Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-15 14:46:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes-salt" Fri Jun 15 14:46:36 2018 rev:26 rq:616508 version:4.0.0+git_r837_d08a652 Changes: -------- --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-08 23:16:54.876923710 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-15 14:46:38.635532904 +0200 @@ -1,0 +2,68 @@ +Wed Jun 13 09:24:18 UTC 2018 - containers-bui...@suse.de + +- Commit a4480ed by Alvaro Saurin alvaro.sau...@gmail.com + Do not set the `bootstrap_complete` flag in all the nodes: do it only in the + nodes that had some role assigned. Remove the `bootstrap_in_progress` even if + the orchestration fails. Fixed typo in target. + + bsc#1094078 + + +------------------------------------------------------------------- +Wed Jun 13 09:22:07 UTC 2018 - containers-bui...@suse.de + +- Commit cf5b83b by Rafael Fernández López eresli...@ereslibre.es + Remove mine information when removing a node + + This will avoid to render stale information about critical components, like + `etcd` endpoints in the `etcd` configuration. + + `etcd` is very sensitive to this kind of misleading (stale) information, if + more endpoints are provided in `ETCD_INITIAL_CLUSTER` than the ones that + actually exist in the cluster, a new instance of etcd will refuse to start. + + Fixes: bsc#1097001 Fixes: bsc#1097147 + + +------------------------------------------------------------------- +Mon Jun 11 14:17:04 UTC 2018 - containers-bui...@suse.de + +- Commit 23ce1f2 by Rafael Fernández López eresli...@ereslibre.es + Force `etc-hosts` sls to be run before `etcd` + + Before the real update orchestration happens we are updating etcd + certificates, so this machine isn't left isolated. However, in this process, + the configuration for etcd might refer to the new machine names if this + happens during the upgrade of 2.0 to 3.0. This might leave the etcd instances + in a state in which they cannot resolve other etcd peer names (because their + `/etc/hosts` file is outdated). + + In order to prevent this, force the `etc-hosts` sls to be run before we + execute the `etcd` sls, so we are sure that `/etc/hosts` will contain both + the old and the new names during the upgrade, and etcd will be able to refer + to other peers using the new hostnames. + + Fixes: bsc#1096750 + + +------------------------------------------------------------------- +Mon Jun 11 11:57:40 UTC 2018 - containers-bui...@suse.de + +- Commit ec6238c by Rafael Fernández López eresli...@ereslibre.es + Also stop `kubelet` on masters when performing an upgrade + + If some important change lands between Kubernetes updates, it might happen + that since we don't disable the `kubelet` service on the master nodes, when + the machine gets rebooted, `systemd` will try to start the + `kubelet` service, failing in a burst mode. + + This will prevent our salt states from trying to start it again, because the + service will be in a failed state. Stop the service and disable it on the + masters too when we are performing an upgrade, this way we are sure that + we'll try to start and enable it when we have performed the required changes + for it to succeed. + + Fixes: bsc#1096768 + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubernetes-salt.spec ++++++ --- /var/tmp/diff_new_pack.6eD1eR/_old 2018-06-15 14:46:39.323507738 +0200 +++ /var/tmp/diff_new_pack.6eD1eR/_new 2018-06-15 14:46:39.331507445 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version: 4.0.0+git_r829_b3f572e +Version: 4.0.0+git_r837_d08a652 Release: 0 BuildArch: noarch Summary: Production-Grade Container Scheduling and Management ++++++ master.