Write the description below
There was a security update for ceph released today to fix https://docs.ceph.com/en/latest/security/CVE-2021-20288/:
We have to upgrade to either of:
- v14.2.20 (Nautilus)
- v15.2.11 (Octopus)
- v16.2.1 (Pacific)
Recommended upgrade process:
- Users should upgrade to a patched version of Ceph at their earliest convenience.
- Users should upgrade any unpatched clients at their earliest convenience. By default, these clients can be easily identified by checking the ceph health detail output for the AUTH_INSECURE_GLOBAL_ID_RECLAIM alert.
- If all clients cannot be upgraded immediately, the health alerts can be temporarily muted with:
ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM 1w # 1 week ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED 1w # 1 week
- After all clients have been updated and the AUTH_INSECURE_GLOBAL_ID_RECLAIM alert is no longer present, the cluster should be set to prevent insecure global_id reclaim with:
ceph config set mon auth_allow_insecure_global_id_reclaim false