In the MCP 2019.2.4 maintenance update, Mirantis introduces the following enhancements for DriveTrain:
To obtain the enhancements, follow the steps described in Apply maintenance updates.
Published the following Ubuntu 16.04 security updates:
linux-image-generic-hwe-16.04 4.15.0.50.71:
Adjusted the DriveTrain services configuration to use the SaltSatck API encryption with the TLS 1.2 encrypted endpoints used by default in the Reclass system model.
Introduced the following enhancements in the Jenkins configuration:
Enabled the Cross-Site Request Forgery (CSRF) protection by default.
Changed the default access mode in Jenkins to allow only authenticated users to access the Jenkins UI.
Caution
This enhancement is applicable to new MCP deployments only.
Added the possibility to configure allowed and rejected IP addresses for the GlusterFS volumes. By default, MCP restricts the access to the control network for all preconfigured GlusterFS volumes.
Learn more
MCP Operations Guide: Configure allowed and rejected IP addresses for the GlusterFS volumes
TECHNICAL PREVIEW
Implemented the automated upgrade and update procedures for GlusterFS to version 5.5. If you do not have any services that run on top of the GlusterFS volumes except the Docker Swarm services, you can use the all-in-one Update GlusterFS pipeline job. Otherwise, upgrade or update the GlusterFS components separately using three dedicated pipeline jobs:
Mirantis recommends using three dedicated pipeline jobs instead of the Update GlusterFS one for a more controlled and granular upgrade or update process.
New MCP deployments contain GlusterFS version 5.5 by default.
Introduced the following enhancements in the CVP Jenkins pipeline jobs:
cvp-sanity-checks Docker image only
if needed.full.log file that contains requests and responses to the
Salt Master API.cvp-sanity-checks Docker image.