Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net-fs/samba: update to 4.18.4 #1191

Merged
merged 3 commits into from
Oct 2, 2023
Merged

net-fs/samba: update to 4.18.4 #1191

merged 3 commits into from
Oct 2, 2023

Conversation

dongsupark
Copy link
Member

@dongsupark dongsupark commented Sep 26, 2023
edited
Loading

Update net-fs/samba to 4.18.4, mainly to address CVE-2021-44142, CVE-2022-1615.

Based on Gentoo commit 2cecc32967dd.

Apply Flatcar patch based on 7295c3113d2e:

  • Add a minimal USE flag for only installing libraries
  • Change the Perl run-time dep to build-time only
  • Disable building libraries requiring Python
  • Disable building Perl JSON libraries
  • Limit the size of bundled libraries

Fixes flatcar/Flatcar#1184.

Testing done

CI: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/2584/cldsv/

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
  • Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

@dongsupark dongsupark temporarily deployed to development September 26, 2023 07:42 — with GitHub Actions Inactive
@dongsupark dongsupark mentioned this pull request Sep 26, 2023
Merged
1 task
dongsupark and others added 3 commits September 27, 2023 10:56
@dongsupark
overlay net-fs/samba: sync with Gentoo
b2f8324 
Update net-fs/samba to 4.18.4, mainly to address CVE-2021-44142,
CVE-2022-1615.

Gentoo ref: 2cecc32967dd95e8c66ded510b89c8aeaf267f90
@krnowak @dongsupark
net-fs/samba: Apply Flatcar modifications
a5064c2 
  - Add a minimal USE flag for only installing libraries
  - Change the Perl run-time dep to build-time only
  - Disable building libraries requiring Python
  - Disable building Perl JSON libraries
  - Limit the size of bundled libraries

Co-authored-by: Dongsu Park <dpark@linux.microsoft.com>
@dongsupark
changelog: add changelog for samba 4.18.4
8addf0c
@dongsupark dongsupark temporarily deployed to development September 27, 2023 08:57 — with GitHub Actions Inactive
@github-actions
Copy link

Test report for 3739.0.0+nightly-20230926-2100 / amd64 arm64

Platforms tested : qemu_uefi-amd64 qemu_update-amd64 qemu_uefi-arm64 qemu_update-arm64

ok bpf.execsnoop 🟢 Succeeded: qemu_uefi-amd64 (1)

ok bpf.local-gadget 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.basic 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cgroupv1 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cloudinit.basic 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cloudinit.multipart-mime 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cloudinit.script 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid0.data 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid0.root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid1.data 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid1.root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.etcd-member.discovery 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.etcd-member.etcdctlv3 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.etcd-member.v2-backup-restore 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.filesystem 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.flannel.udp 🟢 Succeeded: qemu_uefi-amd64 (1)

ok cl.flannel.vxlan 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.instantiated.enable-unit 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.kargs 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.luks 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.indirect 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.indirect.new 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.regular 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.regular.new 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.reuse 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.wipe 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.symlink 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.translation 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.btrfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.ext4root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.groups 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.once 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.sethostname 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.users 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.xfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.btrfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.ext4root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.users 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.xfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2_1.ext4checkexisting 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2_1.swap 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2_1.vfat 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.install.cloudinit 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.internet 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.locksmith.cluster 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.misc.falco 🟢 Succeeded: qemu_uefi-amd64 (1)

ok cl.network.initramfs.second-boot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.network.listeners 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.network.wireguard 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.omaha.ping 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.osreset.ignition-rerun 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.overlay.cleanup 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.swap_activation 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.sysext.boot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.sysext.fallbackdownload # SKIP 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.toolbox.dnf-install 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.update.badverity 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.update.grubnop 🟢 Succeeded: qemu_uefi-amd64 (1)

ok cl.update.reboot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.users.shells 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.verity 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.auth.verify 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.groups 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.once 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.resource.local 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.resource.remote 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.resource.s3.versioned 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.security.tls 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.sethostname 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.systemd.enable-service 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.locksmith.reboot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.locksmith.tls 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.selinux.boolean 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.selinux.enforce 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.tls.fetch-urls 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.update.badusr 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok devcontainer.docker 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok devcontainer.systemd-nspawn 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.btrfs-storage 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.containerd-restart 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.lib-coreos-dockerd-compat 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.network 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.selinux 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.torcx-manifest-pkgs 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.userns 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.25.10.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.25.10.calico.cgroupv1.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.25.10.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.25.10.cilium.cgroupv1.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.25.10.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.25.10.flannel.cgroupv1.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (3) ❌ Failed: qemu_uefi-arm64 (1, 2)

