Skip to content

Release notes

  • 2 min read

Confluent 3.15.1 release

3.15.1 has been released with the following changes:

Security hardening for profile private data

If someone modifies service.cfg to open confluent directly to external access, then authenticated nodes could have exploited a path traversal weakness to read files on the management node outside of the profile. This has been addressed.

Support for Nokia SRLinux

Switches running SRLinux have enhanced capabilities. hardwaremanagement.method set to srlinux will enable a number of commands. See Confluent configuration notes for Nokia Ethernet switches for more detail.

nodeapply can now request execution of ansible plays

The profile ansible plays were previously only invoked by confluent during deployment, without a recourse to have confluent execute. By request, nodeapply can request the confluent runner to kick off ansible plays similar to how it can kick off postscripts. `nodeapply -A' is the new argument.

Fix for variation seen in ansible

Some versions/distributions of ansible fouled confluent's autodetection, a broader set of ansible versions work. Particularly the ansible likely to be put in EL10 now works.

Fix for misdetection of EL8.10

EL8.10 import was broken due to misidentification, this has been fixed.

Improve behavior with missing volumegroup map for multi-disk cloning image

An inscrutible error appeared for users trying to deploy multi-disk clones, this has been improved. It still requires explicit work in pre.d to generate the mapping as an advanced usage scenario.

Fix ssh environment for recent EL10 diskless boot

EL10 had changes to move away from setgid ssh keysign to setuid keysign, and accompanying refusal to start with group readable keys. This has been detected and adapted.

Quorum state is pushed on member deletion

If a collective is one system shy of quorum and a member is deleted to bring quorum back, the leader failed to notify members of restoration of quorum. This has been addressd.

Other fixes and enhancements

Some documentation tweaks and a situation that could leak filehandles with bad certificates is addressed.

  • 2 min read

Confluent 3.15.0 release

3.15.0 has been released with the following changes:

Note on EPEL pysnmp issue for EL9

EPEL contains a broken vintage of python3-snmp, and this is reflected in the confluent rpm requirements, which may manifest as rpm conflicts. To resolve if the newer pysnmp is already installed:

# dnf --disablerepo=epel downgrade python3-pysnmp

To address ongoing dnf upgrades, filter the problematic version:

# dnf versionlock exclude python3-pysnmp-0:7.1.16-2.el9.noarch

ARM node enhancements

Management node repositories are now provided for ARM management nodes, improvements for ARM diskless images.

Fixed and enhanced support for ThinkSystem N1380 chassis

Support is improved for N1380 chassis and associated systems

Discovery support for more MegaRAC based systems

A variety of systems using MegaRAC can now do zero power discovery

Cisco NX-OS fix for discovery

A bug in the NX-OS switch support prevented successful discovery when using that platform, this has been remedied.

Diskless image changes

Untethered diskless images are now placed into zram on boot rather than on demand, making such environments more straightforward. This improves performance and reduces overall memory usage over time. Reduce cache pressure for tethered diskless to reduce cache usage for disk operation. A new 'uncompressed' method is also added, which has maximum memory impact for a modest bump in performance and more deterministic memory footprint.

Improved imgutil compatibility with containers

When running imgutil within containers, it will do more to ensure certain dependencies if possible.

SNMP privacy protocol may now be specified

`snmp.privacyprotocol' attribute is now available to opt for AES privacy protocol, where supporetd

New automatic id.index attribute

There's a new id.index attribute, which enumerates a number that may be used in expressions without having to rely upon number in naming schemes.

New attribute expression features

Attributes may now have '.replace()' to substitute some string value for another, .upper() to uppercase the result, .lower() to lowercase, .block_number() and .block_offset() to make it easier to break continuous numbers into blocks.

Extend autoconsole to cover broader scenarios

If console.method is set to trigger autoconsole checks, it will now work even without SPCR if exactly one viable serial console is detected. Works for a number of servers as well as virtual machines.

Revised TLS certificate settings

The TLS certificates and authorities generated by confluent by default now comply with stricter compliance policies. This includes applying more constraints and changing to sha384 instead of sha256

Expanded TLS certificate management

Confluent can now manage XCC certificates, including autosigning XCC certificates on discovery. This occurs when the version of python cryptography is new enough, as is the case when installing confluent on el10.