v15.2.17 Octopus 发布
这是 Octopus 系列的第17个也是最后一个反向移植版本。我们建议所有用户更新到此版本。
重要变更 ¶
Octopus 修改了 SnapMapper 密钥格式,从
<LEGACY_MAPPING_PREFIX><snapid>_<shardid>_<hobject_t::to_str()>改为
<MAPPING_PREFIX><pool>_<snapid>_<shardid>_<hobject_t::to_str()>当引入此更改时,94ebe0e 也引入了一个转换,其中包含一个关键的错误,该错误通过将旧密钥映射到 <MAPPING_PREFIX> 来销毁它们
没有对象唯一后缀。此版本修复了转换。相关跟踪器:https://tracker.ceph.com/issues/5614 在不带任何选项或位置参数的情况下调用 "rbd perf image iostat" 或 "rbd perf image iotop" 命令,将所有 RBD 池混合到一个视图中的功能得以恢复。在 v15.2.14 中,此类调用意外地仅限于默认池 (
rbd_default_pool)。运行 OpenStack Manila 导出原生 CephFS 的用户,如果他们将 Ceph 集群从 Nautilus(或更早版本)升级到更高版本,则容易受到恶意用户的攻击(CVE-2022-0670: Native-CephFS Manila 路径限制绕过)。此漏洞允许用户访问 CephFS 文件系统层次结构中的任意部分,而不是被正确限制在他们自己的子卷中。该漏洞是由于 Ceph Manager 中的“volumes”插件存在错误造成的。此插件负责管理 Ceph 文件系统子卷,OpenStack Manila 服务使用这些子卷向 Manila 用户提供共享。
在此版本中,该漏洞已修复。担心可能受到影响的管理员应审核其集群中的 CephX 密钥,以确保正确的路径限制。
再次说明,此漏洞仅影响提供原生 CephFS 访问权限给其用户的 OpenStack Manila 集群。
变更日志 ¶
admin/doc-requirements: 提升 sphinx 至 4.4.0 (pr#45972, Kefu Chai)
backport qemu-iotests fixup for centos stream 8 (pr#45206, Ken Dreyer, Ilya Dryomov)
Catch exception if thrown by __generate_command_map() (pr#45891, Nikhil Kshirsagar)
ceph-volume: abort when passed devices have partitions (pr#45147, Guillaume Abrioux)
ceph-volume: fix error 'KeyError' with inventory (pr#44883, Guillaume Abrioux)
ceph-volume: fix tags dict output in
lvm list(pr#44768, Guillaume Abrioux)ceph-volume: zap osds in rollback_osd() (pr#44770, Guillaume Abrioux)
ceph/admin: s/master/main (pr#46219, Zac Dover)
cephadm: infer the default container image during pull (pr#45570, Michael Fritch)
cephadm: preserve
authorized\_keysfile during upgrade (pr#45356, Michael Fritch)client: do not dump mds twice in Inode::dump() (pr#45162, Xue Yantao)
cls/rbd: GroupSnapshotNamespace comparator violates ordering rules (pr#45076, Ilya Dryomov)
cls/rgw: rgw_dir_suggest_changes detects race with completion (pr#45902, Casey Bodley)
cmake: pass RTE_DEVEL_BUILD=n when building dpdk (pr#45261, Kefu Chai)
common: avoid pthread_mutex_unlock twice (pr#45465, Dai Zhiwei)
common: replace BitVector::NoInitAllocator with wrapper struct (pr#45180, Casey Bodley)
crush: cancel upmaps with up set size != pool size (pr#43416, huangjun)
doc/dev: update basic-workflow.rst (pr#46308, Zac Dover)
doc/start: s/3/three/ in intro.rst (pr#46328, Zac Dover)
doc/start: update "memory" in hardware-recs.rst (pr#46451, Zac Dover)
Fixes for make check (pr#46230, Kefu Chai, Adam C. Emerson)
krbd: return error when no initial monitor address found (pr#45004, Burt Holzman)
librados: check latest osdmap on ENOENT in pool_reverse_lookup() (pr#45587, Ilya Dryomov)
librbd: bail from schedule_request_lock() if already lock owner (pr#47160, Christopher Hoffman)
librbd: fix use-after-free on ictx in list_descendants() (pr#45000, Ilya Dryomov, Wang ShuaiChao)
librbd: honor FUA op flag for write_same() in write-around cache (pr#44992, Ilya Dryomov)
librbd: readv/writev fix iovecs length computation overflow (pr#45560, Jonas Pfefferle)
librbd: track complete async operation requests (pr#45019, Mykola Golub)
librbd: unlink newest mirror snapshot when at capacity, bump capacity (pr#46592, Ilya Dryomov)
librbd: update progress for non-existent objects on deep-copy (pr#46912, Ilya Dryomov)
librgw: make rgw file handle versioned (pr#45496, Xuehan Xu)
mds: add heartbeat_reset() in start_files_to_reover() (pr#45157, Yongseok Oh)
mds: check rejoin_ack_gather before enter rejoin_gather_finish (pr#45161, chencan)
mds: directly return just after responding the link request (pr#44624, Xiubo Li)
mds: ensure that we send the btime in cap messages (pr#45164, Jeff Layton)
mds: fix possible mds_lock not locked assert (pr#45156, Xiubo Li)
mds: fix seg fault in expire_recursive (pr#45055, 胡玮文)
