Release Notes v7.2.7

The BeeGFS 7.2.7 release includes changes to the default mount options and security configuration as well as some other fixes.

Warning

Before upgrading to this version, please read the section about security improvements below carefully. If you have not configured a connAuthFile, services will no longer start without configuration changes. For more background on why we make this change, please refer to our blog post on the topic.

Security Improvements

  • The client will now use the nosuid mount option by default to prevent users from escalating privileges by using setuid binaries. This can be overridden by setting suid as a mount option in beegfs-mounts.conf

  • Configuring a connAuthFile is now mandatory. Services will no longer start if connAuthFile is not configured or connection authentication is explicitly disabled by setting the new configuration option connDisableAuthentication to true. Please refer to our documentation about Authentication for more information about setting up connection authentication.

Fixes

  • RDMA events with event code RDMA_CM_EVENT_TIMEWAIT_EXIT will no longer be logged by default. They will still be logged on log level DEBUG.

  • Added connAuthFile configuration to client runtime config in procfs to fix an issue where beegfs-ctl with the --mount flag was not able to connect to other servers when connAuthFile is configured.

  • Fixed a bug in the RDMA buffer allocation that caused the client module to crash during OPA and RoCE device initialization on newer kernels (RHEL >8.5).

  • The --access flag in the beegfs-ctl modes --createdir and --createfile will no longer ignore special bits for setuid, setgid and sticky.

Known Issues and Limitations

  • The Metadata daemon does not work reliably on RHEL/CentOS 8 and SLES 15.1 and 15.2 due to a problem in the versions of glibc. The problem was fixed in RHEL/CentOS 8.1 and SLES 15.3.

  • The client module might hang if the IBV device(s) used are taken offline during operation.

  • The client module does not compile on SLES 15.2 with Mellanox OFED 5.2

Supported Linux Distributions and Kernels

Packages are provided for the x86_64 architecture and the following distributions:

  • RHEL 7 and 8

  • SLES 15

  • Debian 9 and 10

  • Ubuntu 18

  • Ubuntu 20

  • Rocky Linux and AlmaLinux should now be configured to use the RHEL 8 repository (note the known issue with RoCE and RHEL 8.5 described above)

The following Mellanox OFED driver versions are supported: 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.9

The full integration test suite was run on RHEL 8.5, Rocky 8.6, Alma 8.5, CentOS 8.3, and Debian 10.

Client build testing:

  • RHEL 7.9: no OFED, OFED 4.9, 5.0, 5.2, 5.3, 5.4

  • RHEL 8.3: no OFED, OFED 4.9, 5.0, 5.1, 5.2, 5.3, 5.4

  • AlmaLinux 8.4: no OFED, OFED 5.3, 5.4

  • AlmaLinux 8.5: no OFED, OFED 5.3, 5.4, 5.5

  • Rocky Linux 8.4: no OFED, OFED 5.3, 5.4

  • Rocky Linux 8.5: no OFED, OFED 5.5

  • Rocky Linux 8.6: no OFED, OFED 5.6

  • SLES 15.1: no OFED, OFED 5.0

  • SLES 15.2: no OFED, OFED 5.1, 5.4

  • SLES 15.3: no OFED, OFED 5.4, 5,5

  • Debian 9: no OFED, 5.4

  • Debian 10: no OFED, OFED 5.2, 5.3, 5.4

  • Ubuntu 18: no OFED

  • Ubuntu 20: no OFED, OFED 5.4

Version Interoperability

BeeGFS v7.2.7 is compatible with BeeGFS v7.2.x.

Upgrading from Older Versions

To upgrade from an older version, please refer to the Upgrade Guide.