SUSE-RU-2020:0710-1: important: Upgrading to Terraform 0.12 and fix issues in crio, grafana, kubelet, skuba, and terraform

sle-updates at sle-updates at
Wed Mar 18 05:19:04 MDT 2020

   SUSE Recommended Update: Upgrading to Terraform 0.12 and fix issues in crio, grafana, kubelet, skuba, and terraform

Announcement ID:    SUSE-RU-2020:0710-1
Rating:             important
References:         #1145003 #1157323 #1159082 #1160463 #1161056 
                    #1161110 #1161179 #1161225 #1162093 
Affected Products:
                    SUSE CaaS Platform 4.0

   An update that has 9 recommended fixes can now be installed.


   Upgrade Terraform Files and State

   In order to seamlessly switch to Terraform 0.12 you need to make sure that:

   * all files follow the new syntax for the HashiCorp Configuration Language
     included in Terraform 0.12;
   * all boolean values are `true` or `false` and *not* 0 or 1;
   * all variables are explicitly declared;
   * all dependencies are explicitly declared to reach the expected behavior.

   Recommended Procedure

   If you can tear down your existing cluster, do delete your cluster before
   upgrading to Terraform 0.12. After that follow our documentation to create
   a new cluster. That will lead to the cleanest upgrade result.

   If you are using Terraform 0.11 and you cannot tear down your cluster, you
   will need to update your Terraform files (and states) in place for
   Terraform 0.12.

   To do this, enter your Terraform files/state folder and:

   * Migrate Terraform files with the automatic migration tool by running
     `terraform 0.12upgrade`.
   * For OpenStack, run the extra operations for in-place upgrade, which
     follow just below.
   * For VMware, there is no extra operation.
   * You can then run the `terraform init/plan/apply` commands as usual.

   Extra Operations for In-place Upgrade of OpenStack Terraform Files

   * Replace any boolean values written as a number with `false`/`true`. For
     example, for the variables in `openstack/` (and their
     equivalent in your `terraform.tfvars` file), replace `default = 0` with
     `default = false` in the variables `workers_vol_enabled` and `dnsentry`.
     Do the same for any extra boolean variable you might have added.
   * Introduce a `depends_on` on the resource
     `"openstack_compute_floatingip_associate_v2" "master_ext_ip"` in

   ---- depends_on = [openstack_compute_instance_v2.master]

   * Introduce a `depends_on` on the resource `"master_wait_cloudinit"` in

   ---- depends_on = [
     openstack_compute_floatingip_associate_v2.master_ext_ip ]

   * Introduce a `depends_on` on the resources
     `"openstack_compute_floatingip_associate_v2" "worker_ext_ip"` and
     `"null_resource" "worker_wait_cloudinit"` in ``,
     similarly to the ones for master. Replace `master` with `worker` in the
     examples above.
   * Update the resources `resource "openstack_compute_instance_v2" "master"`
     and `resource "openstack_compute_instance_v2" "worker"` with
     `` and `` respectively. Add the
     following resources:

   ---- lifecycle { ignore_changes = [user_data] }

   This will make it possible to update your cluster from a Terraform 0.11
   state into a Terraform 0.12 state without tearing it down completely.

   [WARNING] When adding `lifecycle { ignore_change = [user_data] }` in your
   master and worker instances, you will effectively prevent updates of
   nodes, should you or SUSE update the `user_data`. This should be removed
   as soon as possible after the migration to Terraform 0.12.

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.

Package List:

   - SUSE CaaS Platform 4.0 (x86_64):


   - SUSE CaaS Platform 4.0 (noarch):



More information about the sle-updates mailing list