4.2-8-1.0.0
Fixes
-
Updated RHEL 8.8 base image and system package versions of
bpftool
,container-selinux
,containerd.io
,docker-ce
,docker-ce-cli
,iwl1000-firmware
,kernel
,linux-firmware
,nss
,openssl
,perf, `postgresql
,python39
,wget
. -
Updated Cassandra version to 4.1.7 to address security vulnerabilities.
-
Updated NGINX container version to 1.22.0-5 to address critical CVEs (CVE-2024-45491 and CVE-2024-5535)
-
Updated Apache Tomcat version to 9.0.96.
-
Updated Microsoft JDK version to 11.0.24 to address security vulnerabilities (CVE-2024-21147)
-
Fixed csar ansible scripts so RVT upgrades don’t fail halfway through if you did not enter a MW at the start (#1745177)
-
RVT VMs raise an alarm when a Read Only partition is detected (#1865522)
New functionality
-
Compatibility with SIMPL V6.16.2.
-
REM Certificates require IP Addresses as Alternate Names (#1550033)
-
Updated
rvtconfig
to support references to secret store in configuration YAML files. (#1684972) -
Updated
rvtconfig compare-config
command so secrets are not included on such config comparison. (#1867787) -
Added new
rvtconfig
commands to support rotation of Cassandra user and password secrets:add-cds-user
,remove-cds-user
,rotate-cds-password
. (#1760090 and #1760091)
4.2-7-1.0.0
Fixes
-
Updated RHEL 8.8 base image and system package versions of
avahi-libs
,bind
,bpftool
,container-selinux
,containerd.io
,cups
,cups-client
,cups-libs
,dhcp
,docker-ce
,docker-ce-cli
,expat-devel
,glibc
,iproute
,iwl1000-firmware
,kernel
,less
,libfastjson
,libmaxminddb
,libuuid
,libxml
,linux-firmware
,net-snmp
,NetworkManager
,nss
,openssh
,openssl
,perf, `perl
,platform-python-pip
,postgresql
,python39-setuptools
,python3-bind
,python3-cryptography
,python3-libxml
,python3-pip
,rpm-plugin-selinux
,selinux-policy
,sqlite
,sudo
,tcpdump
,util-linx-user
, to address security vulnerabilities. (#1586651 and #1650638) -
Updated Cassandra version to 4.1.5 to address security vulnerabilities.
-
Updated Apache Tomcat version to 9.0.91 to address security vulnerabilities (CVE-2024-34750).
-
Updated Microsoft JDK version to 11.0.23 to address security vulnerabilities (CVE-2023-41993 and CVE-2024-21892)
-
Fix of
rvtconfig
to support paths with symlinks. (#1611148) -
Fix of
rvtconfig validate
with SMO profile tables validation. (#1667728) -
Corrected an issue that prevented MAG nginx logs from rotating correctly. (#1634237)
-
Updated Cassandra DB GC logging configuration to generate smaller files with required info for memory consumption analysis.
4.2-4-1.0.0
Fixes
-
Updated system package versions of
bind
,bpftool
,container-selinux
,containerd.io
,cups
,cups-libs
,docker-ce
,docker-ce-cli
,glibc
,kernel
,less
,libX11
,libuuid
,nss
,perf
,platform-python-pip
,python3-bind
,python3-pip
,util-linux-user
,NetworkManager
, to address security vulnerabilities. (#1512780) -
Removed SNMP alarm monitoring memAvailReal as this was frequently incorrectly alarming and we now monitor available memory in SIMon. (#1087865)
-
Enhanced NTP setup robustness during bootstrap. (#1521440)
4.2-3-1.0.0
Fixes
-
Updated system package versions of
avahi-libs
,bpftool
,container-selinux
,containerd.io
,curl
,docker-ce
,docker-ce-cli
,gnutls
,iproute
,iwl1000-firmware
,kernel
,libfastjson
,libmaxminddb
,linux-firmware
,nss
,openssh
,perl
,postgresql
,python
,rpm
,sqlite
,sudo
,tcpdump
andtzdata
, to address security vulnerabilities. (#1336181)
4.2-1-1.0.0
New functionality
-
Redhat 8 is now the base operating system in all the VMs, including custom VMs.
