[kolla] Ceph client version in Kolla 12.0.0 Wallaby and ubuntu containers

Pierre Riteau pierre at stackhpc.com
Fri Jul 16 08:19:19 UTC 2021


On Fri, 16 Jul 2021 at 09:43, Radosław Piliszek <radoslaw.piliszek at gmail.com>
wrote:

> On Fri, Jul 16, 2021 at 1:45 AM J-P Methot <jp.methot at planethoster.info>
> wrote:
> >
> > Hi,
>
> Hello,
>
> > We've been using Kolla to provision a production cluster and we've
> > noticed that the ceph-client version provided in the Kolla images is
> > severely outdated as it doesn't support the fix to CVE-2021-20288 that
> > was added in Pacific 16.2.1 (installed version in image is 16.2.0). As a
> > result, the installed ceph-client can't connect to ceph clusters where
> > the patch is active.
> >
> > Is there any Kolla image where more recent versions of ceph-client is
> > installed? How would I be able to get them?
>
> This is a known issue. We are depending on the upstream (the Ubuntu
> distribution in here) to provide Ceph client libraries.
> They are, as you noticed, quite outdated in Focal.
> If you know of a reliable, official source of newer Ubuntu Ceph client
> packages, then let us know.
> Otherwise, there are no Kolla Ubuntu images at the moment which have newer
> Ceph.
>
> -yoctozepto
>

When I build ubuntu-binary-cinder-volume locally, I get 16.2.4 packages
which come from the Ubuntu Cloud Archive:

INFO:kolla.common.utils.cinder-base:Get:24
http://ubuntu-cloud.archive.canonical.com/ubuntu focal-updates/wallaby/main
amd64 python3-ceph-argparse amd64 16.2.4-0ubuntu0.21.04.1~cloud0 [57.1 kB]

Logs from periodic publish jobs show that the last weekly build from Sunday
[1] installed 16.2.0, while the last daily build [2] from yesterday
installed 16.2.4.

[1]
https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_573/periodic-weekly/opendev.org/openstack/kolla/stable/wallaby/kolla-publish-ubuntu-binary-dockerhub/5736d0c/kolla/build/cinder-base.log
[2]
https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_d8f/periodic/opendev.org/openstack/kolla/stable/wallaby/kolla-publish-ubuntu-binary-quay/d8f66d4/kolla/build/cinder-base.log

Either UCA was outdated or the OpenDev mirrors were not synced?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210716/b8df83a1/attachment-0001.html>


More information about the openstack-discuss mailing list