RedHat: RHSA-2022-0947:01 Moderate: OpenShift Virtualization 4.10.0...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update
Advisory ID:       RHSA-2022:0947-01
Product:           cnv
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:0947
Issue date:        2022-03-16
CVE Names:         CVE-2021-29923 CVE-2021-33195 CVE-2021-33197 
                   CVE-2021-33198 CVE-2021-34558 CVE-2021-36221 
                   CVE-2021-44716 CVE-2021-44717 CVE-2022-24407 
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 4.10.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains the following OpenShift Virtualization 4.10.0
images:

RHEL-8-CNV-4.10

==============

kubevirt-velero-plugin-container-v4.10.0-8
virtio-win-container-v4.10.0-10
kubevirt-template-validator-container-v4.10.0-16
hostpath-csi-driver-container-v4.10.0-32
hostpath-provisioner-container-v4.10.0-32
hostpath-provisioner-operator-container-v4.10.0-62
cnv-must-gather-container-v4.10.0-110
virt-cdi-controller-container-v4.10.0-90
virt-cdi-apiserver-container-v4.10.0-90
virt-cdi-uploadserver-container-v4.10.0-90
virt-cdi-uploadproxy-container-v4.10.0-90
virt-cdi-operator-container-v4.10.0-90
virt-cdi-cloner-container-v4.10.0-90
virt-cdi-importer-container-v4.10.0-90
kubevirt-ssp-operator-container-v4.10.0-50
virt-api-container-v4.10.0-217
hyperconverged-cluster-webhook-container-v4.10.0-133
libguestfs-tools-container-v4.10.0-217
virt-handler-container-v4.10.0-217
virt-launcher-container-v4.10.0-217
virt-artifacts-server-container-v4.10.0-217
virt-controller-container-v4.10.0-217
node-maintenance-operator-container-v4.10.0-48
hyperconverged-cluster-operator-container-v4.10.0-133
virt-operator-container-v4.10.0-217
cnv-containernetworking-plugins-container-v4.10.0-49
kubemacpool-container-v4.10.0-49
bridge-marker-container-v4.10.0-49
ovs-cni-marker-container-v4.10.0-49
ovs-cni-plugin-container-v4.10.0-49
kubernetes-nmstate-handler-container-v4.10.0-49
cluster-network-addons-operator-container-v4.10.0-49
hco-bundle-registry-container-v4.10.0-696

Security Fix(es):

* golang: net/https: limit growth of header canonicalization cache
(CVE-2021-44716)

* golang: net: incorrect parsing of extraneous zero characters at the
beginning of an IP address octet (CVE-2021-29923)

* golang: net: lookup functions may return invalid host names
(CVE-2021-33195)

* golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)

* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)

* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)

* golang: net/http/httputil: panic due to racy read of persistConn after
handler panic (CVE-2021-36221)

* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1760028 - CPU compatibility is not checked when migrating host-model VMs
1855182 - [Storage] Clone could not be continued after virtctl stop the vm if the clone dv have been created for more than 3 minutes
1906151 - High CPU/Memory usage of Kube API server following a CNV installation
1918294 - VM created from template when OCS is default SC fails to start on "source volumeMode (Block) and target volumeMode (Filesystem) do not match"
1935217 - [CNV-2.5] Manifests in openshift-cnv missing resource requirements - Storage
1945586 - CPU pinning is incorrect after live migration
1958085 - No option to deploy the templates to a non-shared (non default) namespace
1959039 - must-gather doesn't collect iptables info of CNV VM anymore
1975978 - canary-release-openshift-origin-installer-e2e-aws-4.7-cnv is permfailing
1983079 - No "permittedHostDevices" section in HCO CR, allows any hostdevice in the VM spec.
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1986970 - Node outages can lead to (legitimate) mass restarts of VMs which can block our controller
1987009 - [tracker] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters
1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
1990061 - [virt] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
1992231 - hostpath-provisioner Pods are not created
1993454 - Improve ImageIO import performance
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
1997540 - Missing kcs: OpenShift Virtualization limits
1998300 - CNV VMs do not contain the cluster domain name in the FQDN
1999110 - 4.10.0 containers
1999636 - 4.10.0 rpms
2000480 - Using depreacted 1.25 API calls
2001984 - VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a PVC
2001987 - VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a DV
2002272 - Unable to LiveMigrate a VM with nonroot VirtLauncher Pod
2003704 - Switch live migration to use unix sockets
2007397 - Unexpected killing of virt-launcher pod, can result in loss of data for hotplugged volumes
2008140 - [4.10.0] CNV fails to deploy due to unavailable SSP virt-template-validator
2008411 - [4.10.0] SSP operator creates kubevirt-os-images instead of openshift-virtualization-os-images namespace
2008938 - missing spec.priorityClassName for pod hyperconverged-cluster-cli-download
2008949 - Multiple storage pods are missing spec.priorityClassName
2008975 - v4.10.0-142 CNV contains outdated ssp-operator and virt-template-validator
2010540 - HCO.status.relatedObjects are not getting updated with correct resourceVersion of reconciled resources
2010908 - [MTV] VM remains in printableStatus: Provisioning in cold migration
2012920 - nncp in progressing state forever when cluster is having Windows node
2013160 - Create an offline VM with storageClass HPP is always in 'Provisioning‘ status
2013455 - Guest agent reports unreliable status when  mac address is changed
2015327 - hostpath-provisioner pods do not have any resources.requests values set up
2017255 - Migration of VM doesn't clean up the target pod in time in case of failed migration
2018457 - Windows high performance templates should use virtio storage
2018925 - Metric kubevirt_vmi_memory_used_total_bytes is not reporting correct value
2018970 - RHEL9 alpha template - support level is "Full"
2019053 - DV with immediate bind remains in WaitForFirstConsumer
2021992 - [cnv-4.10.0] After upgrade, live migration is Pending
2025295 - Windows VMs fail to start on air-gapped environments for non-admin users
2025750 - must-gather | nft files are not collected for nodes
2025878 - The import cron pod is not deleted after delete the dataimportcron if the import is failed
2026336 - [SNO] We see multiple replicas of virt-api, virt-controller and virt-operator.
2026363 - kubemacpool is rotating kubernetes-nmstate certificates
2026665 - Unable to ssh to a VM when running with Service Mesh
2026667 - Alerts: SSPDown and SSPTemplateValidatorDown are constantly in Firing state
2027420 - [SNO] SR-IOV operator fails to install after CNV is installed
2027922 - Typo on LowKVMNodesCount summary
2029343 - High performance VM fail to start on libvirt error (kvm-hint-dedicated)
2029767 - Enactment goes to pending even when maxunavailable is set to 100% in nncp
2030660 - ImageSteam rhel8-guest and rhel9-guest are managed by HCO but they are not getting reconciled
2030686 - must-gather | missing SRIOV namespace subdir under collected dir
