8.0 Release Notes

High Availability can now be deployed for the Grafana, Prometheus, and Alertmanager monitoring stacks

With this enhancement, the cephadm mgmt-gateway service offers better reliability and ensures uninterrupted monitoring by allowing these critical services to function seamlessly, even during the event of an individual instance failure. High availability is crucial for maintaining visibility into the health and performance of the Ceph cluster and responding promptly to any issues.

New streamlining deployment for EC pools for Ceph Object Gateway

The Ceph Object Gateway manager module can now create pools for the rgw service. Within the pool, data pools can receive attributes, based on the provided specification.

A self-signed certificate can be generated by cephadm within the Ceph Object Gateway service specification

With this enhancement, adding generate_cert: true into the Ceph Object Gateway service specification file, enables cephadm to generate a self-signed certificate for the Ceph Object Gateway service. This can be done instead of manually creating the certificate and inserting into the specification file.

Setting rgw_run_sync_thread to ‘false’ for Ceph Object gateway daemon users is now automated

With this enhancement, by setting disable_multisite_sync_traffic to ‘true’ under the spec section of an Ceph Object Gateway specification, Cephadm will handle setting the rgw_run_sync_thread setting to ‘false’ for Ceph Object Gateway daemons under that service. That will stop the Ceph Object Gateway daemons from spawning threads to handle the sync of data and metadata. The process of setting rgw_run_sync_thread to ‘false’ for Ceph Object Gateway daemon users is now automated through the Ceph Object Gateway specification file.

Cephadm can now deploy ingress over Ceph Object Gateway with the ingress service’s haproxy daemon in TCP rather than HTTP mode

Setting up haproxy in TCP mode allows encrypted messages to be passed through haproxy directly to Ceph Object Gateway without haproxy needing to understand the message contents. This allows end-to-end SSL for ingress and Ceph Object Gateway setups.

New cmount_path option with a unique user ID generated for CephFS

With this enhancement, you can add the optional cmount_path option and generate a unique user ID for each Ceph File System. Unique user IDs allow sharing CephFS clients across multiple Ganesha exports. Reducing clients across exports also reduces memory usage for a single CephFS client.

Exports sharing the same FSAL block have a single Ceph user client linked to them

Previously, on an upgraded cluster, the export creation failed with the "Error EPERM: Failed to update caps" message.

Added health warnings for when daemons are down

Previously, there were no health warnings and alerts to notify if the mgr, mds, and rgw daemons were down.

Ceph Object Gateway NFS export management is now available through the Ceph Dashboard

Previously, Ceph Object Gateway NFS export management was only available through the command-line interface.

Enhanced multi-site creation with default realms, zones, and zone groups

Previously, a manual restart was required for Ceph Object Gateway services after creating a multi-site with default realms, zones, or zone groups.

Ceph Dashboard now supports an EC 8+6 profile

With this enhancement, the dashboard supports an erasure coding 8+6 profile.

Enable or disable replication for a bucket in a multi-site configuration during bucket creation

A new Replication checkbox is added in the Ceph Object Gateway bucket creation form. This enhancement allows enabling or disabling replication from a specific bucket in a multi-site configuration.

New sync policy management through the Ceph Dashboard

Previously, there was no way to manage sync policies from the Ceph Dashboard.

Improved experience for server-side encryption configuration on the Ceph Dashboard

With this enhancement, server-side encryption can easily be found by going to Objects>Configuration from the navigation menu.

New option to enable mirroring on a pool during creation

Previously, there was no option to enable mirroring on a pool during pool creation.

Enhanced output for Ceph Object Gateway ops and audit logs in the centralized logging

With this enhancement, you can now see Ceph Object Gateway ops and audit log recollection in the Ceph Dashboard centralized logs.

Improved experience when creating an erasure coded pool with the Ceph Dashboard

Previously, devices in the Ceph cluster were automatically selected when creating an erasure coded (EC) profile, such as HDD, SSD, and so on. When a device class is specified with EC pools, pools are created with only one placement group and the autoscaler did not work.