mds: ignore unknown client op when tracking op latency (pr#44976, Venky Shankar)
mds: mds_oft_prefetch_dirfrags default to false (pr#45015, Dan van der Ster)
mds: progress the recover queue immediately after the inode is enqueued (pr#45158, "Yan, Zheng", Xiubo Li)
mds: reset the return value for heap command (pr#45155, Xiubo Li)
mds: skip directory size checks for reintegration (pr#44668, Patrick Donnelly)
mgr/cephadm: fix and improve osd draining (pr#46645, Sage Weil)
mgr/cephadm: try to get FQDN for active instance (pr#46787, Tatjana Dehler)
mgr/cephadm: try to get FQDN for configuration files (pr#45621, Tatjana Dehler)
mgr/dashboard: dashboard turns telemetry off when configuring report (pr#45110, Sarthak0702, Aaryan Porwal)
mgr/dashboard: fix "NullInjectorError: No provider for I18n (pr#45613, Nizamudeen A)
mgr/dashboard: fix Grafana OSD/host panels (pr#44924, Patrick Seidensal)
mgr/dashboard: Notification banners at the top of the UI have fixed height (pr#44763, Waad AlKhoury)
mgr/dashboard: Table columns hiding fix (issue#51119, pr#45726, Daniel Persson)
mgr/devicehealth: fix missing timezone from time delta calculation (pr#45287, Yaarit Hatuka)
mgr/prometheus: Added
avail\_rawfield for Pools DF Prometheus mgr module (pr#45238, Konstantin Shalygin)mgr/rbd_support: cast pool_id from int to str when collecting LevelSpec (pr#45530, Ilya Dryomov)
mgr/rbd_support: fix schedule remove (pr#45006, Sunny Kumar)
mgr/telemetry: fix waiting for mgr to warm up (pr#45772, Yaarit Hatuka)
mgr/volumes: A few volumes plugin backport (issue#51271, pr#44800, Kotresh HR, Venky Shankar, Jan Fajerski)
mgr/volumes: Fix permission during subvol creation with mode (pr#43224, Kotresh HR)
mgr/volumes: Fix subvolume discover during upgrade (pr#47236, Kotresh HR)
mgr: limit changes to pg_num (pr#44541, Sage Weil)
mirror snapshot schedule and trash purge schedule fixes (pr#46777, Ilya Dryomov)
mon/MonCommands.h: fix target_size_ratio range (pr#45398, Kamoltat)
mon: Abort device health when device not found (pr#44960, Benoît Knecht)
octopus rgw: on FIPS enabled, fix segfault performing s3 multipart PUT (pr#46701, Mark Kogan)
octopus rgw: under fips, set flag to allow md5 in select rgw ops (pr#44806, Mark Kogan)
os/bluestore: Always update the cursor position in AVL near-fit search (pr#46687, Mark Nelson)
osd/OSD: Log aggregated slow ops detail to cluster logs (pr#45154, Prashant D)
osd/OSD: osd_fast_shutdown_notify_mon not quite right (pr#45655, Nitzan Mordechai, Satoru Takeuchi)
osd/OSDMap: Add health warning if 'require-osd-release' != current release (pr#44260, Sridhar Seshasayee)
osd/OSDMapMapping: fix spurious threadpool timeout errors (pr#44546, Sage Weil)
osd/PGLog.cc: Trim duplicates by number of entries (pr#46253, Nitzan Mordechai)
osd/PrimaryLogPG.cc: CEPH_OSD_OP_OMAPRMKEYRANGE should mark omap dirty (pr#45593, Neha Ojha)
osd/SnapMapper: fix pacific legacy key conversion and introduce test (pr#47108, Manuel Lausch, Matan Breizman)
osd: log the number of 'dups' entries in a PG Log (pr#46609, Radoslaw Zarzynski)
osd: require osd_pg_max_concurrent_snap_trims > 0 (pr#45324, Dan van der Ster)
qa/rgw: add failing tempest test to blocklist (pr#45437, Casey Bodley)
qa/rgw: update apache-maven mirror for rgw/hadoop-s3a (pr#45446, Casey Bodley)
qa/suites/rados/thrash-erasure-code-big/thrashers: add
osd max backfillssetting to mapgap and pggrow (pr#46392, Laura Flores)qa/suites: clean up client-upgrade-octopus-pacific test (pr#45334, Ilya Dryomov)
qa/tasks/qemu: make sure block-rbd.so is installed (pr#45071, Ilya Dryomov)
qa/tasks: teuthology octopus backport (pr#46149, Kefu Chai, Shraddha Agrawal)
qa/tests: added upgrade-clients/client-upgrade-octopus-quincy tests (pr#45282, Yuri Weinstein)
qa: always format the pgid in hex (pr#45159, Xiubo Li)
qa: check mounts attribute in ctx (pr#45633, Jos Collin)
qa: remove .teuthology_branch file (pr#46489, Jeff Layton)
radosgw-admin: 'reshard list' doesn't log ENOENT errors (pr#45452, Casey Bodley)
radosgw-admin: 'sync status' is not behind if there are no mdlog entries (pr#45443, Casey Bodley)
radosgw-admin: skip GC init on read-only admin ops (pr#45423, Mark Kogan)
rbd-fuse: librados will filter out -r option from command-line (pr#46952, wanwencong)
rbd-mirror: don't prune non-primary snapshot when restarting delta sync (pr#46589, Ilya Dryomov)
rbd-mirror: generally skip replay/resync if remote image is not primary (pr#46812, Ilya Dryomov)
rbd-mirror: make mirror properly detect pool replayer needs restart (pr#45169, Mykola Golub)
rbd-mirror: remove bogus completed_non_primary_snapshots_exist check (pr#47117, Ilya Dryomov)
rbd-mirror: synchronize with in-flight stop in ImageReplayer::stop() (pr#45177, Ilya Dryomov)
rbd: don't default empty pool name unless namespace is specified (pr#47142, Ilya Dryomov)
rbd: mark optional positional arguments as such in help output (pr#45009, Ilya Dryomov, Jason Dillaman)
rbd: recognize rxbounce map option (pr#45001, Ilya Dryomov)
Revert "rocksdb: do not use non-zero recycle_log_file_num setting" (pr#47053, Laura Flores)
revert of #46253, add tools: ceph-objectstore-tool is able to trim solely pg log dups' entries (pr#46611, Radosław Zarzyński, Radoslaw Zarzynski)
rgw/amqp: add default case to silence compiler warning (pr#45479, Casey Bodley)
rgw: add the condition of lock mode conversion to PutObjRentention (pr#45441, wangzhong)
rgw: bucket chown bad memory usage (pr#45492, Mohammad Fatemipour)
rgw: change order of xml elements in ListRoles response (pr#45449, Casey Bodley)
rgw: cls_bucket_list_unordered() might return one redundent entry every time is_truncated is true (pr#45458, Peng Zhang)
rgw: document rgw_lc_debug_interval configuration option (pr#45454, J. Eric Ivancich)
rgw: document S3 bucket replication support (pr#45485, Matt Benjamin)
rgw: Dump Object Lock Retain Date as ISO 8601 (pr#43656, Preben Berg)
rgw: fix leak of RGWBucketList memory (octopus only) (pr#45283, Casey Bodley)
rgw: fix md5 not match for RGWBulkUploadOp upload when enable rgw com… (pr#45433, yuliyang_yewu)
rgw: fix segfault in UserAsyncRefreshHandler::init_fetch (pr#45412, Cory Snyder)
rgw: have "bucket check --fix" fix pool ids correctly (pr#45456, J. Eric Ivancich)
rgw: init bucket index only if putting bucket instance info succeeds (pr#45481, Huber-ming)
rgw: parse tenant name out of rgwx-bucket-instance (pr#45523, Casey Bodley)
rgw: resolve empty ordered bucket listing results w/ CLS filtering *and* bucket index list produces incorrect result when non-ascii entries (pr#45088, J. Eric Ivancich)
rgw: return OK on consecutive complete-multipart reqs (pr#45488, Mark Kogan)
rgw: RGWCoroutine::set_sleeping() checks for null stack (pr#46042, Or Friedmann, Casey Bodley)
rgw: RGWPostObj::execute() may lost data (pr#45503, Lei Zhang)
rgw: url_decode before parsing copysource in copyobject (issue#43259, pr#45431, Paul Reece)
rgw:When KMS encryption is used and the key does not exist, we should… (pr#45462, wangyingbin)
rgwlc: fix segfault resharding during lc (pr#46745, Mark Kogan)
rocksdb: do not use non-zero recycle_log_file_num setting (pr#45040, Igor Fedotov)
src/rgw: Fix for malformed url (pr#45460, Kalpesh Pandya)
test/bufferlist: ensure rebuild_aligned_size_and_memory() always rebuilds (pr#46216, Radoslaw Zarzynski)
test/librbd: add test to verify diff_iterate size (pr#45554, Christopher Hoffman)
test: fix wrong alarm (HitSetWrite) (pr#45320, Myoungwon Oh)
tools/rbd: expand where option rbd_default_map_options can be set (pr#45182, Christopher Hoffman, Ilya Dryomov)