Issues resolutions requiring manual application

Issues resolutions requiring manual application

Note

Before proceeding with the manual steps below, verify that you have performed the steps described in Apply maintenance updates.


[32133] HAProxy status is down for aptly-public in online deployments

Fixed the issue with the aptly endpoint being enabled in HAProxy on the CI/CD nodes even if the cluster has no aptly node (in online deployments) and causing HAProxy to report that the aptly-public endpoint is in the DOWN state.

To apply the issue resolution:

  1. Log in to the Salt Master node.

  2. In classes/cluster/<cluster_name>/cicd/control/init.yml, remove or comment out the following class:

    classes:
      ...
      - system.haproxy.proxy.listen.cicd.aptly
      ...
    
  3. Refresh pillars:

    salt -C 'I@jenkins:client and I@haproxy:proxy' saltutil.refresh_pillar
    
  4. Apply the changes to HAProxy on the CI/CD nodes:

    salt -C 'I@jenkins:client and I@haproxy:proxy' state.apply haproxy.proxy
    

[29769] Loss of access to the Salt Master node

Added a helper to update the time stamp of the last password change to avoid issues with lost access to the Salt Master node. Due to CIS 5.4.1.1, the Salt Master node password expiration is set to maximum 90 days with a subsequent access lock if the password is not updated. As a result, if the user does not update the password, even if PasswordAuthentication is disabled, access to the Salt Master node may be lost. To apply the issue resolution, perform the steps described in MCP Deployment Guide: Modify Salt Master password expiration.