Enhanced multi-cluster views on the Ceph Dashboard

Previously, the Ceph Cluster Grafana dashboard was not visible for a cluster that was connected in a multi-cluster setup and multi-cluster was not fully configurable with mTLS through the dashboard.

CephFS subvolume groups and subvolumes can now be selected directly from the Create NFS export form

Previously, when creating a CephFS NFS export, you would need to know the existing subvolume and subvolume groups prior to creating the NFS export, and manually enter the information into the form.

Non-default realm sync status now visible for Ceph Object Gateways

Previously, only the default realm sync status was visible in the Object>Overview sync status on the Ceph Dashboard.

New RGW Sync overview dashboard in Grafana

With this release, you can now track replication differences over a time per shard from within the new RGW Sync overview dashboard in Grafana.

New S3 bucket lifecycle management through the Ceph Dashboard

With this release, a bucket lifecycle can be managed through the Edit Bucket form in the Ceph Dashboard.

snapdiff API now only syncs the difference of files between two snapshots

With this enhancement, the snapdiff API is used to sync only the difference of files between two snapshots. Syncing only the difference avoids bulk copying during an incremental snapshot sync, providing performance improvement, as only snapdiff delta is being synced.

New metrics for data replication monitoring logic

This enhancement provides added labeled metrics for the replication start and end notifications.

Enhanced output remote metadata information in peer status

With this enhancement, the peer status output shows state, failed, and 'failure_reason' when there is invalid metadata in a remote snapshot.

New support for NFS-Ganesha async FSAL

With this enhancement, the non-blocking Ceph File System Abstraction Layer (FSAL), or async, is introduced. The FSAL reduces thread utilization, improves performance, and lowers resource utilization.

New support for earmarking subvolumes

Previously, the Ceph storage system did not support a mixed protocol being used within the same subvolume. Attempting to use a mixed protocol could lead to data corruption.

The CopyObject API can now be used to copy the objects across storage classes

Previously, objects could only be copied within the same storage class. This limited the scope of the CopyObject function. Users would have to download the objects and then reupload them to another storage class.

Improved read operations for Ceph Object Gateway

With this enhancement, read affinity is added to the Ceph Object Gateway. The read affinity allows read calls to the nearest OSD by adding the flags and setting the correct CRUSH location.

S3 requests are no longer cut off in the middle of transmission during shutdown

Previously, a few clients faced issues with the S3 request being cut off in the middle of transmission during shutdown without waiting.

Copying of encrypted objects using copy-object APIs is now supported

Previously, in Ceph Object gateway, copying of encrypted objects using copy-object APIs was unsupported since the inception of its server-side encryption support.

New S3 additional checksums

With this release, there is added support for S3 additional checksums. This new support provides improved data integrity for data in transit and at rest. The additional support enables use of strong checksums of object data, such as SHA256, and checksum assertions in S3 operations.

New support for S3 GetObjectAttributes API

The GetObjectAttributes API returns a variety of traditional and non-traditional metadata about S3 objects. The metadata returns include S3 additional checksums on objects and on the parts of objects that were originally stored as multipart uploads. The GetObjectAttributes is exposed in the AWS CLI.

Improved efficiency of Ceph Object Gateway clusters over multiple locations

With this release, if possible, data is now read from the nearest physical OSD instance in a placement group.

Format change observed for tenant owner in the event record: ownerIdentity –> principalId

With this release, in bucket notifications, the principalId inside ownerIdentity now contains complete user ID, prefixed with tenant ID.

Client IDs can be added and thumbprint lists can be updated in an existing OIDC Provider within Ceph Object Gateway

Previously, users were not able to add a new client ID or update the thumbprint list within the OIDC Provider.

New multi-site configuration header

With this release, GetObject and HeadObject responses for objects written in a multi-site configuration include the x-amz-replication-status: PENDING header. After the replication succeeds, the header’s value changes to COMPLETED.

New notification_v2 zone feature for topic and notification metadata

With this enhancement, bucket notifications and topics that are saved in fresh installation deployments (Greenfield) have their information synced between zones.

