Content Gateway 8.1.0 Release

Owned by Anjali Tyagi
Last updated: Aug 07, 2024
3 min read

CentOS/RHEL 7 is the end of life (EOL) and yum commands on CentOS now fail with "Could not retrieve mirrorlist http://mirrorlist.centos.org/". There is a workaround, but please plan a migration to RockyLinux/RHEL 8.

Changes

  • Reduced timeout for Gateway's caches to acquire a connection to Swarm Storage nodes. This avoids incoming connections triggering file handle limits with threads stuck in ScspObjectCache, requiring a "systemctl cloudgateway restart". (CLOUD-3853)

  • Gateway 8.1.0 is required when using a search feed created with Swarm 16.1.2 search.perDomainIndex=True. No gateway.cfg changes are needed. Please remember to restart Gateway whenever the default search feed is changed. (CLOUD-3988)

  • Added a policy action ListAllMyBuckets for AWS compatibility, to allow a listing of all the bucket names in a domain. Previously ListDomain permission was required but that can also allow for the listing of objects within buckets via SCSP. Enabling this action requires using the Content UI policy editor in "json" mode, at the tenant or domain level. (CLOUD-3526)

  • For improved compatibility with AWS S3, Gateway 8.1.0 now allows object locking retention dates earlier than the bucket default. (CLOUD-3800)

  • Gateway 8.1.0 cloudgateway_audit.log now includes trailing fields on most requests that indicate the milliseconds spent in different stages. (CLOUD-3902)

  • Dependencies had been updated to avoid all High severity security vulnerabilities. We recommend all Gateway v7 and v8.0 customers upgrade even if older versions of Swarm are still used. (CLOUD-3905)

  • Optimized error handling for object retention updates. Upgrade to Swarm 16.1 if experiencing persistent 503 errors on some objects [ReaderNotFound7 ESR37]. (CLOUD-3916)

  • Increase [storage_cluster] indexerMaxConnections (default 30) and indexerMaxConnectionsPerRoute (default 10) to allow more open connections to Elasticsearch nodes for listing and metering queries. Set to -1 to not change the default. (CLOUD-3983)

  • Respond with an error instead of empty listing results when indexerHosts does not match the default Search Feed. (CLOUD-3219)

  • Improved the audit logging of sub-requests of S3 DeleteObjects and CopyObject requests. The internal requests have the incoming request-id followed by -<count> or -copysource. (CLOUD-3951)

  • Fixed the remaining Elasticsearch deprecation warnings triggered by some Portal metering queries:
    "date-interval-getter" - "[interval] on [date_histogram] is deprecated". (CLOUD-3909)

  • Fixed an issue where Gateway 8.0 and later logs "S3ObjectRequestHandler: Unable to determine Veeam SOSAPI capacity.xml" with a NullPointerException if metering or quota is disabled. (CLOUD-3941)

  • Fixed an S3 HEAD request of an object that could respond with a 500 Internal Error. It now responds with a 403 Forbidden like GET. (CLOUD-3987)

Upgrade Impacts

See  to upgrade from a version of Gateway 6 or 7. See , if migrating from Elasticsearch 2.3.3 and Gateway 5.

Starting with Gateway 7.8, Elasticsearch 6.8.6 is no longer supported. Remain on Gateway 7.7 until the rolling upgrade from Elasticsearch 6.8.6 to 7.5.2 is completed.

Address the upgrade impacts for this and each prior version since the currently running version:

Impacts for 8.1.0

  • Version Requirements

    • Swarm Storage 14.1.0 or higher

    • Elasticsearch 7.5.2 or 7.17.9 (required with Swarm Storage 15.3 or higher)

    • Content UI 7.9.1

    • Storage UI 3.5.0

 

 

 

 

 

See and for impacts from prior releases.

Watch Items and Issues

These are known operational limitations that exist for Gateway.

  • When using the default RHEL/CentOS configuration of IPTABLES, traffic to the Gateway will be blocked unless action is taken to disable IPTABLES or to enable inbound traffic to the front-end protocol port(s).

  • Gateway is not compatible with Linux PAM modules that depend on interactive validation operations such as OTP or biometric scanners.

  • Gateway 8.0.4 must be restarted after creating a Search Feed to avoid the error: “ResourceUnavailableException: Application resource 'elasticsearch-storage_cluster' is unavailable”. This will be fixed in an upcoming release. (CLOUD-4003)

  • Gateway logs show a warning "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone". This is harmless and can be avoided by adding "xpack.security.enabled: false" to each Elasticsearch node's /etc/elasticsearch/elasticsearch.yml and doing a rolling restart . (SWAR-10260)

See and for known issues from prior releases that are still applicable, apart from those appearing above as fixed.

 

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.