Known issues¶
This section describes the MSR known issues with available workarounds, along with a list of current product limitations:
Note
When malware is present in user images, malware scanners operating on MSR nodes at runtime can wrongly report MSR as a bad actor. If your malware scanner detects any issue in a running instance of MSR, refer to Scan images for vulnerabilities.
MSR on Swarm scaling down failure¶
You may need to perform an emergency repair to run the MSR on Swarm scale command to reduce the number of nodes to which MSR is deployed.
To work around the issue, connect to any node that has the
msr_msr-api-server
container running on it and run the following command:
docker exec -it <id of msr_msr-api-server container> msr db emergency-repair
MSR on Swarm installations can fail on RHEL 9.2¶
Attempting to install MSR on a Swarm cluster running RHEL 9.2 may result in a failure with the following error message:
FATA[0000] installer prerequisite check failed: \
could not detect docker swarm: \
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: \
Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/swarm": \
dial unix /var/run/docker.sock: connect: permission denied
Workaround:
Use the --privileged
flag when installing MSR on a
Swarm cluster that runs on RHEL 9.2, as exemplified below:
docker run \
--rm \
-it \
--privileged \
-v /var/run/docker.sock:/var/run/docker.sock \
-v <path-to-values.yml>:/config/values.yml \
registry.mirantis.com/msr/msr-installer:<msr-version> \
install \
--https_port 8443 \
--http_port 8888
[ENGDTR-2906] Initialization failure¶
Initialization fails when the RethinkDB cluster has an even number of servers.
To work around the issue, set the Helm chart value
rethinkdb.cluster.replicaCount
to an odd number.
[ENGDTR-2623] eNZi configuration changes require manual intervention¶
Changes to eNZi configuration are not live-reloaded.
To work around the issue, restart the *-api
, *-enzi-api
,
*-garant
, and *-registry
Pods every time you change your eNZi
registration using the administrative commands.
Product limitations¶
Integration with MKE authentication is not yet supported.
Client-certificate authentication for MSR users is not currently available.
MSR operators cannot currently specify passwords for the MSR administrators, and the Helm chart configures MSR with a static default password at install.
[ENGDTR-3005] An MSR administrator who is logged in and closes their browser instance does not need to log in again when they open a new browser instance.
[ENGDTR-3003] Enabling Require users to Log In per Tab Session in eNZi for MSR does not result in users being required to reenter their credentials when they open the MSR web UI in a new tab.