NVIDIA NetQ 3.2 Release Notes
Download all 3.2 release notes as .xls3.2.1 Release Notes
Open Issues in 3.2.1
Issue ID | Description | Affects | Fixed |
---|---|---|---|
2893000 |
CVE-2021-44228: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. | 2.4.0-4.0.1 | 4.1.0-4.12.0 |
2690469 |
While upgrading an on-premises deployment from version 2.4.x to 3.x.y then to 4.x, the upgrade fails during the NetQ application stage To work around this issue, run the following command on the NetQ telemetry server, then start the upgrade again:‘netq install opta activate-job config-key EhVuZXRxLWVuZHBvaW50LWdhdGV3YXkYsagDIiw3T2sweW9kR3Y4Wk9sTHU3MkwrQTRjNkhhQkU3bVpBNVlZVjEvWWgyZGJBPQ==’ |
3.2.1-4.0.1 | 4.1.0-4.12.0 |
2556205 |
NetQ CLI: User cannot remove a notification channel when threshold-based event rules are configured. | 3.2.1-3.3.0 | 3.3.1 |
2556006 |
NetQ Infra: Customers with cloud deployments who wish to use the lifecycle management (LCM) feature in NetQ 3.3.0 must upgrade their NetQ Cloud Appliance or Virtual Machine as well as the NetQ Agent. | 3.2.1 | 3.3.0-3.3.1 |
2553453 |
The netqd daemon logs a traceback to /var/log/netqd.log when the OPTA server is unreachable and netq show commands are run. |
3.1.0-3.3.1 | 4.0.0-4.12.0 |
2549319 |
NetQ UI: The legend and segment colors on Switches and Upgrade History card graphs sometimes do not match. These cards appear on the lifecycle management dashboard (Manage Switch Assets view). Hover over graph to view the correct values. | 3.0.0-3.3.1 | 4.0.0-4.12.0 |
2549246 |
NetQ UI: Snapshot comparison cards may not render correctly after navigating away from a workbench and then returning to it. If you are viewing the Snapshot comparison card(s) on a custom workbench, refresh the page to reload the data. If you are viewing it on the Cumulus Default workbench, after refreshing the page you must recreate the comparison(s). | 2.4.0-3.2.1 | 3.3.0-3.3.1 |
Fixed Issues in 3.2.1
Issue ID | Description | Affects |
---|---|---|
2553951 |
Infra: In an on-premises deployment, the Kafka change logs can fill the NetQ appliance or VM disk space rapidly on systems with a large number of MAC or neighbor entries. If the disk usage exceeds 90%, the NetQ service is partially or completely disrupted. To workaround this issue, reduce the retention setting for log cleanup to 30 minutes by running the following script on your NetQ appliance/VM or the master server in a clustered arrangement:
|
3.2.0 |
2553793 |
NetQ CLI: For an on-premises deployment, an access_key and secret_key are not needed for the CLI to access the NetQ Collector. When these keys are configured NetQ assumes the system is in a cloud deployment and tries to validate the SSL certificates. This fails because for NetQ Collectors, the SSL certificates are usually self signed. As a result, the CLI fails with the following error:cumulus@switch:~# netq show agentsFailed to process command. Check /var/log/netqd.log for more detailsYou also see an error in /var/log/netqd.log similar to this: 2020-10-01T01:44:51.534875+00:00 leaf01 netqd[4782]: ERROR: GET request failed https://st-ts-01:32708/netq/telemetry/v1/object/bgp?count=2000&offset=02020-10-01T01:44:51.535251+00:00 leaf01 netqd[4782]: ERROR: HTTPSConnectionPool(host=‘st-ts-01’, port=32708): Max retries exceeded with url: /netq/telemetry/v1/object/bgp?count=2000&offset=0 (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: {color:#d04437}CERTIFICATE_VERIFY_FAILED{color}] certificate verify failed: self signed certificate (_ssl.c:1056)')))To resolve the failure, remove the access_key and secret_key from the CLI configuration cumulus@switch:~# rm -f /etc/netq/.loginkeys.aescumulus@switch:~# rm -f /etc/netq/.login.aes |