2030801 - CVE-2021-44716 golang: net/https: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2031033 - VM migration from VMware fail on missing v2v-vmware ConfigMap in OCP-4.10/CNV-4.10
2031688 - hostpath-provisioner-operator deployment is referencing upstream images
2031727 - [CNV-4.10] kubemacpool & nmstate pods stuck in pending state
2031919 - [SNO] we cannot cleanly remove the product on SNO due to kubevirt apiservices leftovers
2032045 - When alert VirtControllerRESTErrorsHigh triggered it keeps in Firing state for hours (even when there are no failed api calls anymore)
2032845 - SSP CR | reason field's value in SSP CR status.conditions is not CamelCased
2032873 - [4.9] Windows VMs fail to start on air-gapped environments for non-admin users
2032876 - [4.8] Windows VMs fail to start on air-gapped environments for non-admin users
2033240 - Templates golden image parameters names should be updated
2033252 - nncp changing it's status between "ConfigurationProgressing" to "SuccessfullyConfigured" every few minutes
2034544 - disk.img file is resized up for HPP and NFS storage classes
2035008 - Auto-update boot sources: CDI tries to import even when a PVC already exists;  dataSources are not updated
2035324 - Trying to uninstall CNV with `uninstallStrategy: RemoveWorkloads` and existing workloads lefts the system in a corrupted state
2035658 - NMPolicy can't replace strings using captures, making teardown not possible
2035677 - Windows10 VM with CDROM migration fails
2036220 - Recommended disk image url is outdated in Fedora 33+ template description
2036483 - HCO Enablement | reconciliation error adding a custom cron template
2036605 - Auto-update boot sources: DataSource Ready status is not updated if there's no DataImportCron associated with it
2037270 - Auto-update boot sources: CentOs and Fedora DVs fail to import due to docker references
2037290 - Dataimportcron keeps re-creating when enable the feature gate
2037312 - CNV occasionally cannot be removed due to leftovers dataImportCrons
2037421 - SSP default log level should be set to "info"
2038679 - Clone with volume mode file system using Storage API fails
2038825 - Ubuntu, centos6 and opensuse templates should be removed from common templates bundle in downstream
2038831 - SAP HANA template should not contain evictionStrategy: LiveMigrate
2038985 - No feedback when HPP path is sharing host filesystem
2039196 - DataImportCron with imagestream source does not support image tags
2039208 - Recording Rule "kubevirt_vm_container_free_memory_bytes" is not working
2039489 - KubePersistentVolumeFillingUp Firing for VM disk Filesystem PVCs
2039683 - HANA Template - remove default values for network names
2039686 - SAP HANA template - container disk registry should be updated
2039691 - SAP HANA template - set node label instead of node for node selection
2040113 - The component value of virt-operator label is different with other virt components
2040115 - Labels  "part-of" and "version" in virt components  are missing
2041519 - Custom DataImportCron with the same name as CNV-provided DataImportCron can be added via HCO overwriting configuration
2041530 - HPP CSI CR can't be deleted if it's a combination of a basic storage pool, and a pvcTemplate
2042139 - HPP-operator reconciling CSI even if nothing is happening
2042799 - All existing templates are marked as deprecated after CNV upgrade
2042842 - SAP HANA template -  SR-IOV NICs should not specify model virtio
2042856 - Getting 'jq' error while running 'must-gather' command.
2042880 - 'yq' command is missing in downstream must-gather image.
2042908 - hotplugs not included in VMSnapshot
2044348 - VM with ocs-storagecluster-cephfs sc keeps in CrashLoopBackOff
2044398 - SSP should not update DataSource managed by DataImportCron
2046271 - virt-cdi-importer fails to import a VM image when clusterwide proxy configured
2048227 - Common templates - DATA_SOURCE_NAMESPACE value should be updated in d/s
2048275 - HPP mounter deployment crashes on parsing lsblk output
2051105 - DataSources, managed by DataImportCron, are not reconciled when edited
2051693 - DataSource (which has a golden image and was opted-in/out using cdi label) will be reconciled and will not actually be opted out
2051968 - virt-freezer binary missing from downstream virt-launcher
2052489 - KubevirtVmHighMemoryUsage is based on limit not request
2053027 - nmpolicy cannot clone IP config of the default NIC carrying static IPv6
2058167 - Post deploy on a baremetal cluster SSP is looping attempting to reconcile