Balanced primary placement groups can now be observed in a cluster

Previously, users could only balance primaries with the offline osdmaptool.

New MSR CRUSH rules for erasure encoded pools

Multi-step-retry (MSR) is a type of CRUSH rule in the Ceph cluster that defines how data is distributed across storage devices. MSR ensures efficient data retrieval, balancing, and fault tolerance.

New generalized stretch cluster configuration for three availability zones

Previously, there was no way to apply a stretch peer rule to prevent placement groups (PGs) from becoming active when there weren’t enough OSDs in the acting set from different buckets without enabling the stretch mode.

Added support for live importing of an image from another cluster

With this enhancement, you can now migrate between different image formats or layouts from another Ceph cluster. When live migration is initiated, the source image is deep copied to the destination image, pulling all snapshot history while preserving the sparse allocation of data wherever possible.

New support for cloning images from non-user type snapshots

With this enhancement, there is added support for cloning Ceph Block Device images from snapshots of non-user types. Cloning new groups from group snapshots that are created with the rbd group snap create command is now supported with the added --snap-id option for the rbd clone command.

New commands are added for Ceph Block Device

Two new commands were added for enhanced Ceph Block Device usage. The rbd group info command shows information about a group. The rbd group snap info command shows information about a group snapshot.

New support for live importing an image from an NBD export

With this enhancement, images with encryption support live migration from an NBD export.

New optional --remote-namespace argument for the rbd mirror pool enable command

With this enhancement, Ceph Block Device has the new optional --remote-namespace argument for the rbd mirror pool enable command. This argument provides the option for a namespace in a pool to be mirrored to a different namespace in a pool of the same name on another cluster.

The original_weight field is added as an attribute for the OSD removal queue

Previously, cephadm osd removal queue did not have a parameter for original_weight. As a result, the cephadm module would crash during OSD removal. With this fix, the original_weight field is added as an attribute for the osd removal queue and the cephadm no longer crashes during OSD removal.

Cephadm no longer randomly marks hosts offline during large deployments

Previously, in some cases, when Cephadm had a short command timeout on larger deployments, hosts would randomly be marked offline during the host checks.

Custom webhooks are now specified under the custom-receiver receiver.

Previously, custom Alertmanager webhooks were being specified within the default receiver in the Alertmanager configuration file. As a result, custom alerts were not being sent to the specified webhook unless the alerts did not match any other receiver.

cherrypy no longer gets stuck during network security scanning

Previously, due to a bug in the cheroot package, cherrypy would get stuck during some security scans that were scanning the network. As a result, the Ceph Dashboard became unresponsive and needed to restart the mgr module.

Zone storage class details now display the correct compression information

Previously, the wrong compression information was being set for zone details. As a result, the zone details under the storage classes section were showing incorrect compression information.

Zone storage class detail values are now set correctly

Previously, wrong data pool values were set for storage classes in zone details. As a result, data pool values were incorrect in the user interface when multiple storage classes were created.

_nogroup is now listed in the Subvolume Group list even if there are no subvolumes in _nogroup

Previously, while cloning subvolume, _nogroup subvolume group was not listed if there were no subvolumes in _nogroup. As a result, users were not able to select _nogroup as a subvolume group.

Correct UID containing $ in the name is displayed in the dashboard

Previously, when a user was created through the CLI, the wrong UID containing $ in the name was being displayed in the Ceph Dashboard.

NFS in File and Object now have separate routing

Previously, the same route was being used for both NFS in File and NFS in Object. This caused issues from a usability perspective, as both navigation links of NFS in File and Object got highlighted. The user was also required to select the storage backend for both views, File and Object.

Validation for pseudo path and CephFS path is now added during NFS export creation

Previously, during the creation of NFS export, the psuedo path had to be entered manually. As a result, CephFS path could not be validated.

Users are now prompted to enter a path when creating an export

Previously, creating an export was not prompting for a path and by default / was entered.

Snapshots containing "." and "/" in the name cannot be deleted

When a snapshot is created with "." as a name, it cannot be deleted.

