SUSE-SU-2019:2994-1

This update for ceph fixes the following issues:

• A previous update introduced a regression with the potential to cause RocksDB data corruption in Nautilus (bsc#1156282).

• Support for iSCSI target-level CHAP authentication was added (bsc#1145617).

• Implemented validation and rendering of iSCSI controls based 'type' (bsc#1140491).

• Fixed an error while editing iSCSI image advanced settings (bsc#1146656).

• Fixed a ceph-volume regression. SES customers were never exposed to this regression (bsc#1132767).

• Fixed a denial of service vulnerability where an unauthenticated client of Ceph Object Gateway could trigger a crash from an uncaught exception (bsc#1145093, CVE-2019-10222)

• Nautilus-based librbd clients could not open images on Jewel clusters (bsc#1151994).

• The RGW numradoshandles has been removed (bsc#1151995).

• 'osddeepscrublargeomapobjectkey_threshold' has been lowered in Nautilus (bsc#1152002).

• The ceph dashboard now supports silencing Prometheus notifications (bsc#1141174).

• The no{up,down,in,out} related commands have been revamped (bsc#1151990).

• Radosgw-admin got two new subcommands for managing expire-stale objects (bsc#1151991)..

• Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 used to break pool utilization stats reported by ceph df (bsc#1151992).

• Ceph clusters will issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993).

• Ceph-volume prints errors to stdout with --format json (bsc#1132767).

• Changing rgw-api-host in the dashboard does not get effective without disable/enable dashboard mgr module (bsc#1137503).

• Silenced Alertmanager alerts in the dashboard (bsc#1141174).

• Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759)

• librbd always tries to acquire exclusive lock when removing image an (bsc#1149093).

Fixes in ses-manual_en:

• Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
• Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444)
• Improved name of CaaSP to its fuller version. (bsc#1151439)
• Verify which OSD's are going to be removed before running stage.5. (bsc#1150406)
• Added two additional steps to recovering an OSD. (bsc#1147132)

Fixes in ceph-iscsi:

• Validate kernel LIO controls type and value (bsc#1140491)
• TPG lun_id persistence (bsc#1145618)
• Target level CHAP authentication (bsc#1145617)

ceph-iscsi was updated to the upstream 3.2 release:

• Always use host FQDN instead of shortname
• Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491)