Bug 2196924

Summary: Document the need to configure recheck_wwid setting in multipath.conf
Product: Red Hat OpenStack Reporter: Alan Bishop <abishop>
Component: documentationAssignee: RHOS Documentation Team <rhos-docs>
Status: NEW --- QA Contact: RHOS Documentation Team <rhos-docs>
Severity: high Docs Contact:
Priority: high    
Version: 16.1 (Train)   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alan Bishop 2023-05-10 19:37:12 UTC 
CVE-2023-2088 describes a security vulnerability related to cinder volume connections. As documented in the upstream bug [1], it's recommended that multipathd be configured with recheck_wwid enabled.

In OSP-16.1, multipath is configured manually per Section 2.5 of the Storage Guide [2], and there are instructions for patching multipath.conf in order to set the skip_kpartx setting to "yes" ([3],[4]). Additional steps should be added to configure the recheck_wwid in a similar fashion (it should be set to "yes").

[1] https://bugs.launchpad.net/nova/+bug/2004555/comments/38
[2] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html-single/storage_guide/index#multipath-configuration
[3] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html-single/storage_guide/index#configure-multipath-on-new-deployments Step 8.
[4] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html-single/storage_guide/index#configure-multipath-on-existing-deployments Step 3.

Additional info:

This is not relevant in OSP-13 because the recheck_wwid option is not available in RHEL 7.

This is not relevant in OSP-16.2 and 17.x because in these releases multipath is automatically configured by the director, and that includes configuring the recheck_wwid parameter.
Comment 1 Alan Bishop 2023-05-10 19:43:50 UTC 
*** Bug 2196927 has been marked as a duplicate of this bug. ***