A period update commit is now added after migrating to a multi-site

Previously, a period commit after completing the migration to multi-site form was not being done. As a result, a warning about the master zone not having an endpoint would display despite the endpoint being configured.

Performance statistics latency graph now displays the correct data

Previously, the latency graph in Object > Overview > Performance statistics was not displaying data because of the way the NaN values were handled in the code.

”Delete realm” dialog is now displayed when deleting a realm

Previously, when clicking “Delete realm”, the delete realm dialog was not being displayed as it was broken.

Configuration values, such as rgw_realm, rgw_zonegroup, and rgw_zone are now set before deploying the Ceph Object Gateway daemons

Previously, configuration values like rgw_realm, rgw_zonegroup, and rgw_zone were being set after deploying the Ceph Object Gateway daemons. This would cause the Ceph Object Gateway daemons to deploy in the default realm, zone group, and zone configurations rather than the specified configurations. This would require a restart to deploy them under the correct realm, zone group, and zone configuration.

Exceptions during cephfs-top are fixed

Previously, in some cases where there was insufficient space on the terminal, the cephfs-top command would not have enough space to run and would throw an exception.

The path restricted cephx credential no longer fails permission checks on a removed snapshot of a directory

Previously, path restriction checks were constructed on anonymous paths for unlinked directories accessed through a snapshot. As a result, a path restricted cephx credential would fail permission checks on a removed snapshot of a directory.

MDS no longer requests unnecessary authorization PINs

Previously, MDS would unnecessarily acquire remote authorization PINs for some workloads causing slower metadata operations.

The erroneous patch from the kernel driver is processed appropriately and MDS no longer enters an infinite loop

Previously, an erroneous patch to the kernel driver caused the MDS to enter an infinite loop processing an operation due to which MDS would become largely unavailable.

Mirror daemon can now restart when blocklisted or fails

Previously, the time difference taken would lead to negative seconds and never reach the threshold interval. As a result, the mirror daemon would not restart when blocklisted or failed.

JSON output of the ceph fs status command now correctly prints the rank field

Previously, due to a bug in the JSON output of the ceph fs status command, the rank field for standby-replay MDS daemons were incorrect. Instead of the format {rank}-s, where {rank} is the active MDS which the standby-replay is following, it displayed a random {rank}.

sync_duration is now calculated in seconds

Previously, the sync duration was calculated in milliseconds. This would cause usability issues, as all other calculations were in seconds.

A lock is now implemented to guard the access to the shared data structure

Previously, access to a shared data structure without a lock caused the applications using the CephFS client library to throw an error.

The snap-schedule manager module correctly enforces the global mds_max_snaps_per_dir configuration option

Previously, the configuration value was not being correctly retrieved from the MDS. As a result, snap-schedule manager module would not enforce the mds_max_snaps_per_dir setting and would enforce a default limit of 100.

CephFS FUSE clients can now correctly access the specified mds auth caps path

Previously, when parsing a path while validating mds auth caps FUSE clients were not able to access a specific path, even when the path was specified as rw for the mds auth caps.

SQL queries on a JSON statement no longer confuse key with array or object

Previously, in some cases, a result of an SQL statement on a JSON structure would confuse key with array or object. As a result, there was no venue.id, as defined, with id as the key value in the `venue object and it keeps traversing the whole JSON object.

Error code of local authentication engine is now returned correctly

Previously, incorrect error codes were returned when the local authentication engine was specified last in the authentication order and when the previous authentication engines were not applicable. As a result, incorrect error codes were returned.

Lifecycle transition now works for the rules containing "Date"

Previously, due to a bug in the lifecycle transition code, rules containing "Date" did not get processed causing the objects meeting the criteria to not get transitioned to other storage classes.

Notifications are now sent on lifecycle transition

Previously, logic to dispatch on transition (as distinct from expiration) was missed. Due to this, notifications were not seen on transition.

Batch object deleting is now allowed, with IAM policy permissions

Previously, during a batch delete process, also known as multi object delete, due to the incorrect evaluation of IAM policies returned AccessDenied output if no explicit or implicit deny were present. The AccessDenied occurred even if there were Allow privileges. As a result, batch deleting fails with the AccessDenied error.

