-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2.0.0-rc1 issue tracker #161
Comments
Not new bug but #158 (comment) should be fixed. And because AppArmor is now enabled by default and moby/swarmkit#3152 was recently merged it probably make sense to wait a bit to see if we can have user Docker version with that feature. |
For me this 2.0 RC1 is not working it boots up and says has network but then nothing happens (no terminal). Not sure if it is because I have some ping and network mounts in the config. Booting to beta7 and it works again. Also logging in with ssh gives access denied so looks like not complete config is loaded. Thx @olljanat. Forcing the console upgrade did work :) So maybe also update changelog that this is also need for beta users. |
@toussii Haven't actually tested upgrade from beta but I would assume that it needs same trick to force console upgrade as it is mentioned in release notes when upgrading from 1.9.x Afaiu it is that system-docker rename and changes related to it which caused need for this extra step. |
I noticed that ssh-audit reports that our SSH hardednings os/images/02-console/sshd_config.append.tpl Lines 16 to 23 in 615b3d4
are not good enough with today's standards. Scan log: burmillaos-v2.0.0-rc1-ssh-audit.log Ubuntu guide: https://www.ssh-audit.com/hardening_guides.html#ubuntu_20_04_lts EDIT: In additionally it would be good to include needed packages for MFA support to console https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview EDIT2: Perhaps we should also look https://github.com/a13xp0p0v/kernel-hardening-checker |
For some reason console contains now |
I still was not able to boot v2.0.0-rc1 on UEFI-enabled VM under Proxmox. My host installation is a bit outdated, so I will report again after updating it. |
Unfortunately direct UEFI support (tracker issue #8) didn't make it 2.0 versions because of huge amount of refactoring + testing needed by it and lack of contributors. However, you still can build your own Proxmox image with UEFI support with those workaround scripts linked to that issue and use that to deploy multiple servers. |
Mine is a VM from a proxmox Environment, Can i upgrade from the VM with no issue? |
Issue 1, the instructions for upgrade should probably clarify the last command needs to be run later (after reboot?) |
Issue 2, after restarting, running the final command and restarting again user land docker is still failing
|
@dwaite are you still able to boot to old version and share
Thanks, this is exactly type of issue which I want catch before marking it RTM. However we need a bit more in information about starting point and issue you see in here? |
Yep, exactly what I did, although oops didn't realize I needed to also force the console again to downgrade. hostname: xx.example.com
rancher:
cloud_init:
datasources:
- digitalocean
console: default
docker:
engine: docker-20.10.23
tls: true
environment:
EXTRA_CMDLINE: /init
force_console_rebuild: false
network:
dns:
nameservers:
- 1.1.1.1
- 8.8.8.8
interfaces:
eth0:
addresses:
- 1.2.3.4/20
- 1.2.3.4/16
- 2600:0000:0000:0000:0000:0000:0000:0001/64
gateway: 1.2.3.1
gateway_ipv6: 2600:a880:0000:0000:0000:0000:0000:0001
ipv4ll: true
eth1:
addresses:
- 1.2.3.4/16
gateway: 1.2.3.1
resize_device: /dev/vda
services:
console:
labels:
- io.docker.compose.rebuild=always
- io.rancher.os.after=network
- io.rancher.os.console=default
- io.rancher.os.scope=system
services_include:
docker-compose: true
state:
dev: LABEL=RANCHER_STATE
wait: true
upgrade:
url: https://raw.githubusercontent.com/burmilla/releases/v2.0.x/releases.yml
ssh_authorized_keys:
- ecdsa-sha2-nistp256 AAAA label
- ssh-ed25519 AAAA label
Ahh, when I see console commands I review then paste. After the second line the system processes then prompts for reboot, so I assume the third line needs to be set after reboot. |
Using |
@olljanat anything else I can do to help with the user docker issue on upgrade? |
It is not technically hard to solve but more about the question how we want to do it. Check out voting in #150 (comment) |
Also, I noticed the login user name is |
@gramian for clarification. This is issue tracker for new issues in 2.0.0-rc1 compared to 1.9.x versions. UEFI mode is not supported, issue tracker in #8 Documentation is based on RancherOS together with some search&replace so there definitely is issues which are waiting for fixing. You can find documentation tagged issues from https://github.com/burmilla/os/issues?q=is%3Aopen+is%3Aissue+label%3Adocumentation and contribute to documentation on https://github.com/burmilla/burmilla.github.io |
@olljanat I am sorry, I did not look close enough. |
FYI, v2.0.0-rc2 is now released. I do not solve upgrade challenge yet but fixes #161 (comment) and #161 (comment) All changes are visible in 8a9e14f |
For os-docker on v2.0.0-rc2 (and probably earlier v2.0.0 branches), rancher.docker.graph has been deprecated since engine 23. See https://docs.docker.com/engine/deprecated/#-g-and---graph-flags-on-dockerd. If rancher.docker.graph is defined in cloud-config, then os-docker won't start, and error 125s out with unknown option --graph for dockerd. The option should now be named data-root, and add start option --data-root to dockerd. I can get os-docker to start by removing this option in cloud-config, but then my defined volumes, networks, images, and containers no longer appear. |
Yeah so basically Line 135 in 8a9e14f
Line 174 in 8a9e14f
and needs to be updated. Most likely in way that we keep support for Workaround to this is use |
Right, this is how I worked around this for os-docker. Note, system-docker also needs to be updated. Currently, it's just warning |
Also, runcmd appears to be executed twice on boot. |
Last update to this one. I see that there is some new people here which is nice. However, v2.0.0 release version is very late from original target #148 so for now we need just accept that all bugs cannot be fixed so I will now just handle those which are easy and skip others. Please, create on issue for each bugs which you see in future and preferably with info if those are new bugs in v2.x versions or if they exists already in v1.9.x. However some comments to what was discussed earlier:
I'm quite sure that it is old issue and not critical so will just skip it.
True because graph have been deprecated for years but it does not matter because system-docker is stuck in customized version of 17.06 #28 Will update config parameter for user Docker. When it comes to console upgrade bug. Renaming system-docker to system-engine which was part of v2.0.0-rc1 caused more issues than solved so will just downgrade back to old version. Other why v2.0.0 should be same than rc2, just with newer packages. |
Report all new issues seen with v2.0.0-rc1 version to here.
The text was updated successfully, but these errors were encountered: