Hi, I was also hitting this issue and currently using a workaround written in Ceph document[1] ceph config set mon auth_allow_insecure_global_id_reclaim true ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM 4w ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED 4w Thanks for the suggestion by yoctozepto I've found out that Ceph does provide an official source for debian packages [2] If it's ok I'll work on a patch to use the official repo for installation source. Regards, Gene Kuo [1] https://docs.ceph.com/en/latest/security/CVE-2021-20288/ [2] https://docs.ceph.com/en/latest/install/get-packages/#debian-packages ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ 在 2021年7月16日 星期五 下午 3:42,Radosław Piliszek <radoslaw.piliszek@gmail.com> 寫道:
On Fri, Jul 16, 2021 at 1:45 AM J-P Methot jp.methot@planethoster.info wrote:
Hi,
Hello,
We've been using Kolla to provision a production cluster and we've
noticed that the ceph-client version provided in the Kolla images is
severely outdated as it doesn't support the fix to CVE-2021-20288 that
was added in Pacific 16.2.1 (installed version in image is 16.2.0). As a
result, the installed ceph-client can't connect to ceph clusters where
the patch is active.
Is there any Kolla image where more recent versions of ceph-client is
installed? How would I be able to get them?
This is a known issue. We are depending on the upstream (the Ubuntu
distribution in here) to provide Ceph client libraries.
They are, as you noticed, quite outdated in Focal.
If you know of a reliable, official source of newer Ubuntu Ceph client
packages, then let us know.
Otherwise, there are no Kolla Ubuntu images at the moment which have newer Ceph.
-yoctozepto