Removing an S3 object now properly frees storage space

Previously, in some cases when removing the CopyObject and the size was larger than 4 MB, the object did not properly free all storage space that was used by that object. With this fix the source and destination handles are passed into various RGWRados call paths explicitly and the storage frees up, as expected.

Quota and rate limit settings for assume-roles are properly enforced for S3 requests with temporary credentials

Previously, information of a user using an assume-role was not loaded successfully from the backend store when temporary credentials were being used to serve an S3 request. As a result, the user quota or rate limit settings were not applied with the temporary credentials.

Pre-signed URLs are now accepted with Keystone EC2 authentication

Previously, a properly constructed pre-signed HTTP PUT URLs failed unexpectedly, with a 403/Access Denied error. This happened because of a change in processing of HTTP OPTIONS requests containing CORS changed the implied AWSv4 request signature calculation for some pre-signed URLs when authentication was through Keystone EC2 (Swift S3 emulation).

Malformed JSON of radosgw-admin notification output is now corrected

Previously, when bucket notifications were configured with metadata and tag filters, the output of radosgw-admin notification for the get/list output was malformed JSON. As a result, any JSON parser, such as jquery, reading the output would fail.

Clusters can now be configured with both QAT and non-QAT Ceph Object Gateway daemons

Previously, QAT could only be configured on new setups (Greenfield only). As a result, QAT Ceph Object Gateway daemons could not be configured in the same cluster as non-QAT (regular) Ceph Object Gateway daemons.

Ceph Object Gateway now tolerates minio SDK with checksums and other hypothetical traffic

Previously, some versions of the minio client SDK would be missing an appended part number for multipart objects. This would result in unexpected errors for multipart uploads.

Lifecycle transition no longer fails for non-current object with an empty instance

Previously, when bucket versioning was enabled, old plain object entries would get converted to versioned by updating its instance as "null" in its raw head/old object. Due to this, the lifecycle transition would fail for a non-current object with an instance empty.

The AST structure SQL statement no longer causes a crash

Previously, in some cases, due to an erroneous semantic combined with the Parquet flow, the AST creation that is produced by the SQL engine was wrong and a crash would occur.

Bucket policy authorizations now work as expected

Previously, only a bucket owner was able to set, get, and delete the configurations for bucket notifications from a bucket. This was the case even if the bucket policy authorized another user for running these operations.

Bucket policy evaluations now work as expected and allow cross tenant access for actions that are allowed by the policy

Previously, due to an incorrect value bucket tenant, during a bucket policy evaluation access was defined for S3 operations, even if they were explicitly allowed in the bucket policies. As a result, the bucket policy evaluation failed and S3 operations which were marked as allowed by the bucket policy were denied.

SSL sessions can now reuse connections for uploading multiple objects

Previously, during consecutive object uploads using SSL, the cipher negotiations occurred for each object. As a result, there would be a low performance of objects per second transfer rate.

Objects with null version IDs delete on the second site

Previously, objects with null version IDs were not deleted on the second site. In a multi-site environment, deleting an object with a null version ID on one of the sites did not delete the object on the second site.

Bucket creations in a secondary zone no longer fail

Previously, when a secondary zone forwarded a create_bucket request with a location constraint, the bucket would set the content_length to a non-zero value. However, the content_length was not parsed on the primary zone when forwarded from the secondary zone. As a result, when running a create_bucket operation and the content_length is 0 with an existing payload hash, the bucket failed to replicate.

CopyObject requests now replicate as expected

Previously, a copy_object would retain the source attributes by default. As a result, during a check for RGW_ATTR_OBJ_REPLICATION_TRACE, a NOT_MODIFIED error would emit if the destination zone was already present in the trace. This would cause a failure to replicate the copied object.

Newly added capacity no longer marked as allocated

Previously, newly added capacity was marked automatically as allocated. As a result, added disk capacity did not add available space.

