New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-15860: [4.12] Rebase openshift/etcd to 3.5.9 #207
OCPBUGS-15860: [4.12] Rebase openshift/etcd to 3.5.9 #207
Conversation
CVE-2021-44716 CVE-2022-27664 Signed-off-by: Benjamin Wang <wachao@vmware.com>
… NOSPACE Signed-off-by: Vaibhav Mehta <mehvaibh@amazon.com>
Signed-off-by: Benjamin Wang <wachao@vmware.com>
In order to fix etcd-io#12385, PR etcd-io#14322 introduced a change in which the client side may retry based on the error message returned from server side. This is not good, as it's too fragile and it's also changed the protocol between client and server. Please see the discussion in kubernetes/kubernetes#114403 Note: The issue etcd-io#12385 only happens when auth is enabled, and client side reuse the same client to watch. So we decided to rollback the change on 3.5, reasons: 1.K8s doesn't enable auth at all. It has no any impact on K8s. 2.It's very easy for client application to workaround the issue. The client just needs to create a new client each time before watching. Signed-off-by: Benjamin Wang <wachao@vmware.com>
Signed-off-by: Benjamin Wang <wachao@vmware.com>
Signed-off-by: Vaibhav Mehta <mehvaibh@amazon.com>
…_20221125 [3.5] etcdserver: intentionally set the memberID as 0 in corruption alarm
Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
clientv3: revert the client side change in 14547
Signed-off-by: Benjamin Wang <wachao@vmware.com>
Backporting etcd-io#14895 Signed-off-by: Benjamin Wang <wachao@vmware.com>
[3.5] Backport: non mutating requests pass through quotaKVServer when NOSPACE
…trivy nightly scan To checkout the corresponding branch in cicd workflow. Specify the correct branch name in each branch. Signed-off-by: zsimon <zsimon@vmware.com>
Add trivy nightly scan for `release-3.5`
Signed-off-by: Benjamin Wang <wachao@vmware.com>
….5_20221206 [3.5] etcdserver: fix nil pointer panic for readonly txn
Command: trivy image --severity CRITICAL gcr.io/etcd-development/etcd:v3.5.6 -f json -o 3.5.6_image_critical.json Signed-off-by: Benjamin Wang <wachao@vmware.com>
…me_for_the_Trivy_Scan_in_release3.5 fix: specify the correct branch name of release-3.5 in workflow for…
Signed-off-by: Benjamin Wang <wachao@vmware.com>
Add empty implementation for reuse port socket option since Solaris does not support SO_REUSEPORT. (cherry picked from commit af626eb) Conflicts: client/pkg/transport/sockopt_unix.go Signed-off-by: Andrew Stormont <andyjstormont@gmail.com>
[3.5] Security: use distroless base image to address critical Vulnerabilities
Signed-off-by: Benjamin Wang <wachao@vmware.com>
client/pkg/v3: fixes Solaris build of transport
Signed-off-by: Benjamin Wang <wachao@vmware.com>
[3.5] Security: address HIGH Vulnerabilities
Signed-off-by: Benjamin Wang <wachao@vmware.com>
3.5: remove the dependency on busybox
Backport etcd-io#15095. When promoting a learner, we need to wait until the leader's applied ID catches up to the commitId. Afterwards, check whether the learner ID exist or not, and return `membership.ErrIDNotFound` directly in the API if the member ID not found, to avoid the request being unnecessarily delivered to raft. Signed-off-by: Benjamin Wang <wachao@vmware.com>
[3.5] Update nsswitch.conf for 3.5
…20230113 [3.5] etcdserver: return membership.ErrIDNotFound when the memberID not found
@tjungblu: This pull request references Jira Issue OCPBUGS-15860, which is valid. The bug has been moved to the POST state. 6 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
Thanks @dusk125 going to leave it soaking in 4.13 for a while, at least until it's the fast channel next week /hold |
/override ci/prow/unit |
@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/unit In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/label cherry-pick-approved
/hold cancel ready to proceed as per https://redhat-internal.slack.com/archives/CB95J6R4N/p1691393773257259 |
/lgtm thanks @tjungblu |
/override ci/prow/unit |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dusk125, Elbehery, geliu2016, tjungblu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/unit In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
it fails on
|
that's OK, because it still runs with the old golang version. Once the container image is reconciled it's going green again. |
/override ci/prow/unit |
@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/unit In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tjungblu: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
9f987a5
into
openshift:openshift-4.12
@tjungblu: Jira Issue OCPBUGS-15860: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-15860 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fix included in accepted release 4.12.0-0.nightly-2023-08-07-235608 |
Essentially what we've done to 4.13, just in one go: