Release 3.12.1
Release Date
v3.12.1 was released to the public on December 4, 2024.
New in This Release
This release introduces the following changes since version 3.11.x:
| Item | Description | ID |
|---|---|---|
| 1 | New feature [generally available]: Active Directory Federation Services (ADFS) Integration. You can now enable ADFS support for your clusters, enabling Lightbits to authenticate and authorize API invocations using your organization’s ADFS/oAuth services and single sign-on. For more information on how to enable and use it, see the Lightbits Administration Guide, and the lbcli and API documentation. | LBM1-33740 |
| 2 | New feature [generally available]: Software Encryption at Rest. You can now enable cluster-level software encryption for your data stored on drives (encryption at rest), such that if any drive is removed from the cluster, the data on it remains encrypted on the drive and cannot be read as plain text. The data is encrypted using AES-XTS-256. The keys can be protected using the servers’ Trusted Platform Modules (TPMs).
Note that this feature requires installing a cluster with 3.12.1 and can only be enabled if the newly installed cluster has no volumes. This feature cannot be disabled once activated. For more information on how to enable and use this feature, see the Lightbits Administration Guide, and the lbcli and API documentation. | LBM1-32767 |
| 3 | ansible: Fixed to correctly add (open) required ports during installation, when iptables is selected. | LBM1-34648 |
| 4 | api-service: Added a new parameter to the api-service yaml configuration file: 'idpHealthCheckIntervalMinutes'. This parameter controls the interval for sending a health request to the IdP server, used by the ADFS feature. The default value is set to five minutes and can be changed manually in the yaml file to up to one week. | LBM1-34833 |
| 5 | api-service: Fixed an issue causing the api-service to become irresponsive in case it loses etcdconnectivity during the service's startup. | LBM1-34970 |
| 6 | api-service: GetPolicy() and ListPolicies() get policy objects, the only type of which we currently support is QoS policies. Resource policies are handled via a separate set of API calls. Fix the GetPolicy() / ListPolicies() authz calls to use the correct policy type when authorizing access. | LBM1-32598 |
| 7 | azure: Upgraded the pricing tier from V2 - which moved to legacy status - to V3. | LBM1-34350 |
| 8 | cluster-manager: Fixed a bug in volumeFSM (Finite State Machine). that used to flood the logs. Each time the FSM reached the updatingstate, we printed to log and invoked the FSM again. The fix assures that we only retrigger once. | LBM1-34501 |
| 9 | cluster-manager: In certain cases, enabling encryption using TPM took longer than expected. This was fixed by increasing the timeout from 1 minute to 2 minutes. | LBM1-35484 |
| 10 | cluster-manager: Modified the handling of volume delete requests so that the critical updates to etcdwill be transactional, and will not leave the system with partial data even when the active cluster-manager is switched during the process. | LBM1-34975 |
| 11 | cluster-manager: Fixed an issue that could cause an evict operation to fail due to "No PG progress change" under certain conditions. | LBM1-35441 |
| 12 | discovery-service & node-manager: Fixed an issue that could potentially cause volumes to not appear on clients after parallel client reboots and node-manager restarts/fail-overs. | LBM1-34260 |
| 13 | duroslight: Fixed a connectivity reporting issue that can cause a node to become inactive (due to a "Connectivity Issue"), when another node either fails or is intentionally shut down (e.g., due to reboot or node-manager restart). | LBM1-35450 |
| 14 | lbcli: Added a confirmation prompt before upgrading a cluster to make sure that the user really wants to upgrade the entire cluster. | LBM1-34329 |
| 15 | lbcli: Cleaned up the error output to only output errors once rather than twice. | LBM1-34651 |
| 16 | lbcli: Fixed the nilpointer dereference when passing a too long file name to 'create credential'. | LBM1-34683 |
| 17 | lightbits-api: Added a new API call to export the cluster encryption key (KEK). | LBM1-34708 |
| 18 | lightbits-api: Added encryption information such that if encryption is enabled, the creation date of the KEK and the generation of the KEK will be visible when calling the "get cluster" or "get clusterinfo" API calls. | LBM1-33948 |
| 19 | lightbits-api: The clusterEncryptionevent type will now be shown as cluster-encryption instead of "7". | LBM1-35418 |
| 20 | los-csi: Added support for k8s version v1.30.1. | LBM1-34189 |
| 21 | los-csi: Added tolerations support to enable the CSI plugin to run on nodes where otherwise it would not be available to run. | LBM1-33674 |
| 22 | los-csi: Updated with the latest discovery-client. | LBM1-34848 |
| 23 | userlbe: Fixed a rare race when GC is reading statistics while MD is updating the statistics. This could result in the userlbeprocess crashing. | LBM1-34613 |
| 24 | userlbe: Fixed write unit accounting when getting bad objects info CRC that could cause the instance to crash. | LBM1-34167 |
| 25 | userlbe: Fixed rare GFTL assertion failure during multiple rebuilds: MBD_recovery may fail to put a completion due to transient queue full condition. | LBM1-35664 |
| 26 | discovery-client: Enabled changing the kato configuration and set a default of X seconds. | LBM1-35187 |
| 27 | duroslight: Set the target side keep-alive to 10 seconds more than specified in the connect command from the client. This is done to prevent spurious keep-alive failures with client kernels that incorrectly use identical keep-alive settings for the client and target. | LBM1-35187 |
Installation and Upgradeability
You can upgrade to this release from all previous Lightbits v3.9.x, 3.10.x, and 3.11.x releases.
Was this page helpful?