PCE Platform
Error occurred when trying to change telegraf_port (E-85899)
If a user had a service using port :8125, starting the PCE generated the following error:
[telegraf] Error running agent: starting input inputs.statsd: listen udp :8125: bind: address already in useThis issue happened because, prior to this fix, the
telegraf.conf.erbport value forstatsdwas hard-coded to service_address = “:8125”This issue is resolved. Port 8125 is no longer hard-coded and the PCE now allows users to change the
telegraf_portby updating theruntime_envand then restarting the PCE.Rare mismatch prevented PCE data node from coming online (E-85733)
When setting up a PCE for the first time, in rare cases a mismatch occurred between the database user
pwdcommand in the database and the Illumio key-value store. This prevented PCE data nodes from coming online (runlevel 1-5) and generated the errorFailed to create/alter application DB user. This issue is resolved.Access denied when editing API Key Settings (E-85673)
When trying to edit API Key Settings, SaaS customers without root permissions received the message
Unable to Edit Service. Access denied. This issue is resolved and now global org owners can edit API Key Settings.PCE in a partial state following an upgrade (E-85414)
In rare cases, following an upgrade the PCE remained in a 'PARTIAL' state. Issuing the command
sudo -u ilo-pce illumio-pce-ctl cluster-statusshowed that theset_server_redis_serverservice wasn't RUNNING. Theset_server_0_master.logcould have shown entries similar to the following:Warning: Could not create server TCP listening socket 127.0.0.1:6000: listen: Address already in useThis issue is resolved.
Support bundle wasn't generated when fileserver failed over (E-85198)
When using Troubleshooting > PCE Support Bundles in the PCE web console, an error sometimes occurred if the fileserver failed over. The support bundle functionality couldn't detect the correct fileserver and the support bundle couldn't be created.
This issue is resolved.
Couldn't log into the PCE (E-84777)
If the web server was under heavy load, occasional failures could occur when attempting to log in to the PCE. This issue is resolved.
Unnecessary number of PCE events generated for SA API key expiration and deletion jobs (E-84693)
A PCE event was generated whenever a Service Account (SA) API key expiration and deletion job ran, regardless of whether any SA API keys were expired or deleted at the time. As a result, an unnecessary number of events were generated. This issue is resolved. Now, SA API key expiration and deletion jobs generate an event only when there are such keys that have expired or have been deleted.
API returned incorrect values for service account API key management (E-84459)
Querying with the
api_keyAPI returned incorrect values for X-Total-Count and X-Matched-Count. This issue is resolved. Correct values are now returned when querying with theapi_keyAPI.Updated query parameters for API keys (E-84388)
Some parameters have been renamed or deprecated to allow differentiation between the type "user" and "service_account:"
Query parameter "name" is retained for the type "service_account"
Query parameter "name" is changed to "username" for the type "user"
Query parameter "service_account_name" was deprecated and consolidated to "name"
Query parameter "api_key_name" was deprecated and removed as not needed
LDAP user unable to log into PCE when directory search returned more than one result (E-83974)
User authentication could fail for user DNs that had LDAP entries below them. This configuration is common for user devices, such as
ExchangeActiveSyncDevices. This issue is resolved. In this release, the PCE only queries the LDAP directory for username attributes that are an exact match.Error occurred when editing labels or unpairing workloads (E-83924)
When you added a scoped role to a user with an unrestricted role, then tried to edit the labels on a paired workload or manually unpair a workload, a “500 Internal Server Error” occurred. This issue is resolved.
Virtual server events API could return missing or incorrect data (E-81611)
When using the Events API to update a virtual service, the API did not expose label deletion information in the resource changes section. This issue is resolved. In this scenario, the Events API now exposes label deletion information.