BlueStore now works as expected with OSDs

Previously, the ceph-bluestore-tool show-label would not work on mounted OSDs and the ceph-volume lvm zap command was not able to erase the identity of an OSD. With this fix, the show-label attribute does not require exclusive access to the disk. In addition, the ceph-volume command now uses ceph-bluestore-tool zap to clear OSD devices.

BlueStore no longer overwrites labels

Previously, BlueFS would write over the location reserved for a label. As a result, the OSD would not start as expected.

RocksDB files now only take as much space as needed

Previously, RocksDB files were generously preallocated but never truncated. This resulted in wasted disk space that was assigned to files that would never be used.

Monitors no longer get stuck in elections during crash or shutdown tests

Previously, the disallowed_leaders attribute of the MonitorMap was conditionally filled only when entering stretch_mode. However, there were instances wherein Monitors that just got revived would not enter stretch_mode right away because they would be in a probing state. This led to a mismatch in the disallowed_leaders set between the monitors across the cluster. Due to this, Monitors would fail to elect a leader, and the election would be stuck, resulting in Ceph being unresponsive.

librbd no longer crashes when handling discard I/O requests

Previously, due to an implementation defect, librbd would crash when handling discard I/O requests that straddle multiple RADOS objects on an image with journaling feature enabled. The work around was to set the setting rbd_skip_partial_discard option to ‘false’ (the default is ‘true’).

rbd du command no longer crashes if a 0-sized block device image is encountered

Previously, due to an implementation defect, rbd du command would crash if it encountered a 0-sized RBD image.

rbd_diff_iterate2() API returns correct results for block device images with LUKS encryption loaded

Previously, due to an implementation defect, rbd_diff_iterate2() API returned incorrect results for RBD images with LUKS encryption loaded.

Encrypted image decryption is no longer skipped after importing or live migration

Previously, due to an implementation defect, when reading from an encrypted image that was live migrated or imported, decryption was skipped. As a result, an encrypted buffer (ciphertext), instead of the actual stored data (plaintext) was returned to the user.

Encryption specification now always propagates to the migration source

Previously, due to an implementation defect, when opening an encrypted clone image that is being live migrated or imported, the encryption specification wouldn’t be propagated to the migration source. As a result, the encrypted clone image that is being live migrated or imported would not open. The only workaround for the user was to pass the encryption specification twice by duplicating it.

rbd-mirror daemon now properly disposes of outdated PoolReplayer instances

Previously, due to an implementation defect, rbd-mirror daemon did not properly dispose of outdated PoolReplayer instances in particular when refreshing the mirror peer configuration. Due to this there was unnecessary resource consumption and number of PoolReplayer instances competed against each other causing rbd-mirror daemon health to be reported as ERROR and replication would hang in some cases. To resume replication the administrator had to restart the rbd-mirror daemon.

All memory consumed by the configuration reload process is now released

Previously, reload exports would not release all the memory consumed by the configuration reload process causing the memory footprint to increase.

The reap_expired_client_list no longer causes a deadlock

Previously, in some cases, the reap_expired_client_list would create a deadlock. This would occur due two threads waiting on each other to acquire a lock.

File parsing and startup time is significantly reduced

Previously, due to poor management of parsed tokens, configuration file parsing was too slow.

New Ceph Management gateway and the OAuth2 Proxy service for unified access and high availability

With this enhancement, the Ceph Dashboard introduces the Ceph Management gateway (mgmt-gateway) and the OAuth2 Proxy service (oauth2-proxy). With the Ceph Management gateway (mgmt-gateway) and the OAuth2 Proxy (oauth2-proxy) in place, nginx automatically directs the user through the oauth2-proxy to the configured Identity Provider (IdP), when single sign-on (SSO) is configured.

New OAuth2 SSO

OAuth2 SSO uses the oauth2-proxy service to work with the Ceph Management gateway (mgmt-gateway), providing unified access and improved user experience.