5. References:

https://access.redhat.com/security/cve/CVE-2021-29923
https://access.redhat.com/security/cve/CVE-2021-33195
https://access.redhat.com/security/cve/CVE-2021-33197
https://access.redhat.com/security/cve/CVE-2021-33198
https://access.redhat.com/security/cve/CVE-2021-34558
https://access.redhat.com/security/cve/CVE-2021-36221
https://access.redhat.com/security/cve/CVE-2021-44716
https://access.redhat.com/security/cve/CVE-2021-44717
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYjJSI9zjgjWX9erEAQgOHBAAlkzm8Bg5mdp2y/95FjjySTigxCiMcV9U
1+hC+WHS0ufzc0mUO8HqKIFSEjDiTKEqF3R00eorBeyfMiklyHlI7oOLs3TEF8Tr
MRjNjKdV4bIfVG8m92PaIq9RbUyD5Pzk4P0xgbEABFNT4sdJI18RF826EJoUXxG1
ycBid2d0shEpQgGi0/CVvwsXkkOKQdi7Nsh4mi8U5XkvQ8BXD6k6UerD7QqD82By
/uJzWaMJfbOex0ZzBWlXXyiZa4tWNbjJk9ULSKw27lqNaNN9jm5Ec2Jlz6X7JUvY
iYu+dQuSuU7aIQGINAFJstKOU3MKas0xTVs5uqdJ/lyMHQfY9fpzLnm7yb883JO9
SLQoRmIjf7bja9vknlrv/3pLZQjIhRk7SUkTo36kTeB79N0AFFRywihomWPAWKnl
GAzuaX1j9lUNhz/+UKtR8HHqL6F4OVqDU1qofF13Gw0E90ZTdVrVA0ioU6EFBYv5
gfijlSTEQGa3c/keSacR9zx2LAQd6jn5q3HRR4R2fYXOlsdv+M2oaqM6ai4ABGAa
QLHlkth5ieKY9XuU3hJwd2a9/Ar2HeFcD2FfcRsx06/0g0WUaYphaFWuReDQwe3M
xCAdSPhi8QysijleW3zOiIw2vFZvKeXTgMwbwlOvgJkK7eXHvO/VCtyFLigf57m3
ZNdx+ztsYEA=
=+jwg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-0947:01 Moderate: OpenShift Virtualization 4.10.0 Images

Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements

Summary

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.0 images:
RHEL-8-CNV-4.10
==============
kubevirt-velero-plugin-container-v4.10.0-8 virtio-win-container-v4.10.0-10 kubevirt-template-validator-container-v4.10.0-16 hostpath-csi-driver-container-v4.10.0-32 hostpath-provisioner-container-v4.10.0-32 hostpath-provisioner-operator-container-v4.10.0-62 cnv-must-gather-container-v4.10.0-110 virt-cdi-controller-container-v4.10.0-90 virt-cdi-apiserver-container-v4.10.0-90 virt-cdi-uploadserver-container-v4.10.0-90 virt-cdi-uploadproxy-container-v4.10.0-90 virt-cdi-operator-container-v4.10.0-90 virt-cdi-cloner-container-v4.10.0-90 virt-cdi-importer-container-v4.10.0-90 kubevirt-ssp-operator-container-v4.10.0-50 virt-api-container-v4.10.0-217 hyperconverged-cluster-webhook-container-v4.10.0-133 libguestfs-tools-container-v4.10.0-217 virt-handler-container-v4.10.0-217 virt-launcher-container-v4.10.0-217 virt-artifacts-server-container-v4.10.0-217 virt-controller-container-v4.10.0-217 node-maintenance-operator-container-v4.10.0-48 hyperconverged-cluster-operator-container-v4.10.0-133 virt-operator-container-v4.10.0-217 cnv-containernetworking-plugins-container-v4.10.0-49 kubemacpool-container-v4.10.0-49 bridge-marker-container-v4.10.0-49 ovs-cni-marker-container-v4.10.0-49 ovs-cni-plugin-container-v4.10.0-49 kubernetes-nmstate-handler-container-v4.10.0-49 cluster-network-addons-operator-container-v4.10.0-49 hco-bundle-registry-container-v4.10.0-696
Security Fix(es):
* golang: net/https: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate

Package List

Severity
Advisory ID: RHSA-2022:0947-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0947
Issued Date: : 2022-03-16
CVE Names: CVE-2021-29923 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 CVE-2021-36221 CVE-2021-44716 CVE-2021-44717 CVE-2022-24407

Topic

Red Hat OpenShift Virtualization release 4.10.0 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1760028 - CPU compatibility is not checked when migrating host-model VMs

1855182 - [Storage] Clone could not be continued after virtctl stop the vm if the clone dv have been created for more than 3 minutes

1906151 - High CPU/Memory usage of Kube API server following a CNV installation

1918294 - VM created from template when OCS is default SC fails to start on "source volumeMode (Block) and target volumeMode (Filesystem) do not match"

1935217 - [CNV-2.5] Manifests in openshift-cnv missing resource requirements - Storage

1945586 - CPU pinning is incorrect after live migration

1958085 - No option to deploy the templates to a non-shared (non default) namespace

1959039 - must-gather doesn't collect iptables info of CNV VM anymore

1975978 - canary-release-openshift-origin-installer-e2e-aws-4.7-cnv is permfailing

1983079 - No "permittedHostDevices" section in HCO CR, allows any hostdevice in the VM spec.

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic

1986970 - Node outages can lead to (legitimate) mass restarts of VMs which can block our controller

1987009 - [tracker] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters

1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names

1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

1990061 - [virt] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters

1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet

1992231 - hostpath-provisioner Pods are not created

1993454 - Improve ImageIO import performance

1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

1997540 - Missing kcs: OpenShift Virtualization limits

1998300 - CNV VMs do not contain the cluster domain name in the FQDN

1999110 - 4.10.0 containers

1999636 - 4.10.0 rpms

2000480 - Using depreacted 1.25 API calls

2001984 - VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a PVC

2001987 - VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a DV

2002272 - Unable to LiveMigrate a VM with nonroot VirtLauncher Pod

2003704 - Switch live migration to use unix sockets

2007397 - Unexpected killing of virt-launcher pod, can result in loss of data for hotplugged volumes

2008140 - [4.10.0] CNV fails to deploy due to unavailable SSP virt-template-validator

2008411 - [4.10.0] SSP operator creates kubevirt-os-images instead of openshift-virtualization-os-images namespace

2008938 - missing spec.priorityClassName for pod hyperconverged-cluster-cli-download

2008949 - Multiple storage pods are missing spec.priorityClassName

2008975 - v4.10.0-142 CNV contains outdated ssp-operator and virt-template-validator

2010540 - HCO.status.relatedObjects are not getting updated with correct resourceVersion of reconciled resources

2010908 - [MTV] VM remains in printableStatus: Provisioning in cold migration

2012920 - nncp in progressing state forever when cluster is having Windows node

2013160 - Create an offline VM with storageClass HPP is always in 'Provisioning‘ status

2013455 - Guest agent reports unreliable status when mac address is changed

2015327 - hostpath-provisioner pods do not have any resources.requests values set up

2017255 - Migration of VM doesn't clean up the target pod in time in case of failed migration

2018457 - Windows high performance templates should use virtio storage

2018925 - Metric kubevirt_vmi_memory_used_total_bytes is not reporting correct value

2018970 - RHEL9 alpha template - support level is "Full"

2019053 - DV with immediate bind remains in WaitForFirstConsumer

2021992 - [cnv-4.10.0] After upgrade, live migration is Pending

2025295 - Windows VMs fail to start on air-gapped environments for non-admin users

2025750 - must-gather | nft files are not collected for nodes

2025878 - The import cron pod is not deleted after delete the dataimportcron if the import is failed

2026336 - [SNO] We see multiple replicas of virt-api, virt-controller and virt-operator.

2026363 - kubemacpool is rotating kubernetes-nmstate certificates

2026665 - Unable to ssh to a VM when running with Service Mesh

2026667 - Alerts: SSPDown and SSPTemplateValidatorDown are constantly in Firing state

2027420 - [SNO] SR-IOV operator fails to install after CNV is installed

2027922 - Typo on LowKVMNodesCount summary

2029343 - High performance VM fail to start on libvirt error (kvm-hint-dedicated)

2029767 - Enactment goes to pending even when maxunavailable is set to 100% in nncp

2030660 - ImageSteam rhel8-guest and rhel9-guest are managed by HCO but they are not getting reconciled

2030686 - must-gather | missing SRIOV namespace subdir under collected dir

2030801 - CVE-2021-44716 golang: net/https: limit growth of header canonicalization cache

2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error

2031033 - VM migration from VMware fail on missing v2v-vmware ConfigMap in OCP-4.10/CNV-4.10

2031688 - hostpath-provisioner-operator deployment is referencing upstream images