-
Compatibility with Redhat 8 based SIMPL V6.15 and MDM 3.8.
-
Updated the OCSS7 version to 5.0 which comes with the latest avaliable release of Hazelcast.
-
Updated the Apache Tomcat version to 9.0.85.
-
Added new default configuration in T-ADS to support 5G Voice over New Radio (VoNR). (#1150080)
-
Added NGINX rate limiting configuration for MAG nodes that improves NGINX DDoS protection for XCAP. (#1293895)
4.1-7-1.0.0
Fixes
-
Update Cassandra 4.1 gc.log configuration options to reduce logging printed information and to allow analysis by censum tool. (#1161334)
-
Updated rvconfig set-desired-running-state command so it lowercases instance names for MDM instance IDs (as SIMPL/MDM do) (#994044)
-
Initconf sets directory and file permissions to the primary user (instead of root) when extracting custom data from yaml configuration files. (#510353)
4.1-5-1.0.0
New functionality
-
Add new charging option 'cap-ro' to support mixed CAMEL and Diameter Ro deployment. (#701809)
-
Add support for configuring multiple destination realms for Diameter Ro. (#701814)
Fixes
-
Updated example configuration for conference-mrf-uri to force TCP (#737570)
-
Corrected the SNMP alarm that was previously monitoring totalFree memory, it now checks for availReal memory instead. (#853447)
-
Modified the validation scripts to avoid checking rhino liveness & alerts when IPSMGW is disabled. (#737963)
-
Allow upload config if there is no live node for a given VM type (#511300)
-
Cassandra 4 container upgraded to 4.1.3 (#987347)
-
Updated system package versions of
libwebp
,bind
,bpftool
,kernel
,open-vm-tools
,perf
, andpython
to address security vulnerabilities. (#1023775) -
Upgraded Apache Tomcat to 8.5.95 version. (#986693)
4.1-3-1.0.0
New functionality
-
The minimum supported version of SIMPL is now 6.13.3. (#290889)
-
TSN upgrades are supported when all other non-TSN nodes are already upgraded to 4.1.3-1.0.0 or higher. Refer to Major upgrade from 4.0.0 of TSN nodes (#290889).
-
TSN VM supports 2 Cassandra releases - 3.11.13 and 4.1.1; the default is 4.1.1 for new deployments, 3.11.13 can be selected by setting the
custom-options
parameter tocassandra_version_3_11
during a VM deployment. Newrvtconfig cassandra-upgrade
allows one-way switch from 3.11.13 to 4.1.1 without outage. Refer to Cassandra version switch procedure for TSN nodes (#290935) -
New
rvtconfig backup-cds
andrvtconfig restore-cds
commands allow backup and restore of CDS data. Refer to Take a CDS backup (#290889) -
New
rvtconfig set-desired-running-state
command to set the desired state of non-TSN initconf processes. Refer to Resume Initconf in non-TSN nodes(#290889)
Fixes
-
Fixed a race condition during quiesce that could result in a VM being turned off before it had completed writing data to CDS. (#733646)
-
Improved the output when rvtconfig gather-diags is given hostname or site ID parameters that do not exist in the SDF, or when the SDF does not specify any VNFCs. (#515668)
-
Fixed an issue where rvtconfig would display an exception stack trace if given an invalid secrets ID. (#515672)
-
rvtconfig gather-diags now reports the correct location of the downloaded diagnostics. (#515671)
-
The version arguments to rvtconfig are now optional, defaulting to the version from the SDF if it matches that of rvtconfig. (#380063)
-
There is now reduced verbosity in the output of the
upload-config
command and logs are now written to a log file. (#334928) -
Fixed service alarms so they will correctly clear after a reboot. (#672674)
-
Fixed rvtconfig gather-diags to be able to take ssh-keys that are outside the rvtcofig container. (#734624)
-
Fixed the
rvtconfig validate
command to only try to validate the optional files if they are all present. (#735591) -
The CDS event check now compares the target versions of the most recent and new events before the new event is deemed to be already in the CDS. (#724431)
-
Extend OutputTreeDiagNode data that the non-TSN initconf reports to MDM based on the DesiredRunningState set from
rvtconfig
. (#290889) -
Updated system package versions of
nss
,openssl
,sudo
,krb5
,zlib
,kpartx
,bind
,bpftool
,kernel
andperf
to address security vulnerabilities. (#748702) -
Hazelcast on SMO and SGC nodes now only binds to the clustering interface, not all interfaces. (#716776)
-
Enable rvtconfig to upload the config containing differences or errors when there is no node alive without using skip_diff. (#738214)
-
Added REM Local instance to MAG nodes for backward compatiblity with REM provisioning requests. (#829927)
-
Updated SMO configuration so that the server for UE-Reachability notifications listens on the
internal
interface only. (#667685) -
Fixed an issue where
rvtconfig validate
would fail on a SMO node when the IP-SM-GW was disabled. (#737963)
4.1-1-1.0.0
-
The minimum supported version of SIMPL is now 6.11.2. (#443131)
-
Added a
csar validate
test that runs the same liveness checks asrvtconfig report-group-status
. (#397932) -
Added MDM status to
csar validate
tests andreport-group-status
. (#397933) -
Added the same healthchecks done in
csar validate
as part of the healthchecks forcsar update
. (#406261) -
Added a healthcheck script that runs before upgrade to ensure config has been uploaded for the uplevel version. (#399673)
-
Added a healthcheck script that runs before upgrade and enforces the use of
rvtconfig enter-maintenance-window
. (#399670) -
rvtconfig upload-config
and related commands now ignore specific files that may be in the input directory unnecessarily. (#386665) -
An error message is now output when incorrectly formatted override yaml files are inputted rather than a lengthy stack trace. (#381281)
-
Added a service to the VMs to allow SIMPL VM to query their version information. (#230585)
-
CSARs are now named with a
-v6
suffix for compatibility with version 6.11 of SIMPL VM. (#396587) -
Fixed an issue where the new
rvtconfig calculate-maintenance-window
command raised aKeyError
. (#364387) -
Fixed an issue where
rvtconfig
could not delete a node type if no config had been uploaded. (#379137) -
Improved logging when calls to MDM fail. (#397974)
-
Update initconf zip hashes to hash file contents and names. (#399675)
-
Fixed an issue where
rvtconfig maintenance-window-status
would report that a maintenance window is active when the end time had already passed. (#399670) -
Config check is now done once per node rather than unnecessarily repeated when multiple nodes are updated. (#334928)
-
Fixed an issue where
csar validate
,update
orheal
could fail if the target VM’s disk was full. (#468274) -
The
--vm-version-source
argument now takes the optionsdf-version
that uses the version in the SDF for a given node. There is now a check that the inputted version matches the SDF version and an optional argument--skip-version-check
that skips this check. (#380063) -
rvtconfig
now checks for, and reports, unsupported configuration changes. (#404791) -
Fixed Rhino not restarting automatically if it exited unexpectedly. (#397976)
-
Added a
csar validate
test that checks there are no Rhino alarms. (#379143) -
Added support to skip checking for Rhino alarms during
csar update
healthcheck andcsar validate
. (#468271) -
Removed the cluster interface for MAG and MMT nodes on all platforms except OpenStack. On OpenStack, the cluster interface remains to workaround a SIMPL VM issue when upgrading from RVT 4.0; it should not be used for new deployments. (#503123)
-
Updated the REM dependency to the 3.2.x release series. (#368280)
-
The
Local
instance has been removed from REM. (#268280) -
Upgraded Apache Tomcat to 8.5.84 version. (#479318)
-
Fixed an issue where Rhino management and audit logs would not be updated. (#377792)
-
Added a command
prepare-for-40-tsn-upgrade
to the TSN CSAR to support upgrades from 4.0 TSNs. (#420379) -
Added OCSS7 alarms to
csar validate
tests andreport-group-status
. (#397933) -
Added support to skip checking for SGC alarms during
csar update
healthcheck andcsar validate
. (#468271) -
Updated system package versions of
bind
,bpftool
,device-mapper-multipath
,expat
,krb5-devel
,libkadm5
andpython-ply
to address security vulnerabilities. (#406275, #441719)
4.1-0-1.0.0
First release in the 4.1 series.
Major new functionality
-
Added support for parallel upgrades (except for TSN, SMO and SGC). Refer to Notes on parallel vs sequential upgrade for more details.
-
Added support for VM Recovery. Depending on different situations, this allows you to recover from malfunctioning VM nodes without affecting other nodes in the same VM group.
-
Added a low-privilege user, named
viewer
. This user has read-only access to diagnostics on the VMs and no superuser capabilities. (OPT-4831) -
Migrated XCAP server from REM in Tomcat to the new XCAP service in Rhino on the MAG node. (VOLTE-9819)
-
Updated VM sizing for TSN and MMT nodes. The old sizes are retained for upgrades, but new sizes should be used for new deployments. (#370050)
Backwards-incompatible changes
-
Access to VMs is now restricted to SSH keys only (no password authentication permitted). (OPT-4341)
-
The minimum supported version of SIMPL is now 6.10.1. (OPT-4677, OPT-4740, OPT-4722, OPT-4726, #207131) This includes different handling of secrets, see Secrets in the SDF for more details.
-
Made the
system-notification-enabled
,rhino-notification-enabled
, andsgc-notification-enabled
configuration options mandatory. Ensure these are specified insnmp-config.yaml
. (#270272) -
MMT and MAG nodes no longer use a clustering interface.
-
Changed prefix of internal XCAP hostname in DNS template from
internal-xcap.
toxcap.internal.
. XCAP requests are now required to have a Host starting withxcap.
to conform to the format outlined in the 3GPP TS 23.003 specification. (OPT-4714) -
Settings in the
product-options
section of the SDF now raise an error if specified in high-level YAML (as they once used to be), rather than simply warning the user that they have moved. (OPT-3380) -
Made
mag-vmpool-config.yaml
xcap-domains
value format more strict. Each value inxcap-domains
must now start withxcap.
(including the.
). Previously they only needed to start withxcap
(without the.
). This stricter check brings it more in-line with the XCAP (and BSF) domain name format outlined in the 3GPP TS 23.003 specification. (OPT-4352) -
Removed NAF filter configuration related to local nonce storage — only cassandra-based nonce storage is supported now. Also removed NAF filter-specific Cassandra connection details as Cassandra connection is now via the Cassandra CQL RA, the same as the BSF. (VOLTE-9616)
-
The
Local
instance from REM is no longer functional, and will be removed in the next maintenance release. To manage the MAG nodes in REM, use the host-specific instance instead (normallyRVT-mag.DC1-<hostname>
). -
Improved ShCM security by automatically restricting ShCM API access only to nodes that need it - MMT, SMO & MAG. (VOLTE-10193)
-
Added support for Rhino Node IDs to be configurable for unclustered VMs, and made this field mandatory. (#235644)
-
The SGC JMX management API now only listens on localhost. (OPT-4834)
-
SMO/SGC VMs now refuse to apply OCSS7 configuration changes unless the documented SGC reconfiguration procedure is followed. (#276422)
Other new functionality
-
Added a list of expected open ports to the documentation. (OPT-3724)
-
Added
enter-maintenance-window
andleave-maintenance-window
commands torvtconfig
to control scheduled tasks. (OPT-4805) -
Added a command
liveness-check
to all VMs for a quick health overview. (OPT-4785) -
Added a command
rvtconfig report-group-status
for a quick health overview of an entire group. (OPT-4790) -
Split
rvtconfig delete-node-type
intorvtconfig delete-node-type-version
andrvtconfig delete-node-type-all-versions
commands to support different use cases. (OPT-4685) -
Added
rvtconfig delete-node-type-retain-version
command to search for and delete configuration and state related to versions other than a specified VM version. (OPT-4685) -
Added
rvtconfig calculate-maintenance-window
to calculate the suggested duration for an upgrade maintenance window. (#240973) -
Added
rvtconfig gather-diags
to retrieve all diags from a deployment. This has been optimised to gather diags in parallel safely based on the node types alongside disk usage safety checks. (#399682, #454095, #454094) -
Added support for Cassandra username/password authentication. (OPT-4846)
-
system-config.yaml
androuting-config.yaml
are now fully optional, rather than requiring the user to provide an empty file if they didn’t want to provide any configuration. (OPT-3614) -
Added tool
mdm_certificate_updater.py
to allow the update of MDM certificates on a VM. (OPT-4599) -
Added support for configuring SAS connectivity using DNS hostnames. (OPT-4716)
-
Added support for configuring REM debug logging through high level config. (OPT-4799)
-
The VMs' infrastructure software now runs on Python 3.9. (OPT-4013, OPT-4210)
-
All RPMs and Python dependencies updated to the newest available versions.
