[kolla] Ceph client version in Kolla 12.0.0 Wallaby and ubuntu containers

Radosław Piliszek radoslaw.piliszek at gmail.com
Fri Jul 16 07:42:57 UTC 2021


On Fri, Jul 16, 2021 at 1:45 AM J-P Methot <jp.methot at planethoster.info> wrote:
>
> Hi,

Hello,

> We've been using Kolla to provision a production cluster and we've
> noticed that the ceph-client version provided in the Kolla images is
> severely outdated as it doesn't support the fix to CVE-2021-20288 that
> was added in Pacific 16.2.1 (installed version in image is 16.2.0). As a
> result, the installed ceph-client can't connect to ceph clusters where
> the patch is active.
>
> Is there any Kolla image where more recent versions of ceph-client is
> installed? How would I be able to get them?

This is a known issue. We are depending on the upstream (the Ubuntu
distribution in here) to provide Ceph client libraries.
They are, as you noticed, quite outdated in Focal.
If you know of a reliable, official source of newer Ubuntu Ceph client
packages, then let us know.
Otherwise, there are no Kolla Ubuntu images at the moment which have newer Ceph.

-yoctozepto



More information about the openstack-discuss mailing list