New bucket logging support for Ceph Object Gateway

Bucket logging provides a mechanism for logging all access to a bucket. The log data can be used to monitor bucket activity, detect unauthorized access, get insights into the bucket usage and use the logs as a journal for bucket changes. The log records are stored in objects in a separate bucket and can be analyzed later. Logging configuration is done at the bucket level and can be enabled or disabled at any time. The log bucket can accumulate logs from multiple buckets. The configured prefix may be used to distinguish between logs from different buckets.

Support for user accounts through Identity and Access Management (IAM)

With this release, Ceph Object Gateway supports user accounts as an optional feature to enable the self-service management of Users, Groups, and Roles similar to those in AWS Identity and Access Management(IAM).

Restore objects transitioned to remote cloud endpoint back into Ceph Object gateway using the cloud-restore feature

With this release, the cloud-restore feature is implemented. This feature allows users to restore objects transitioned to remote cloud endpoint back into Ceph Object gateway, using either S3 restore-object API or by rehydrating using read-through options.

Using the haproxy_qat_support setting in ingress specification causes the haproxy daemon to fail deployment

Currently, the haproxy_qat_support is present but not functional in the ingress specification. This was added to allow haproxy to offload encryption operations on machines with QAT hardware, intending to improve performance. The added function does not work as intended, due to an incomplete code update. If the haproxy_qat_support setting is used, then the haproxy daemon fails to deploy.

PROMETHEUS_API_HOST may not get set when Cephadm initially deploys Prometheus

Currently, PROMETHEUS_API_HOST may not get set when Cephadm initially deploys Prometheus. This issue is seen most commonly when bootstrapping a cluster with --skip-monitoring-stack, then deploying Prometheus at a later time. Due to this, a few monitoring information may be unavailable.

Sometimes ceph-mgr modules are temporarily unavailable and their commands fail

Occasionally, the balancer module takes a long time to load after a ceph-mgr restart. As a result, other ceph-mgr modules can become temporarily unavailable and their commands fail.

Ceph Object Gateway page does not load after a multi-site configuration

The Ceph Object Gateway page does not load because the dashboard cannot find the correct access key and secret key for the new realm during multi-site configuration.

CephFS path is updated with the correct subvolume path when navigating through the subvolume tab

In the Create NFS Export form for CephFS, the CephFS path is updating the subvolume group path instead of the subvolume.

Multi-site automation wizard mentions multi-cluster for both Red Hat and IBM Storage Ceph products

Within the multi-site automation wizard both Red Hat and IBM Storage Ceph products are mentioned in reference to multi-cluster. Only IBM Storage Ceph supports multi-cluster.

Deprecated iSCSI feature is displayed in the Ceph Dashboard

Currently, although iSCSI is a deprecated feature, it is displayed in the Ceph Dashboard.

Objects uploaded as Swift SLO cannot be downloaded by anonymous users

Objects that are uploaded as Swift SLO cannot be downloaded by anonymous users.

Not all apparently eligible reads can be performed locally

Currently, if a RADOS object has been recently created and in some cases, modified, it is not immediately possible to make a local read. Even when correctly configured and operating, not all apparently eligible reads can be performed locally. This is due to limitations of the RADOS protocol. In test environments, many objects are created and it is easy to create an unrepresentative sample of read-local I/Os.

Buckets created by tenanted users do not replicate correctly

Currently, buckets that are created by tenanted users do not replicate correctly.

When a secondary zone running Red Hat Ceph Storage 8.0 replicates user metadata from a pre-8.0 metadata master zone, access keys of those users are erroneously marked as "inactive".

Currently, when a secondary zone running Red Hat Ceph Storage 8.0 replicates user metadata from a pre-8.0 metadata master zone, the access keys of those users are erroneously marked as "inactive". Inactive keys cannot be used to authenticate requests, so those users are denied access to the secondary zone.

Placement groups are not scaled down in upmap-read and read balancer modes

Currently, pg-upmap-primary entries are not properly removed for placement groups (PGs) that are pending merge. For example, when the bulk flag is removed on a pool, or any case where the number of PGs in a pool decreases. As a result, the PG scale-down process gets stuck and the number of PGs in the affected pool do not decrease as expected.