-
Updated the linkerd version to 1.7.5. (#360288)
-
Updated the Cassandra version to 3.11.13. (#255349)
-
Upgraded PostgreSQL to version 12. (OPT-5022)
-
Use the Microsoft build of OpenJDK instead of the CentOS OpenJDK. (#255345)
Fixes
-
Fixed issue with default gateway configuration.
-
initconf
is now significantly faster. (OPT-3144, OPT-3969) -
Added some additional clarifying text to the disk usage alarms. (OPT-4046)
-
Ensured tasks which only perform configuration actions on the leader do not complete too early. (OPT-3657)
-
Tightened the set of open ports used for SNMP, linkerd and the Prometheus stats reporter. (OPT-4061, OPT-4058)
-
Disabled NTP server function on the VMs (i.e. other devices cannot use the VM as a time source). (OPT-4061)
-
The
report-initconf
command now returns a meaningful exit code. (DEV-474) -
Alarms sent from initconf will have the source value of
RVT monitor
. (OPT-4521) -
Removed unnecessary logging about not needing to clear an alarm that hadn’t been previously raised. (OPT-4752)
-
Authorized site-wide SSH authorized public keys specified in the SDF on all VMs within the site. (OPT-4729)
-
Reduced coupling to specific SIMPL VM version, to improve forwards compatibility with SIMPL. (OPT-4699)
-
Moved
initconf.log
,mdm-quiesce-notifier.log
andbootstrap.log
to/var/log/tas
, with symlinks from old file paths to new file paths for backwards compatibility. (OPT-4904) -
Added the
rvt-gather_diags
script to all node types. -
Increased bootstrap timeout from 5 to 15 minutes to allow time (10 minutes) to establish connectivity to NTP servers. (OPT-4917)
-
Increase logging from tasks which run continuously, such as Postgres and SSH key management. (OPT-2773)
-
Avoid a tight loop when the CDS server is unavailable, which caused a high volume of logging. (OPT-4925)
-
SNMPv3 authentication key and privacy key are now stored encrypted in CDS. (OPT-3822)
-
Added a 3-minute timeout to the quiesce task runner to prevent quiescing from hanging indefinitely if one of the tasks hangs (OPT-5053)
-
The
report-initconf
command now reports quiesce failure separately to quiesce timeout. (#235188) -
Added a list of SSH authorized keys for the low-privilege user to the
product options
section of the SDF. (#259004) -
Store the public SSH host keys for VMs in a group in CDS instead of using
ssh-keyscan
to discover them. (#262397) -
Add mechanism to CDS state to support forward-compatible extensions. (#230677)
-
Logs stored in CDS during quiesce will be removed after 28 days. (#314937)
-
The VMs are now named "Metaswitch Virtual Appliance". (OPT-3686)
-
Updated mmt-gsm-stats.xml stats config to use
SCCCamelToIMSReoriginationIN
SBB parameter set. (OPT-4137) -
Fixed issue where SAS config was required on SMO nodes even if the IPSMGW function was disabled. (OPT-3614)
-
Enabled SAS on the MAG node — NAF/BSF/XCAP requests will now be reported to the configured SAS. (OPT-4255)
-
Removed the
rvtconfig split-sdf
andshcm-properties-to-yaml
tools that are no longer required for upgrades. (OPT-3395) -
Fixed issue where replication would be enabled for call types where it is not supported. (VOLTE-10172)
-
Update MAG nginx config to add X-Ua-OpenSSL-Cipher-Suite header to xcap server requests containing UE-nginx SSL connection cipher. (#340633)
-
Corrected a defect that could cause the uplevel SGC/SMO VM to be unable to rejoin the cluster following an upgrade. (#230582)
-
Fixed bug where Rhino SLEE state would not be preserved across a Rhino restart. (RHI-6378)
-
Ignored exceptions thrown when attempting to start the SLEE immediately after it has been started. (OPT-4019)
