Issued:

2023-02-20

Updated:

2023-02-20

RHBA-2023:0827 - Red Hat OpenShift Data Foundation 4.10.10 Bug Fix Update

Synopsis

Red Hat OpenShift Data Foundation 4.10.10 Bug Fix Update

Type/Severity

Bug Fix Advisory None

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

• Previously, the listing operations would fail depending on the number of objects in the bucket due to incorrect mapping of indexes in the Multicloud Object Gateway database (MCG DB). This incorrect mapping caused certain queries to take longer time than needed and fails the specific actions as a result. With this fix, the indexes are updated to fix the listing queries. (BZ#2150005)

• Previously, in some environments, the ceph-osd did not run as PID 1 which resulted in a non-random nonce value used for starting the OSD. When an OSD was restarted after a node restart, the OSD stays "down" in Ceph instead of coming back online as it looks like the stale OSD. With this update, the nonce number is ensured to be randomized now by setting the environment variable CEPH_USE_RANDOM_NONCE on the OSD pods, to ensure Ceph always knows ODF is running in a containerized environment and to randomize the nonce values. This allows the OSDs to start properly after node restart. (BZ#2150411)

• Previously, services running without the TLS were problematic if security was the main concern for the customers. This was due to a Liveness sidecar container deployed with the CSI pods to check if the CSI driver is responding appropriately or not without TLS. With this fix, the Liveness container in all Ceph CSI pods is disabled and as a result, no service runs in the Ceph CSI pods without TLS, and one less container in Ceph CSI pods. (BZ#2142902)

• Previously, the rook-ceph-osd-prepare job sometimes would be stuck in CrashLoopBackOff (CLBO) state and would never come up. This was due to the deletion of OSD deployment in an encrypted cluster backed by CSI provisioned PVC which caused the rook-ceph-osd-prepare job for that OSD to be stuck in CrashLoopBackOff state. With this fix, the rook-ceph-osd-prepare job removes the stale encrypted device and opens it again avoiding the CLBO state. As a result, the rook-ceph-osd-prepare job runs as expected and the OSD comes up. (BZ#2153695)

All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide these bug fixes.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Fixes

• This content is not included.BZ - 2135632
• This content is not included.BZ - 2142902
• This content is not included.BZ - 2150005
• This content is not included.BZ - 2153695
• This content is not included.BZ - 2168565

CVEs

• CVE-2021-46848
• CVE-2022-35737
• CVE-2022-40303
• CVE-2022-40304
• CVE-2022-42010
• CVE-2022-42011
• CVE-2022-42012
• CVE-2022-43680
• CVE-2023-22809

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.