3.2.0 |
2553758 |
NetQ CLI: When the NetQ Collector is configured with a proxy server for the CLI to access cloud APIs the SSL certificate validation fails because the proxy provides its own self-signed certificate. This causes the CLI to fail with the following error:cumulus@switch:~# netq show agentsFailed to process command. Check /var/log/netqd.log for more detailsYou also see an error in /var/log/netqd.log similar to this: 2020-10-01T01:44:51.534875+00:00 leaf01 netqd[4782]: ERROR: GET request failed https://st-ts-01:32708/netq/telemetry/v1/object/bgp?count=2000&offset=02020-10-01T01:44:51.535251+00:00 leaf01 netqd[4782]: ERROR: HTTPSConnectionPool(host=‘st-ts-01’, port=32708): Max retries exceeded with url: /netq/telemetry/v1/object/bgp?count=2000&offset=0 (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: {color:#d04437}CERTIFICATE_VERIFY_FAILED{color}] certificate verify failed: self signed certificate (_ssl.c:1056)')))Two options are available to work around this issue:* If the NetQ Collector has Internet access, configure the CLI to point to the cloud API instance directly: cumulus@switch:~# netq config add cli server api.netq.cumulusnetworks.com port 443cumulus@switch:~# netq config restart cli* To use the proxy server: 1. Delete the token file. Run sudo rm /tmp/token.aes .2. Edit the _/etc/netq/netq.yml_ file as follows. The password is entered as cleartext. netq-cli: Note: OPID is not directly visible to user. File a [support ticket|https://cumulusnetworks.com/support/file-a-ticket/] for assistance with completing the configuration. 3. Restart the the CLI. Run netq config restart cli . |
3.2.0 |
3.2.0 Release Notes
Open Issues in 3.2.0
Issue ID | Description | Affects | Fixed |
---|---|---|---|
2893000 |
CVE-2021-44228: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. | 2.4.0-4.0.1 | 4.1.0-4.12.0 |
2553951 |
Infra: In an on-premises deployment, the Kafka change logs can fill the NetQ appliance or VM disk space rapidly on systems with a large number of MAC or neighbor entries. If the disk usage exceeds 90%, the NetQ service is partially or completely disrupted. To workaround this issue, reduce the retention setting for log cleanup to 30 minutes by running the following script on your NetQ appliance/VM or the master server in a clustered arrangement:
|
3.2.0 | 3.2.1-3.3.1 |
2553793 |
NetQ CLI: For an on-premises deployment, an access_key and secret_key are not needed for the CLI to access the NetQ Collector. When these keys are configured NetQ assumes the system is in a cloud deployment and tries to validate the SSL certificates. This fails because for NetQ Collectors, the SSL certificates are usually self signed. As a result, the CLI fails with the following error:cumulus@switch:~# netq show agentsFailed to process command. Check /var/log/netqd.log for more detailsYou also see an error in /var/log/netqd.log similar to this: 2020-10-01T01:44:51.534875+00:00 leaf01 netqd[4782]: ERROR: GET request failed https://st-ts-01:32708/netq/telemetry/v1/object/bgp?count=2000&offset=02020-10-01T01:44:51.535251+00:00 leaf01 netqd[4782]: ERROR: HTTPSConnectionPool(host=‘st-ts-01’, port=32708): Max retries exceeded with url: /netq/telemetry/v1/object/bgp?count=2000&offset=0 (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: {color:#d04437}CERTIFICATE_VERIFY_FAILED{color}] certificate verify failed: self signed certificate (_ssl.c:1056)')))To resolve the failure, remove the access_key and secret_key from the CLI configuration cumulus@switch:~# rm -f /etc/netq/.loginkeys.aescumulus@switch:~# rm -f /etc/netq/.login.aes |
