Veritas™ Services and Operations Readiness Tools (SORT)
|
|
|---|
| Release type: | Patch |
| Release date: | 2022-01-16 |
| OS update support: | None |
| Technote: | None |
| Documentation: | None |
| Popularity: | 268 viewed downloaded |
| Download size: | 244 MB |
| Checksum: | 919483947 |
|
InfoScale Availability 7.4.1 On Solaris 11 X64
InfoScale Enterprise 7.4.1 On Solaris 11 X64 InfoScale Foundation 7.4.1 On Solaris 11 X64 InfoScale Storage 7.4.1 On Solaris 11 X64 |
|
|
3982248, 3982912, 3986554, 3996796, 4016876, 4042947, 4049416, 4050664, 4051040, 4054264, 4054265, 4054266, 4054267, 4054269, 4054270, 4054271, 4054272, 4054273, 4054276, 4054323, 4054325, 4054697, 4056779
|
|
None.
|
* * * READ ME * * *
* * * InfoScale 7.4.1 * * *
* * * Patch 2300 * * *
Patch Date: 2022-01-05
This document provides the following information:
* PATCH NAME
* OPERATING SYSTEMS SUPPORTED BY THE PATCH
* PACKAGES AFFECTED BY THE PATCH
* BASE PRODUCT VERSIONS FOR THE PATCH
* SUMMARY OF INCIDENTS FIXED BY THE PATCH
* DETAILS OF INCIDENTS FIXED BY THE PATCH
* INSTALLATION PRE-REQUISITES
* INSTALLING THE PATCH
* REMOVING THE PATCH
PATCH NAME
----------
InfoScale 7.4.1 Patch 2300
OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
Solaris 11 X64
PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSamf
VRTSgab
VRTSllt
VRTSpython
VRTSvcs
VRTSvcsag
VRTSvcsea
VRTSvlic
VRTSvxfen
BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
* InfoScale Availability 7.4.1
* InfoScale Enterprise 7.4.1
* InfoScale Foundation 7.4.1
* InfoScale Storage 7.4.1
SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: VRTSvcs-7.4.1.1200
* 4054266 (4040705) When a command exceeds 4096 characters, hacli hangs indefinitely.
* 4054267 (4040656) When the ENOMEM error occurs, HAD does not shut down gracefully.
* 4054271 (4043700) In case of failover, parallel, or hybrid service groups, multiple PreOnline triggers can be executed on the same node or on different nodes in a cluster while an online operation is in already progress.
Patch ID: VRTSvcs-7.4.1.1100
* 3982912 (3981992) A potentially critical security vulnerability in VCS needs to be addressed.
Patch ID: VRTSpython-3.6.6.10
* 4056779 (4049771) The VRTSpython package needs to be made available on AIX and Solaris to support the InfoScale licensing component.
Patch ID: VRTSvlic-4.01.741.300
* 4049416 (4049416) Migrate Licensing Collector service from Java to Python.
Patch ID: VRTSllt-7.4.1.1100
* 4050664 (4046199) LLT configurations over UDP accept only ethernet interface names as link tag names.
* 4051040 (3989372) When the CPU load and memory consumption is high in a VMware environment, some nodes in an InfoScale cluster may get fenced out.
* 4054272 (4045607) Performance improvement of the UDP multiport feature of LLT on 1500 MTU-based networks.
* 4054697 (3985775) Sometimes, the system log may get flooded with LLT heartbeat loss messages that do not necessarily indicate any actual issues with LLT.
Patch ID: VRTSgab-7.4.1.1100
* 4054264 (4046413) After a node is added to or removed from a cluster, the GAB node count or the fencing quorum is not updated.
* 4054265 (4046418) The GAB module starts up even if LLT is not configured.
Patch ID: VRTSamf-7.4.1.1100
* 4054323 (4001565) On Solaris 11.4, IMF fails to provide notifications when Oracle processes stop.
Patch ID: VRTSvcsag-7.4.1.1200
* 4042947 (4042944) In a hardware replication environment, a disk group resource may fail to be imported when the HARDWARE_MIRROR flag is set.
* 4054269 (4030215) The InfoScale agents for Azure agents did not support credential validation methods based on the azure-identity library.
* 4054270 (4046286) The InfoScale agents for Azure do not handle generic exceptions.
* 4054273 (4044567) The HostMonitor agent faults while logging the memory usage of a system.
* 4054276 (4048164) When a cloud API that an InfoScale agent has called hangs, an unwanted failover of the associated service group may occur.
