Changes
S3 Object Locking — Object locking feature in Gateway 7.6 prevents object versions from being deleted or overwritten – for a fixed amount of time or indefinitely. (CLOUD-3247)
CIDR Support in [scsp]allowSwarmAdminIP — This Gateway parameter now supports CIDR formatting in its values (CLOUD-1191)
Upgrade Impacts
See Upgrading Gateway to upgrade from a version of Gateway 6. See Upgrading from Gateway 5.x if migrating from Elasticsearch 2.3.3 and Gateway 5.
Address the upgrade impacts for this and each prior version since currently running version:
Impacts for 7.6
Version Requirements
Swarm Storage 12.0.1 or higher
Elasticsearch 7.5.2
Content UI 7.4
Impacts for 7.5
Version Requirements
Swarm Storage 12.0.1 or higher
Elasticsearch 7.5.2
Content UI 7.4
Impacts for 7.4
Version Requirements
Swarm Storage 12.0.1 or higher
Elasticsearch 7.5.2
Content UI 7.4
Impacts for 7.3
Version Requirements
Swarm Storage 12.0 or higher
Elasticsearch 7.5.2
Content UI 7.3
Impacts for 7.2
Version Requirements
Swarm Storage 12.0 or higher
Elasticsearch 7.5.2
Content UI 7.2
Impacts for 7.1
Version Requirements
Swarm Storage 12.0 or higher
Elasticsearch 7.5.2: Migration to Elasticsearch 6 from either Elasticsearch 2 or 5, with reindexing, must be performed before upgrading. Because the ES 6 database is binary-compatible, upgrade in place to the current version is possible. See How to Upgrade Swarm.
Content UI 7.0
Password Security
The script to initialize Gateway (
/opt/caringo/cloudgateway/bin/initgateway
), a one-time step after installing Gateway, generates the master encryption key that is used in password security for the Gateway configuration and IDSYS files. The first time upgrading from a version prior to 7.1, run this initialization again to enable the feature.If downgrading from 7.1, errors are encounter related to the inability to authenticate using the encrypted passwords in the configuration and IDSYS files. Replace any encrypted credentials with original versions. (CLOUD-3209)
Impacts for 7.0
Version Requirements
Swarm Storage 11.2 or higher
Elasticsearch 6.8.6 or 5.6.12
Content UI 6.3, if used
Enable the Gateway service manually after upgrading:
systemctl enable cloudgateway
. (CLOUD-3193)To support processes requiring repeated bucket PUT requests to succeed, those requests now always return 409 Conflict, regardless of owner, instead of 403 Forbidden for non-owners. This differs from AWS S3 behavior. (CLOUD-3167)
See Content Gateway 6.4 Release for impacts from prior releases.
Watch Items and Issues
These are known operational limitations that exist for Gateway.
When using the default RHEL/CentOS configuration of IPTABLES, traffic to the Gateway is blocked unless action is taken to disable IPTABLES or to enable inbound traffic to the front-end protocol port(s).
Gateway is not compatible with Linux PAM modules that depend upon interactive validation operations such as OTP or biometric scanners.
See Content Gateway 6.4 Release for known issues from prior releases that are still applicable, apart from those appearing above as Fixed.