DriveTrain

DriveTrain

In the MCP 2019.2.4 maintenance update, Mirantis introduces the following enhancements for DriveTrain:

To obtain the enhancements, follow the steps described in Apply maintenance updates.


Ubuntu security updates

Published the following Ubuntu 16.04 security updates:


SaltStack traffic encryption with TLS 1.2

Adjusted the DriveTrain services configuration to use the SaltSatck API encryption with the TLS 1.2 encrypted endpoints used by default in the Reclass system model.


Security updates for Jenkins configuration

Introduced the following enhancements in the Jenkins configuration:

  • Enabled the Cross-Site Request Forgery (CSRF) protection by default.

  • Changed the default access mode in Jenkins to allow only authenticated users to access the Jenkins UI.

    Caution

    This enhancement is applicable to new MCP deployments only.


GlusterFS security improvements

Added the possibility to configure allowed and rejected IP addresses for the GlusterFS volumes. By default, MCP restricts the access to the control network for all preconfigured GlusterFS volumes.


GlusterFS upgrade and update

TECHNICAL PREVIEW

Implemented the automated upgrade and update procedures for GlusterFS to version 5.5. If you do not have any services that run on top of the GlusterFS volumes except the Docker Swarm services, you can use the all-in-one Update GlusterFS pipeline job. Otherwise, upgrade or update the GlusterFS components separately using three dedicated pipeline jobs:

  • Update glusterfs servers

  • Update glusterfs clients

  • Update glusterfs cluster.op-version

Mirantis recommends using three dedicated pipeline jobs instead of the Update GlusterFS one for a more controlled and granular upgrade or update process.

New MCP deployments contain GlusterFS version 5.5 by default.


CVP pipelines

Introduced the following enhancements in the CVP Jenkins pipeline jobs:

  • CPV - Sanity checks:

    • Added new tests to verify the network configurations, mounted file systems.

    • Improved the tests to avoid false positive cases.

    • Improved the tests output for a better issue debugging.

    • Improved the UI tests.

    • Added the capability to select the tests by tag/mark.

    • Added the capability to repull the cvp-sanity-checks Docker image only if needed.

    • Added the full.log file that contains requests and responses to the Salt Master API.

    • Removed the deprecated parameters and added the new ones.

  • CVP - StackLight tests:

    • Added the capability for the job to work in the offline mode using the cvp-sanity-checks Docker image.

    • Removed the deprecated parameters and added the new ones.