Patch ID: VRTSvcsag-7.4.1.1100
* 3996796 (3996795) After the phase 1 of a rolling upgrade completes, a CoordPoint resource goes into the FAULTED state.
Patch ID: VRTSvcsea-7.4.1.1200
* 4054325 (4043289) In an Oracle ASM 19c environment on Solaris, the ASMInst agent fails to come online or to detect the state of the related resources.
Patch ID: VRTSvcsea-7.4.1.1100
* 3982248 (3989510) The VCS agent for Oracle does not support Oracle 19c databases.
Patch ID: VRTSvxfen-7.4.1.1200
* 4016876 (4000745) The VxFEN process fails to start due to late discovery of the VxFEN disk group.
Patch ID: VRTSvxfen-7.4.1.1100
* 3986554 (3986553) After the phase 1 of a rolling upgrade completes, a CoordPoint resource goes into the FAULTED state.
DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:
Patch ID: VRTSvcs-7.4.1.1200
* 4054266 (Tracking ID: 4040705)
SYMPTOM:
When a command exceeds 4096 characters, hacli hangs indefinitely.
DESCRIPTION:
Instead of returning the appropriate error message, hacli waits indefinitely for a reply from the VCS engine.
RESOLUTION:
Increased the limit of the hacli '-cmd' option to 7680 characters. Validations for the various hacli options are also now handled better. Thus, when the value of the '-cmd' option exceeds the new limit, hacli no longer hangs, but instead returns the appropriate proper error message.
* 4054267 (Tracking ID: 4040656)
SYMPTOM:
When the ENOMEM error occurs, HAD does not shut down gracefully.
DESCRIPTION:
When HAD encounters the ENOMEM error, it reattempts the operation a few times until it reaches a predefined maximum limit, and then it exits. The hashadow daemon restarts HAD with the '-restart' option. The failover service group in the cluster is not started automatically, because it appears that one of the cluster nodes is in the 'restarting' mode.
RESOLUTION:
HAD is enhanced to exit gracefully when it encounters the ENOMEM error, and the hashadow daemon is updated to restart HAD without the '-restart' option. This enhancement ensures that in such a scenario, the autostart of a failover service group is triggered as expected.
* 4054271 (Tracking ID: 4043700)
SYMPTOM:
In case of failover, parallel, or hybrid service groups, multiple PreOnline triggers can be executed on the same node or on different nodes in a cluster while an online operation is in already progress.
DESCRIPTION:
This issue occurs because the validation of online operations did not take the ongoing execution of PreOnline triggers into consideration. Thus, subsequent online operations are accepted while a PreOnline trigger is already being executed. Consequently, multiple PreOnline trigger instances are executed.
RESOLUTION:
A check for PreOnline triggers is added to the validation of ongoing online operations, and subsequent calls for online operations are rejected. Thus, the PreOnline trigger for failover groups is executed only once.
Patch ID: VRTSvcs-7.4.1.1100
* 3982912 (Tracking ID: 3981992)
SYMPTOM:
A potentially critical security vulnerability in VCS needs to be addressed.
DESCRIPTION:
A potentially critical security vulnerability in VCS needs to be addressed.
RESOLUTION:
This hotfix addresses the security vulnerability. For details, refer to the security advisory at: https://www.veritas.com/content/support/en_US/security/VTS19-003.html
Patch ID: VRTSpython-3.6.6.10
* 4056779 (Tracking ID: 4049771)
SYMPTOM:
The VRTSpython package needs to be made available on AIX and Solaris to support the InfoScale licensing component.
DESCRIPTION:
Certain Python modules are required for the InfoScale Core Plus licensing component to function. To support this component, the VRTSpython package needs to be made available for the AIX and the Solaris platforms.
RESOLUTION:
This patch deploys the VRTSpython package on AIX and Solaris.
Patch ID: VRTSvlic-4.01.741.300
* 4049416 (Tracking ID: 4049416)
SYMPTOM:
Frequent Security vulnerabilities reported in JRE.
DESCRIPTION:
There are many vulnerabilities reported in JRE every quarter. To overcome this vulnerabilities issue migrate Licensing Collector service from Java to Python.
All other behavior of Licensing Collector service will remain the same.
RESOLUTION:
Migrated Licensing Collector service from Java to Python.
Patch ID: VRTSllt-7.4.1.1100
* 4050664 (Tracking ID: 4046199)
SYMPTOM:
LLT configurations over UDP accept only ethernet interface names as link tag names.
