wiki

User Tools

Site Tools

Trace: bash suse_pxe gpfs_error
gpfs:gpfs_error

Spectrum Scale errors

Log4J

Problem Determination:

Determine if you are using any of the versions of IBM Spectrum Scale or ESS impacted by this vulnerability.

Workaround/Mitigation:

Customers are advised to edit the file /etc/sysconfig/gpfsgui on each node running the GUI to include a line like this

LOG4J_FORMAT_MSG_NO_LOOKUPS=true

Final file content should look similar to this example: 

$ cat /etc/sysconfig/gpfsgui
##############################################################################
#
# Licensed Materials - Property of IBM
#
# (C) COPYRIGHT International Business Machines Corp. 2018
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
##############################################################################

# our search path
PATH="/usr/lpp/mmfs/bin:/bin:/usr/bin:/sbin:/usr/sbin"

# Java
JAVA_HOME=/usr/lpp/mmfs/java/

# Where to put JVM cores
JAVACOREDIR=/var/crash/scalemgmt
IBM_JAVACOREDIR=/var/crash/scalemgmt
IBM_HEAPDUMPDIR=/var/crash/scalemgmt
IBM_COREDIR=/var/crash/scalemgmt

# mitigation for log4j issue
LOG4J_FORMAT_MSG_NO_LOOKUPS=true

# IP tables
UPDATE_IPTABLES=true

# Setup iptables rules only on these (comma separated) interfaces
UPDATE_IPTABLES_INTERFACES=
GUI_HTTP_PORT=80
GUI_HTTPS_PORT=443

After the file has been changed for each node running the GUI , the GUI process must be restarted, by issuing the command “systemctl restart gpfsgui”.

Note: 

  For the IBM Spectrum Scale on AWS Marketplace version "Spectrum Scale 5.0.5.3 BYOL v1.3.1", the IBM Spectrum Scale GUI is not started by default. If the IBM Spectrum Scale GUI was started either using the "mmcloudworkflows gui_service start" command or manually, login to the node on which the IBM Spectrum Scale GUI is running and follow the steps detailed above.
  For IBM Spectrum Scale Container Native Storage Access environments, a fix will be made available on Github  (https://github.com/IBM/ibm-spectrum-scale-container-native) which will pull updated images via IBM Cloud Container Registry.  In the meantime, to help mitigate the risk, customers should patch the GUI statefulset and set the LOG4J_FORMAT_MSG_NO_LOOKUPS="true" environment variable to force this change:
      For CNSA v5.1.1.3, v5.1.1.4, v5.1.2.1:  oc set env -c liberty -e LOG4J_FORMAT_MSG_NO_LOOKUPS=true sts/ibm-spectrum-scale-gui -nibm-spectrum-scale
      For CNSA v5.1.1.1: oc set env -c liberty -e LOG4J_FORMAT_MSG_NO_LOOKUPS=true sts/ibm-spectrum-scale-gui -nibm-spectrum-scale-ns
gpfs/gpfs_error.txt · Last modified: 2021/12/30 22:46 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki