Note
Before proceeding with the manual steps below, verify that you have performed the steps described in Apply maintenance updates.
Fixed the following Ubuntu security issues:
To apply the fixes, perform the steps described in Mirantis Technical Bulletin.
Implemented the possibility to configure the cluster model of a new MCP deployment to download Debian packages, Git mirrors, VM images, or any files required for cluster deployment from a secured HTTP/HTTPS server that can be accessible through login credentials. Such functionality may be required for offline installations when internal mirrors are secured.
The deployment engineer can define the user ID and password encrypted parameters in the cluster Reclass model and use them in URLs to access the required sources. For example:
parameters:
_param:
secured_source_username: <ENCRYPTED_USERNAME>
secured_source_password: <ENCRYPTED_PASSWORD>
linux:
system:
repo:
repo-example:
source: "deb http://${_param:secured_source_username}:${_param:secured_source_password}@example.com/ubuntu xenial main"
Previously, the source parameter was not able to decrypt values for
the login credentials during the APT mirrors configuration that led to
a deployment failure. In MCP 2019.2.5, each Salt state using sources from
any HTTP/HTTPS secured server has been updated with specific parameters that
enables the deployment engineer to set the secured source properties.