DESCRIPTION:
The tag field in the link definition accepts only the ethernet interface name as a value.
RESOLUTION:
The LLT module is updated to accept any string a as link tag name.
* 4051040 (Tracking ID: 3989372)
SYMPTOM:
When the CPU load and memory consumption is high in a VMware environment, some nodes in an InfoScale cluster may get fenced out.
DESCRIPTION:
Occasionally, in a VMware environment, the operating system may not schedule LLT contexts on time. Consequently, heartbeats from some of the cluster nodes may be lost, and those nodes may get fenced out. This situation typically occurs when the CPU load or the memory usage is high or when the VMDK snapshot or vMotion operations are in progress.
RESOLUTION:
This fix attempts to make clusters more resilient to transient issues by heartbeating using threads bound to every vCPU.
* 4054272 (Tracking ID: 4045607)
SYMPTOM:
LLT over UDP support for transmission and reception of data over 1500 MTU networks.
DESCRIPTION:
The UDP multiport feature in LLT performs poorly in case of 1500 MTU-based networks. Data packets larger than 1500 bytes cannnot be transmitted over 1500 MTU-based networks, so the IP layer fragments them appropriately for transmission. The loss of a single fragment from the set leads to a total packet (I/O) loss. LLT then retransmits the same packet repeatedly until the transmission is successful. Eventually, you may encounter issues with the Flexible Storage Sharing (FSS) feature. For example, the vxprint process or the disk group creation process may stop responding, or the I/O-shipping performance may degrade severely.
RESOLUTION:
The UDP multiport feature of LLT is updated to fragment the packets such that they can be accommodated in the 1500-byte network frame. The fragments are rearranged on the receiving node at the LLT layer. Thus, LLT can track every fragment to the destination, and in case of transmission failures, retransmit the lost fragments based on the current RTT time.
* 4054697 (Tracking ID: 3985775)
SYMPTOM:
Sometimes, the system log may get flooded with LLT heartbeat loss messages that do not necessarily indicate any actual issues with LLT.
DESCRIPTION:
LLT heartbeat loss messages can appear in the system log either due to actual heartbeat drops in the network or due to heartbeat packets arriving out of order. In either case, these messages are only informative and do not indicate any issue in the LLT functionality. Sometimes, the system log may get flooded with these messages, which are not useful.
RESOLUTION:
The LLT module is updated to lower the frequency of printing LLT heartbeat loss messages. This is achieved by increasing the number of missed sequential HB packets required to print this informative message.
Patch ID: VRTSgab-7.4.1.1100
* 4054264 (Tracking ID: 4046413)
SYMPTOM:
After a node is added to or removed from a cluster, the GAB node count or the fencing quorum is not updated.
DESCRIPTION:
The gabconfig -m <node_count> command returns an error even if the correct node count is provided.
RESOLUTION:
To address this issue, a parsing issue with the GAB module is fixed.
* 4054265 (Tracking ID: 4046418)
SYMPTOM:
The GAB module starts up even if LLT is not configured.
DESCRIPTION:
Since the GAB service depends on the LLT service, if LLT fails to start or if it is not configured, GAB should not start.
RESOLUTION:
The GAB module is updated to start only if LLT is configured.
Patch ID: VRTSamf-7.4.1.1100
* 4054323 (Tracking ID: 4001565)
SYMPTOM:
On Solaris 11.4, IMF fails to provide notifications when Oracle processes stop.
DESCRIPTION:
On Solaris 11.4, when Oracle processes stop, IMF provides notification to Oracle agent, but the monitor is not scheduled. As as result, agent fails intelligent monitoring.
RESOLUTION:
Oracle agent now provides notifications when Oracle processes stop.
Patch ID: VRTSvcsag-7.4.1.1200
* 4042947 (Tracking ID: 4042944)
SYMPTOM:
In a hardware replication environment, a disk group resource may fail to be imported when the HARDWARE_MIRROR flag is set.
DESCRIPTION:
After the VCS hardware replication agent resource fails over control to the secondary site, the DiskGroup agent does not rescan all the required device paths in case of a multi-pathing configuration. The vxdg import operation fails, because the hardware device characteristics for all the paths are not refreshed.
