix an issue with Post Object Requests with Tagging + (`issue#44967 `_, Lei Cao, Abhishek + Lekshmanan) + v13.2.9 Mimic ============= From 42388336534a9ee21e9db684bd71680a7f2de94a Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Fri, 24 Apr 2020 12:34:59 +0200 Subject: [PATCH 4/5] doc: releases: add release notes for v14.2.9 Signed-off-by: Abhishek Lekshmanan --- doc/releases/nautilus.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/releases/nautilus.rst b/doc/releases/nautilus.rst index 87fb0bba2a5..0c28e42b566 100644 --- a/doc/releases/nautilus.rst +++ b/doc/releases/nautilus.rst @@ -1,3 +1,16 @@ +v14.2.9 Nautilus +================ + +This is the ninth bugfix release of Nautilus. This release fixes a +couple of security issues in RGW & Messenger V2. We recommend all users +to upgrade to this release. + +Notable Changes +--------------- + +- CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode +- CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting + v14.2.8 Nautilus ================ From 60c825486916d0b0b43248a0966d2ecb90f352df Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Fri, 24 Apr 2020 12:35:21 +0200 Subject: [PATCH 5/5] doc: update release.yml with octopus, nautilus & mimic Signed-off-by: Abhishek Lekshmanan --- doc/releases/releases.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml index c6d823e6f02..4378494a985 100644 --- a/doc/releases/releases.yml +++ b/doc/releases/releases.yml @@ -14,11 +14,15 @@ releases: octopus: releases: + - version: 15.2.1 + released: 2020-04-09 - version: 15.2.0 released: 2020-03-23 target_eol: 2022-06-01 nautilus: releases: + - version: 14.2.9 + released: 2020-04-15 - version: 14.2.8 released: 2020-03-03 - version: 14.2.7 @@ -41,6 +45,10 @@ releases: mimic: releases: + - version: 13.2.10 + released: 2020-04-23 + - version: 13.2.9 + released: 2020-04-16 - version: 13.2.8 released: 2019-12-13 - version: 13.2.7