SUSE-RU-2019:0974-1: moderate: Recommended update for kubernetes-salt and velum
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Apr 17 13:12:30 MDT 2019
SUSE Recommended Update: Recommended update for kubernetes-salt and velum
______________________________________________________________________________
Announcement ID: SUSE-RU-2019:0974-1
Rating: moderate
References: #1113518 #1116572 #1120752 #1121163 #1121321
#1123711 #1124187 #1124784 #1127804 #1128491
#1128863 #1130202
Affected Products:
SUSE CaaS Platform 3.0
______________________________________________________________________________
An update that has 12 recommended fixes can now be
installed.
Description:
This update resolves the following issues:
# Velum:
- Node removal would fail when orchestration was incorrectly registered as
still in progress
- All nodes would show as failed after an update
- Incorrect information shown on how to download/use the kubeconfig file
- The velum user had too many permissions to manipulate the MariaDB
Please check if your installation is affected by running: ``` docker
exec -it $(docker ps -qf name=velum-mariadb) \ mysql -p$(cat
/var/lib/misc/infra-secrets/mariadb-root-password) -e "SHOW GRANTS FOR
velum at localhost" ```
The user permissions should return: ```
+--------------------------------------------------------------------------
---------------------------------------+ | Grants for
velum at localhost
|
+--------------------------------------------------------------------------
---------------------------------------+ | GRANT USAGE ON *.* TO
'velum'@'localhost' IDENTIFIED BY PASSWORD
'' | | GRANT SELECT,
INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON
`velum_production`.* TO 'velum'@'localhost' |
+--------------------------------------------------------------------------
---------------------------------------+ ```
If the user account still has ```GRANT ALL PRIVILEGES```, please
adjust the privileges for the user by running: ``` docker exec -it
$(docker ps -qf name=velum-mariadb) \ mysql -p$(cat
/var/lib/misc/infra-secrets/mariadb-root-password) \
-e "REVOKE ALL PRIVILEGES ON velum_production.* FROM velum at localhost;
\ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON
velum_production.* TO velum at localhost" ```
- Nodes could become unresponsive if too many resources were reserved
- System wide certificates removed from Velum were not removed from the
cluster nodes
- Certificates with Windows line endings could cause errors during
external LDAP setup
# Kubernetes Salt:
- Removing the system wide proxy configuration was not applied correctly
and configuration remained in place
- Bootstrap of the cluster would fail
- Removed an obsolete custom module
- Modules for the reactor component were synchronized from multiple
operations and could cause race conditions of the saved state
- The automatic transactional-update timer did not remain disabled during
an upgrade
# CaaSP Container Manifests:
- Admin node container would fail to start
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE CaaS Platform 3.0:
To install this update, use the SUSE CaaS Platform Velum dashboard.
It will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE CaaS Platform 3.0 (noarch):
caasp-container-manifests-3.0.0+git_r305_95f7c0b-3.17.1
kubernetes-salt-3.0.0+git_r969_5d274fb-3.61.1
- SUSE CaaS Platform 3.0 (x86_64):
sles12-velum-image-3.1.13-3.47.2
References:
https://bugzilla.suse.com/1113518
https://bugzilla.suse.com/1116572
https://bugzilla.suse.com/1120752
https://bugzilla.suse.com/1121163
https://bugzilla.suse.com/1121321
https://bugzilla.suse.com/1123711
https://bugzilla.suse.com/1124187
https://bugzilla.suse.com/1124784
https://bugzilla.suse.com/1127804
https://bugzilla.suse.com/1128491
https://bugzilla.suse.com/1128863
https://bugzilla.suse.com/1130202
More information about the sle-updates
mailing list