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/force-removal.sls new/salt-master/salt/orch/force-removal.sls --- old/salt-master/salt/orch/force-removal.sls 2018-06-06 15:44:49.000000000 +0200 +++ new/salt-master/salt/orch/force-removal.sls 2018-06-13 11:25:22.000000000 +0200 @@ -39,6 +39,12 @@ - kwarg: destructive: True +remove-target-mine: + salt.function: + - tgt: {{ target }} + - name: mine.flush + - fail_minions: {{ target }} + remove-target-salt-key: salt.wheel: - name: key.reject diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/kubernetes.sls new/salt-master/salt/orch/kubernetes.sls --- old/salt-master/salt/orch/kubernetes.sls 2018-06-06 15:44:49.000000000 +0200 +++ new/salt-master/salt/orch/kubernetes.sls 2018-06-13 11:25:22.000000000 +0200 @@ -12,10 +12,11 @@ {%- set additional_etcd_members = salt.caasp_etcd.get_additional_etcd_members(num_wanted=num_etcd_members, etcd_members=etcd_members) %} -# Ensure the node is marked as bootstrapping +# Ensure all the nodes are marked with a 'bootstrap_in_progress' flag set-bootstrap-in-progress-flag: salt.function: - - tgt: '*' + - tgt: 'roles:(ca|admin|kube-master|kube-minion|etcd)' + - tgt_type: grain_pcre - name: grains.setval - arg: - bootstrap_in_progress @@ -77,7 +78,7 @@ disable-rebootmgr: salt.state: - - tgt: 'roles:(admin|kube-master|minion|etcd)' + - tgt: 'roles:(admin|kube-master|kube-minion|etcd)' - tgt_type: grain_pcre - sls: - rebootmgr @@ -232,11 +233,12 @@ - require: - super-master-wait-for-services -# This flag indicates at least one bootstrap has completed at some -# point in time on this node. +# Set the bootstrap complete in all the nodes where we really succeeded +# (if `admin-wait-for-services` fails, we will not set the flag) set-bootstrap-complete-flag: salt.function: - - tgt: '*' + - tgt: 'bootstrap_in_progress:true' + - tgt_type: grain - name: grains.setval - arg: - bootstrap_complete @@ -244,14 +246,14 @@ - require: - admin-wait-for-services -# Ensure the node is marked as finished bootstrapping +# Ensure we remove the bootstrap_in_progress in all the nodes where it was set +# NOTE: we must remove this flag even if the orchestration fails clear-bootstrap-in-progress-flag: salt.function: - - tgt: '*' + - tgt: 'bootstrap_in_progress:true' + - tgt_type: grain - name: grains.delval - arg: - bootstrap_in_progress - kwarg: destructive: True - - require: - - set-bootstrap-complete-flag diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/removal.sls new/salt-master/salt/orch/removal.sls --- old/salt-master/salt/orch/removal.sls 2018-06-06 15:44:49.000000000 +0200 +++ new/salt-master/salt/orch/removal.sls 2018-06-13 11:25:22.000000000 +0200 @@ -271,6 +271,14 @@ - require: - shutdown-target +# remove target information from the mine +remove-target-mine: + salt.function: + - tgt: '{{ target }}' + - name: mine.flush + - require: + - remove-from-cluster-in-super-master + # remove the Salt key and the mine for the target remove-target-salt-key: salt.wheel: @@ -278,10 +286,10 @@ - include_accepted: True - match: {{ target }} - require: - - remove-from-cluster-in-super-master + - remove-target-mine # remove target's data in the Salt Master's cache -remove-target-mine: +remove-target-mine-cache: salt.runner: - name: cache.clear_all - tgt: '{{ target }}' @@ -316,7 +324,7 @@ - saltutil.clear_cache - mine.update - require: - - remove-target-mine + - remove-target-mine-cache update-modules-after-removal: salt.function: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/update.sls new/salt-master/salt/orch/update.sls --- old/salt-master/salt/orch/update.sls 2018-06-06 15:44:49.000000000 +0200 +++ new/salt-master/salt/orch/update.sls 2018-06-13 11:25:22.000000000 +0200 @@ -131,11 +131,16 @@ # # Let's force etcd to refresh certificates on all machines, restarting the etcd service so we can # continue with the upgrade, as certificates will be valid for the old and the new SAN. +# +# We run the etc-hosts sls to make the machines refresh their references first (including old CaaSP +# 2.0 and 3.0 naming). This way, etcd will be able to work with both namings during the upgrade +# process. etcd-setup: salt.state: - tgt: '{{ is_etcd_tgt }}' - tgt_type: compound - sls: + - etc-hosts - etcd - batch: 1 - require: @@ -151,6 +156,7 @@ - tgt: '{{ master_id }}' - sls: - container-feeder.stop + - kubelet.stop - kube-apiserver.stop - kube-controller-manager.stop - kube-scheduler.stop