RESOLUTION:
A new resource-level attribute, ScanDisks, is introduced for the DiskGroup agent. The ScanDisks attribute lets you perform a selective devices scan for all the disk paths that are associated with a VxVM disk group. Before attempting to import a hardware clone or a hardware replicated device, the VxVM and the DMP attributes of a disk are refreshed. The default value of ScanDisks is 0, which indicates that a selective device scan is not performed. Even when ScanDisks is set to 0, if the disk group fails with an error string containing HARDWARE_MIRROR during the first disk group import attempt, the DiskGroup agent performs a selective device scan to increase the chances of a successful import.
Sample resource configuration for hardware clone disk groups:
DiskGroup tc_dg (
DiskGroup = datadg
DGOptions = "-o useclonedev=on -o updateid"
ForceImport = 0
ScanDisks = 1
)
Sample resource configuration for hardware replicated disk groups:
DiskGroup tc_dg (
DiskGroup = datadg
ForceImport = 0
ScanDisks = 1
)
* 4054269 (Tracking ID: 4030215)
SYMPTOM:
The InfoScale agents for Azure agents did not support credential validation methods based on the azure-identity library.
DESCRIPTION:
The Microsoft Azure credential system is revamped, and the new system is available in the azure-identity library.
RESOLUTION:
The InfoScale agents for Azure have been enhanced to support credential validation methods based on the azure-identity library. Now, the agents support the following Azure Python SDK versions:
azure-common==1.1.25
azure-core==1.10.0
azure-identity==1.4.1
azure-mgmt-compute==19.0.0
azure-mgmt-core==1.2.2
azure-mgmt-dns==8.0.0
azure-mgmt-network==17.1.0
azure-storage-blob==12.8.0
msrestazure==0.6.4
* 4054270 (Tracking ID: 4046286)
SYMPTOM:
The InfoScale agents for Azure do not handle generic exceptions.
DESCRIPTION:
The InfoScale agents can handle only the CloudError exception of the Azure APIs. It cannot handle other errors that may occur during certain failure conditions.
RESOLUTION:
The InfoScale agents for Azure are enhanced to handle several API failure conditions.
* 4054273 (Tracking ID: 4044567)
SYMPTOM:
The HostMonitor agent faults while logging the memory usage of a system.
DESCRIPTION:
The HostMonitor agent runs in the background to monitor the usage of the resources of a system. It faults and terminates unexpectedly while logging the memory usage of a system and generates a core dump.
RESOLUTION:
This patch updates the HostMonitor agent to handle the issue that it encounters while logging the memory usage data of a system.
* 4054276 (Tracking ID: 4048164)
SYMPTOM:
When a cloud API that an InfoScale agent has called hangs, an unwanted failover of the associated service group may occur.
DESCRIPTION:
When a cloud SDK API or a CLI command hangs, the monitor function of an InfoScale agent that has called the API or the command may time out. Consequently, the agent may report incorrect resource states, and an unwanted failover of the associated service group may occur.
RESOLUTION:
To avoid this issue, the default value of the FaultOnMonitorTimeout attribute is set to 0 for all the InfoScale agents for cloud support.
Patch ID: VRTSvcsag-7.4.1.1100
* 3996796 (Tracking ID: 3996795)
SYMPTOM:
After the phase 1 of a rolling upgrade completes, a CoordPoint resource goes into the FAULTED state.
DESCRIPTION:
This issue occurs when the CoordPoint agent is upgraded to 7.4.1 from any earlier version using a rolling upgrade. A field was added to the VXFEN driver structure due to which the client, VXFEN_IOC_GET_COORD IOCTL, fails.
RESOLUTION:
This hotfix addresses the issue by building the VRTSvcsag module with the updated VxFEN structure.
Patch ID: VRTSvcsea-7.4.1.1200
* 4054325 (Tracking ID: 4043289)
SYMPTOM:
In an Oracle ASM 19c environment on Solaris, the ASMInst agent fails to come online or to detect the state of the related resources.
DESCRIPTION:
This issue occurs due to incorrect permissions on certain Oracle files on Solaris.
RESOLUTION:
The ASMInst agent is updated to handle the change in permissions that causes this issue.
Patch ID: VRTSvcsea-7.4.1.1100
* 3982248 (Tracking ID: 3989510)
SYMPTOM:
The VCS agent for Oracle does not support Oracle 19c databases.
DESCRIPTION:
In case of non-CDB or CDB-only databases, the VCS agent for Oracle does not recognize that an Oracle 19c resource is intentionally offline after a graceful shutdown. This functionality is never supported for PDB-type databases.