-
During upgrades, make the Rhino quiesce stage more efficient by splitting up tasks, and allowing the leader node more time to perform Postgres connection management. Allow 3 attempts to upload logging before continuing. (OPT-4859)
-
Fixed rare cases where initconf could become stuck on a call to the
flushconfiguration
command. (OPT-4810) -
Ensured Rhino only listens for management commands on the management interface. (OPT-4934)
-
Moved all Rhino logs to
/var/log/tas/rhino
. (OPT-4906) -
Changed permissions on the log files
rhino.log
andalarms.csv
, so that all users - notably theviewer
user - can now read them. (OPT-4906) -
Fixed rare failure to converge when a node was booting while a different node was configuring an RA. (OPT-4927)
-
Updated postgres stop systemd timeout timer to from 60 minutes to 5 minutes. (OPT-5050)
-
Rhino will no longer restart or stop when PostgreSQL is restarted or stopped via systemctl. (#260638)
-
Failure to stop Rhino during quiesce will no longer prevent quiesce completing. (#296266)
-
Removed saving/restoring of OID mappings on nodes running Rhino. OID mappings are static now in Rhino. (OPT-4144)
-
Fixed an issue around enabling SNMP v3 in Rhino before the credentials had been configured. (#233470)
-
Removed the
seeds_allocation
Cassandra table. (OPT-4786) -
Added support for repair and cleanup scheduling. Repairs are scheduled for peers after a Cassandra node has been assassinated. Cleanups are scheduled for peers after a TSN recovery. All scheduled actions are run sequentially on each peer node to avoid parallel invocation.
-
All TSN nodes now check for keyspace availability and schema version agreement. (OPT-5060)
-
Store Cassandra logs in CDS after quiesce. (OPT-4693)
-
The CDS replication factor is now proportional to the number of TSN nodes in the cluster. If there are more than 5 TSN nodes in the cluster the replication factor is capped at 5. (OPT-4823)
-
Increase TSN commissioning timeout to 30 minutes from 20 minutes. (#308746)
-
Alarms are now raised when the ramdisk Cassandra partition reaches 80% and 90% usage (instead of 90% and 95%). (#338936)
-
The replication factor is now correctly set to 1 on Cassandra keyspaces in lab deployments with one or two TSN nodes. (#187408)
4.0.0-34-1.0.0
-
Added IM-SSF O_BCSM and T_BCSM stats to the MMT-GSM set to aid with monitoring of call behaviour during IN Bypass. (#258859)
4.0.0-31-1.0.0
-
Updated system package versions of
bpftool
,kernel
,perf
,python
andxz
to address security vulnerabilities. -
Corrected a defect that could cause the uplevel SGC/SMO VM to be unable to rejoin the cluster following an upgrade. (#230582)
4.0.0-30-1.0.0
-
Fixed an issue where VMs would send DNS queries for the
localhost
hostname. (#206220)
4.0.0-29-1.0.0
-
Fixed issue that meant
rvtconfig upload-config
would fail when running in an environment where the input device is not a TTY. When this case is detectedupload-config
will default to non-interactive confirmation-y
. This preserves 4.0.0-26-1.0.0 (and earlier versions) in environments where an appropriate input device is not available. (#258542)
4.0.0-28-1.0.0
-
Fixed an issue where scheduled tasks could incorrectly trigger on a reconfiguration of their schedules. (#167317)
-
Added
rvtconfig compare-config
command and madervtconfig upload-config
check config differences and request confirmation before upload. There is a new-f
flag that can be used withupload-config
to bypass the configuration comparison.-y
flag can now be used withupload-config
to provide non-interactive confirmation in the case that the comparison shows differences. (OPT-4517)