3.2.0 | 3.2.1-3.3.1 |
2553758 |
NetQ CLI: When the NetQ Collector is configured with a proxy server for the CLI to access cloud APIs the SSL certificate validation fails because the proxy provides its own self-signed certificate. This causes the CLI to fail with the following error:cumulus@switch:~# netq show agentsFailed to process command. Check /var/log/netqd.log for more detailsYou also see an error in /var/log/netqd.log similar to this: 2020-10-01T01:44:51.534875+00:00 leaf01 netqd[4782]: ERROR: GET request failed https://st-ts-01:32708/netq/telemetry/v1/object/bgp?count=2000&offset=02020-10-01T01:44:51.535251+00:00 leaf01 netqd[4782]: ERROR: HTTPSConnectionPool(host=‘st-ts-01’, port=32708): Max retries exceeded with url: /netq/telemetry/v1/object/bgp?count=2000&offset=0 (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: {color:#d04437}CERTIFICATE_VERIFY_FAILED{color}] certificate verify failed: self signed certificate (_ssl.c:1056)')))Two options are available to work around this issue:* If the NetQ Collector has Internet access, configure the CLI to point to the cloud API instance directly: cumulus@switch:~# netq config add cli server api.netq.cumulusnetworks.com port 443cumulus@switch:~# netq config restart cli* To use the proxy server: 1. Delete the token file. Run sudo rm /tmp/token.aes .2. Edit the _/etc/netq/netq.yml_ file as follows. The password is entered as cleartext. netq-cli: Note: OPID is not directly visible to user. File a [support ticket|https://cumulusnetworks.com/support/file-a-ticket/] for assistance with completing the configuration. 3. Restart the the CLI. Run netq config restart cli . |
3.2.0 | 3.2.1-3.3.1 |
2553453 |
The netqd daemon logs a traceback to /var/log/netqd.log when the OPTA server is unreachable and netq show commands are run. |
3.1.0-3.3.1 | 4.0.0-4.12.0 |
2549319 |
NetQ UI: The legend and segment colors on Switches and Upgrade History card graphs sometimes do not match. These cards appear on the lifecycle management dashboard (Manage Switch Assets view). Hover over graph to view the correct values. | 3.0.0-3.3.1 | 4.0.0-4.12.0 |
2549246 |
NetQ UI: Snapshot comparison cards may not render correctly after navigating away from a workbench and then returning to it. If you are viewing the Snapshot comparison card(s) on a custom workbench, refresh the page to reload the data. If you are viewing it on the Cumulus Default workbench, after refreshing the page you must recreate the comparison(s). | 2.4.0-3.2.1 | 3.3.0-3.3.1 |
Fixed Issues in 3.2.0
Issue ID | Description | Affects |
---|---|---|
2551790 |
CLI: Upgrade to NetQ 3.1.0 using the CLI fails due to an authentication issue. To work around this issue, run the netq bootstrap master upgrade command as usual, then use the Admin UI to complete the upgrade at https://<netq-appl-vm-hostname-or-ipaddr>:8443. |
3.1.0-3.1.1 |
2551641 |
Infra: NetQ VM installation fails if the designated disk size is greater than 2TB. To work around this issue, specify the disk for cloud deployments to be between 256GB and 2TB SSD, and for on-premises deployments to be between 32 GB and 2TB. | 2.4.0-3.1.1 |
2551569 |
CLI: When a proxy server is configured for NetQ Cloud access and lifecycle management (LCM) is enabled, the associated LCM CLI commands fail due to incorrect port specification. To work around this issue, configure the NetQ Collector to connect directly to NetQ Cloud without a proxy. | 3.1.0-3.1.1 |
2549344 |
UI: The lifecycle management feature does not present general alarm or info events; however, errors related to the upgrade process are reported within the NetQ UI. | 3.0.0-3.1.1 |