RESOLUTION:
The agent is updated to recognize the graceful shutdown of an Oracle 19c resource as intentional offline in case of non-CDB or CDB-only databases. For details, refer to the article at: https://www.veritas.com/support/en_US/article.100046803.
Patch ID: VRTSvxfen-7.4.1.1200
* 4016876 (Tracking ID: 4000745)
SYMPTOM:
The VxFEN process fails to start due to late discovery of the VxFEN disk group.
DESCRIPTION:
When I/O fencing starts, the VxFEN startup script creates this /etc/vxfentab file on each node. During disk-based fencing, the VxVM module may take longer time to discover the VxFEN disk group. Because of this delay, the 'generate disk list' opreration times out. Therefore, the VxFEN process fails to start and reports the following error: 'ERROR: VxFEN cannot generate vxfentab because vxfendg does not exist'
RESOLUTION:
A new tunable, getdisks_timeout, is introduced to specify the timeout value for the VxFEN disk group discovery. The maximum and the default value for this tunable is 600 seconds. You can set the value of this tunable by adding an getdisks_timeout=<time_in_sec> entry in the /etc/vxfenmode file.
Patch ID: VRTSvxfen-7.4.1.1100
* 3986554 (Tracking ID: 3986553)
SYMPTOM:
After the phase 1 of a rolling upgrade completes, a CoordPoint resource goes into the FAULTED state.
DESCRIPTION:
This issue occurs when the CoordPoint agent is upgraded to 7.4.1 from any earlier version using a rolling upgrade. A field was added to the VXFEN driver structure due to which the client, VXFEN_IOC_GET_COORD IOCTL, fails.
RESOLUTION:
This hotfix addresses the issue by providing a global field to serve the purpose instead of adding a field to the VXFEN driver structure.
INSTALLING THE PATCH
--------------------
Run the Installer script to automatically install the patch:
-----------------------------------------------------------
Please be noted that the installation of this P-Patch will cause downtime.
To install the patch perform the following steps on at least one node in the cluster:
1. Copy the patch infoscale-sol11_x64-Patch-7.4.1.2300.tar.gz to /tmp
2. Untar infoscale-sol11_x64-Patch-7.4.1.2300.tar.gz to /tmp/hf
# mkdir /tmp/hf
# cd /tmp/hf
# gunzip /tmp/infoscale-sol11_x64-Patch-7.4.1.2300.tar.gz
# tar xf /tmp/infoscale-sol11_x64-Patch-7.4.1.2300.tar
3. Install the hotfix(Please be noted that the installation of this P-Patch will cause downtime.)
# pwd /tmp/hf
# ./installVRTSinfoscale741P2300 [<host1> <host2>...]
You can also install this patch together with 7.4.1 base release using Install Bundles
1. Download this patch and extract it to a directory
2. Change to the Veritas InfoScale 7.4.1 directory and invoke the installer script
with -patch_path option where -patch_path should point to the patch directory
# ./installer -patch_path [<path to this patch>] [<host1> <host2>...]
Install the patch manually:
--------------------------
Manual installation is not recommended.
REMOVING THE PATCH
------------------
Manual uninstallation is not recommended.
SPECIAL INSTRUCTIONS
--------------------
Following vulnerabilities has been resolved in 741U6(VRTSpython 3.6.6.10)
CVE-2017-18342
CVE-2020-14343
CVE-2020-1747
Resolution: Upgraded pyyaml to 5.4.1 version
CVE-2019-10160
CVE-2019-9636
CVE-2020-27619
Resolution: Patched the source code of the python itself referenced in corresponding BDSA to resolve the vulnerabilities.
OTHERS
------
NONE
|
Why Register?
Get notifications about ASLs/APMs, HCLs, patches, and high availability agents
As a registered user, you can create notifications to receive updates about NetBackup Future Platform and Feature Plans, NetBackup hot fixes/EEBs in released versions, Array Support Libraries (ASLs)/Array Policy Modules (APMs), hardware compatibility lists (HCLs), patches and high availability agents. In addition, you can create system-specific notifications customized to your environment.
Compare configurations
The Compare Configurations feature lets you compare different system scans by the data collector. When you sign in, you can choose a target system, compare reports run at different times, and easily see how the system's configuration has changed.
Save configurations
After logging in, you can retrieve past reports, share reports with colleagues, review notifications you received, and retain custom settings. Anonymous users cannot access these features.
Bulk uploader
As a registered user,you can upload multiple reports, using the Bulk Uploader.