OCPBUGS-947: Rebase openshift/etcd 4.11 onto 3.5.5 #155
Conversation
…ookup" This reverts commit 4f51cc1.
When clients have no permission to perform whatever operation, then the applying may fail. We should also move consistent_index forward in this case, otherwise the consitent_index may smaller than the snapshot index.
…_353 [3.5] Update consitent_index when applying fails
Update crypto to address CVE-2022-27191. The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this change updates to latest.
Update golang.org/x/crypto to latest
we found a lease leak issue: if a new member(by member add) is recovered by snapshot, and then become leader, the lease will never expire afterwards. leader will log the revoke failure caused by "invalid auth token", since the token provider is not functional, and drops all generated token from upper layer, which in this case, is the lease revoking routine.
[backport 3.5]: server/auth: enable tokenProvider if recoved store enables auth
[release-3.5] Test release scripts
This PR removes additional clone when building artifacts. When releasing v3.5.4 this clone was main cause of issues and confusion about what release script is doing. release.sh script already clones repo in /tmp/ directory, so clonning before build is not needed. As precautions for bug in script leaving /tmp/ clone in bad state I moved "Verify the latest commit has the version tag" and added "Verify the clean working tree" to be always run before build.
[release-3.5] scripts: Avoid additional repo clone
The first bug fix is to resolve the race condition between goroutine and channel on the same leases to be revoked. It's a classic mistake in using Golang channel + goroutine. Please refer to https://go.dev/doc/effective_go#channels The second bug fix is to resolve the issue that etcd lessor may continue to schedule checkpoint after stepping down the leader role.
[3.5] Backport two lease related bug fixes to 3.5
The FileReader interface is the wrapper of io.Reader. It provides the fs.FileInfo as well. The FileBufReader struct is the wrapper of bufio.Reader, it also provides fs.FileInfo. Signed-off-by: Benjamin Wang <wachao@vmware.com>
…file Currently the max size of each WAL entry is hard coded as 10MB. If users set a value > 10MB for the flag --max-request-bytes, then etcd may run into a situation that it successfully processes a big request, but fails to decode it when replaying the WAL file on startup. On the other hand, we can't just remove the limitation, because if a WAL entry is somehow corrupted, and its recByte is a huge value, then etcd may run out of memory. So the solution is to restrict the max size of each WAL entry as a dynamic value, which is the remaining size of the WAL file. Signed-off-by: Benjamin Wang <wachao@vmware.com>
[3.5] Restrict the max size of each WAL entry to the remaining size of the WAL file
Cherry pick the PR etcd-io#12992 to 3.5, so please refer to the original PR for more detailed info. Signed-off-by: Benjamin Wang <wachao@vmware.com>
[3.5] client/v3: do not overwrite authTokenBundle on dial
Make sure that WithPrefix correctly set the flag, and add test. Also, add test for WithFromKey. fixes etcd-io#14056 Signed-off-by: Sahdev Zala <spzala@us.ibm.com>
…-#14182-upstream-release-3.5 Automated cherry pick of etcd-io#14182
The golang buildin package `flag` doesn't support `uint32` data type, so we need to support it via the `flag.Var`. Signed-off-by: Benjamin Wang <wachao@vmware.com>
…each client can open at a time Also refer to etcd-io#14169 (comment) Signed-off-by: Benjamin Wang <wachao@vmware.com>
Signed-off-by: Benjamin Wang <wachao@vmware.com>
[3.5] Support configuring `MaxConcurrentStreams` for http2
Signed-off-by: Jille Timmermans <jille@quis.cx>
…er_20220913_3.5 [release-3.5] fix the flaky test TestV3AuthRestartMember
openshift-ci-robot
added
the
jira/valid-bug
|
@tjungblu: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
bugzilla/valid-bug
|
@tjungblu: This pull request references Jira Issue OCPBUGS-947, which is valid. The bug has been moved to the POST state. 6 validation(s) were run on this bug
The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest-required |
|
/payload 4.11 nightly blocking |
|
@tjungblu: trigger 7 job(s) of type blocking for the nightly release of OCP 4.11
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a141ca40-488f-11ed-9818-9f439b196fe6-0 |
|
/retest-required |
|
/approve |
openshift-ci
bot
added
the
approved
|
/retest-required |
1 similar comment
|
/retest-required |
|
/label backport-risk-assessed |
openshift-ci
bot
added
the
backport-risk-assessed
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dusk125, hasbro17, tjungblu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@tjungblu: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@geliu2016 do you have some capacity left to CPA here? |
|
/label cherry-pick-approved |
openshift-ci
bot
added
the
cherry-pick-approved
|
@tjungblu: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-947 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This was rebased with:
same as #144