2031727 - [CNV-4.10] kubemacpool & nmstate pods stuck in pending state

2031919 - [SNO] we cannot cleanly remove the product on SNO due to kubevirt apiservices leftovers

2032045 - When alert VirtControllerRESTErrorsHigh triggered it keeps in Firing state for hours (even when there are no failed api calls anymore)

2032845 - SSP CR | reason field's value in SSP CR status.conditions is not CamelCased

2032873 - [4.9] Windows VMs fail to start on air-gapped environments for non-admin users

2032876 - [4.8] Windows VMs fail to start on air-gapped environments for non-admin users

2033240 - Templates golden image parameters names should be updated

2033252 - nncp changing it's status between "ConfigurationProgressing" to "SuccessfullyConfigured" every few minutes

2034544 - disk.img file is resized up for HPP and NFS storage classes

2035008 - Auto-update boot sources: CDI tries to import even when a PVC already exists; dataSources are not updated

2035324 - Trying to uninstall CNV with `uninstallStrategy: RemoveWorkloads` and existing workloads lefts the system in a corrupted state

2035658 - NMPolicy can't replace strings using captures, making teardown not possible

2035677 - Windows10 VM with CDROM migration fails

2036220 - Recommended disk image url is outdated in Fedora 33+ template description

2036483 - HCO Enablement | reconciliation error adding a custom cron template

2036605 - Auto-update boot sources: DataSource Ready status is not updated if there's no DataImportCron associated with it

2037270 - Auto-update boot sources: CentOs and Fedora DVs fail to import due to docker references

2037290 - Dataimportcron keeps re-creating when enable the feature gate

2037312 - CNV occasionally cannot be removed due to leftovers dataImportCrons

2037421 - SSP default log level should be set to "info"

2038679 - Clone with volume mode file system using Storage API fails

2038825 - Ubuntu, centos6 and opensuse templates should be removed from common templates bundle in downstream

2038831 - SAP HANA template should not contain evictionStrategy: LiveMigrate

2038985 - No feedback when HPP path is sharing host filesystem

2039196 - DataImportCron with imagestream source does not support image tags

2039208 - Recording Rule "kubevirt_vm_container_free_memory_bytes" is not working

2039489 - KubePersistentVolumeFillingUp Firing for VM disk Filesystem PVCs

2039683 - HANA Template - remove default values for network names

2039686 - SAP HANA template - container disk registry should be updated

2039691 - SAP HANA template - set node label instead of node for node selection

2040113 - The component value of virt-operator label is different with other virt components

2040115 - Labels "part-of" and "version" in virt components are missing

2041519 - Custom DataImportCron with the same name as CNV-provided DataImportCron can be added via HCO overwriting configuration

2041530 - HPP CSI CR can't be deleted if it's a combination of a basic storage pool, and a pvcTemplate

2042139 - HPP-operator reconciling CSI even if nothing is happening

2042799 - All existing templates are marked as deprecated after CNV upgrade

2042842 - SAP HANA template - SR-IOV NICs should not specify model virtio

2042856 - Getting 'jq' error while running 'must-gather' command.

2042880 - 'yq' command is missing in downstream must-gather image.

2042908 - hotplugs not included in VMSnapshot

2044348 - VM with ocs-storagecluster-cephfs sc keeps in CrashLoopBackOff

2044398 - SSP should not update DataSource managed by DataImportCron

2046271 - virt-cdi-importer fails to import a VM image when clusterwide proxy configured

2048227 - Common templates - DATA_SOURCE_NAMESPACE value should be updated in d/s

2048275 - HPP mounter deployment crashes on parsing lsblk output

2051105 - DataSources, managed by DataImportCron, are not reconciled when edited

2051693 - DataSource (which has a golden image and was opted-in/out using cdi label) will be reconciled and will not actually be opted out

2051968 - virt-freezer binary missing from downstream virt-launcher

2052489 - KubevirtVmHighMemoryUsage is based on limit not request

2053027 - nmpolicy cannot clone IP config of the default NIC carrying static IPv6

2058167 - Post deploy on a baremetal cluster SSP is looping attempting to reconcile

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.