Cube.COS - Release Note
Abstract
Bigstack CUBE.COS 2.5 is a minor release for CUBE.COS cloud operating system dedicated to IEC62443-3-3 compliance. The changes include some features, improvements, and enhancements. The newly added features are disk encryption and login greeting messages. Security scanning is added to detect vulnerabilities. The procedure of disk removal has been improved. More information is supplied for the storage status. This release provides the following updates to Bigstack CUBE.COS version 2.5:
- Based on CentOS Stream 9
- Kernel version : 5.14.0-435
- Nova version : 25.3.0 (Yoga)
- Ovn version : 23.03
- Ceph version : 17.2.6 (Quincy)
- Rancher version : v2.7.9
- Nvidia GPU driver to 535.104
New Functionality
- Storage
- Encryption
- Added encryption mode for adding disks
- 1 drive defaults to 1 OSD
- Encryption
- Operation and Management
- Added login greeting message to show alert messages to users on login
- Security
- Security Scanning
- Mandatory security measurements were added to the CubeOS build pipeline. The measurements ensure that packages included in CubeOS are up-to-date from trusted upstream sources and free from high-severity vulnerabilities at runtime. Except for components confirmed to be safe in controlled client environments, no weakness with high severity would appear in scanning reports.
- File System Integrity
- CubeOS can detect where, when, and how the overall file system is tampered with and would restore the system to its original state upon every reboot.
- USB Storage Device
- USB storage devices are now blocked from Cube OS by default.
- CLI tuning option
cubesys.probeusbis provided to system admins to lock or unlock USB storage devices from Cube OS. If the tuning istrue, USB storage devices are accessible to Cube OS. In the other hand, if the tuning isfalse, those devices are blocked from Cube OS.
- Security Scanning
Changed Features
- Index menu for safe/force option is added for
remove_diskcommand.
Fixed Defects
Fixpacks
Enhancements and Fixes in Cube 2.5
- More information is supplied through
list_osdcommand.
OpenStack Services
Web Frontend
- Horizon (Dashboard)
Share Services
- Keystone (Identity)
- Glance (Image)
- Barbican (Key Store)
Compute
- Nova (Virtual Machine)
- Ironic (Bare-metal)
Accelerator
- Cyborg (GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK and so on)
Networking
- Neutron (SDN/NFV, VPN as a Service)
- Octavia (Load Balance as a Service)
- Designate (DNS as a Service)
Storage
- Cinder (Block Storage)
- Manila (File Storage)
- Swift (Object Storage)
Orchestration
- Heat (Orchestration)
- Senlin (Auto-scaling)
Monitoring
- Monasca (Telemetry)
High Availability
- Masakari (Instance HA)
Resource Optimaztion
- Watcher (Infrastructure Optimization)
Cube Infrascope
- ELK
Elasticsearch (v7.10)Opensearch (v2.10)Kibana (v7.10)Opensearch-dashboards (v2.10)- Logstash (v8.9.0)
- Filebeat (v8.10.2)
- Auditbeat (v8.10.2)
- TIGK
- Telegraf (v1.17)
- Influxdb (v1.8.10)
Grafana (v7.5.9)Grafana-enterprise (v10.1.5)- Kapacitor (v1.5.7)
- Data Pipeline
- Zookeeper (v2.13)
- Monasca (v2.5.0)
- Kafka (v2.7)
Identity
- Keycloak (v17.0.1)
Announcements
Compatibilities
The following Cube related products are currently supported by Cube 2.5 and can only be run against Cube 2.4 or above.
- CUBE.CMP 1.7
- Prerequisites: Cube 2.4 with AppFramework deployed
- CUBE.VDI Driver and integration
- Prerequisites: Cube 2.4 and Cube VDI essentials
Contact Bigstack: https://www.bigstack.co/contact/ for details of Cube products.
Installation and Configuration
For CUBE.COS installation, see the following topics in Bigstack documentation.
To get started with CUBE.COS, see Quick Start in Bigstack documentation.
Known issues
After enable OTP login, Keycloak page show nothing.
Related information
Bigstack Co., Ltd. is a software and consulting company, focused on open source, software-defined data center, cloud platforms, and security.
Contact Bigstack: https://www.bigstack.co/contact/