                Diagnostic output for qemu_uefi-arm64, run 2 
    L1: " Error: _cluster.go:117: I0927 13:44:58.603848    1561 version.go:256] remote version is much newer: v1.28.2; falling back to: stable-1.25"
    L2: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-apiserver:v1.25.14"
    L3: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-controller-manager:v1.25.14"
    L4: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-scheduler:v1.25.14"
    L5: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-proxy:v1.25.14"
    L6: "cluster.go:117: [config/images] Pulled registry.k8s.io/pause:3.8"
    L7: "cluster.go:117: [config/images] Pulled registry.k8s.io/etcd:3.5.6-0"
    L8: "cluster.go:117: [config/images] Pulled registry.k8s.io/coredns/coredns:v1.9.3"
    L9: "cluster.go:117: I0927 13:45:15.282835    1723 version.go:256] remote version is much newer: v1.28.2; falling back to: stable-1.25"
    L10: "cluster.go:117: [init] Using Kubernetes version: v1.25.14"
    L11: "cluster.go:117: [preflight] Running pre-flight checks"
    L12: "cluster.go:117: [preflight] Pulling images required for setting up a Kubernetes cluster"
    L13: "cluster.go:117: [preflight] This might take a minute or two, depending on the speed of your internet connection"
    L14: "cluster.go:117: [preflight] You can also perform this action in beforehand using _kubeadm config images pull_"
    L15: "cluster.go:117: [certs] Using certificateDir folder __/etc/kubernetes/pki__"
    L16: "cluster.go:117: [certs] Generating __ca__ certificate and key"
    L17: "cluster.go:117: [certs] Generating __apiserver__ certificate and key"
    L18: "cluster.go:117: [certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local localhost] and IPs [10.96.0.1 10.0.0.4?]"
    L19: "cluster.go:117: [certs] Generating __apiserver-kubelet-client__ certificate and key"
    L20: "cluster.go:117: [certs] Generating __front-proxy-ca__ certificate and key"
    L21: "cluster.go:117: [certs] Generating __front-proxy-client__ certificate and key"
    L22: "cluster.go:117: [certs] External etcd mode: Skipping etcd/ca certificate authority generation"
    L23: "cluster.go:117: [certs] External etcd mode: Skipping etcd/server certificate generation"
    L24: "cluster.go:117: [certs] External etcd mode: Skipping etcd/peer certificate generation"
    L25: "cluster.go:117: [certs] External etcd mode: Skipping etcd/healthcheck-client certificate generation"
    L26: "cluster.go:117: [certs] External etcd mode: Skipping apiserver-etcd-client certificate generation"
    L27: "cluster.go:117: [certs] Generating __sa__ key and public key"
    L28: "cluster.go:117: [kubeconfig] Using kubeconfig folder __/etc/kubernetes__"
    L29: "cluster.go:117: [kubeconfig] Writing __admin.conf__ kubeconfig file"
    L30: "cluster.go:117: [kubeconfig] Writing __kubelet.conf__ kubeconfig file"
    L31: "cluster.go:117: [kubeconfig] Writing __controller-manager.conf__ kubeconfig file"
    L32: "cluster.go:117: [kubeconfig] Writing __scheduler.conf__ kubeconfig file"
    L33: "cluster.go:117: [kubelet-start] Writing kubelet environment file with flags to file __/var/lib/kubelet/kubeadm-flags.env__"
    L34: "cluster.go:117: [kubelet-start] Writing kubelet configuration to file __/var/lib/kubelet/config.yaml__"
    L35: "cluster.go:117: [kubelet-start] Starting the kubelet"
    L36: "cluster.go:117: [control-plane] Using manifest folder __/etc/kubernetes/manifests__"
    L37: "cluster.go:117: [control-plane] Creating static Pod manifest for __kube-apiserver__"
    L38: "cluster.go:117: [control-plane] Creating static Pod manifest for __kube-controller-manager__"
    L39: "cluster.go:117: [control-plane] Creating static Pod manifest for __kube-scheduler__"
    L40: "cluster.go:117: [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory __/etc/kubernetes/manifests__. This can take up to 30m0s"
    L41: "cluster.go:117: [apiclient] All control plane components are healthy after 6.504785 seconds"
    L42: "cluster.go:117: [upload-config] Storing the configuration used in ConfigMap __kubeadm-config__ in the __kube-system__ Namespace"
    L43: "cluster.go:117: [kubelet] Creating a ConfigMap __kubelet-config__ in namespace kube-system with the configuration for the kubelets in the cluster"
    L44: "cluster.go:117: [upload-certs] Skipping phase. Please see --upload-certs"
    L45: "cluster.go:117: [mark-control-plane] Marking the node localhost as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]"
    L46: "cluster.go:117: [mark-control-plane] Marking the node localhost as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]"
    L47: "cluster.go:117: [bootstrap-token] Using token: sck4d4.3saif60v9lc3jy6g"
    L48: "cluster.go:117: [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles"
    L49: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes"
    L50: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials"
    L51: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token"
    L52: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster"
    L53: "cluster.go:117: [bootstrap-token] Creating the __cluster-info__ ConfigMap in the __kube-public__ namespace"
    L54: "cluster.go:117: [kubelet-finalize] Updating __/etc/kubernetes/kubelet.conf__ to point to a rotatable kubelet client certificate and key"
    L55: "cluster.go:117: [addons] Applied essential addon: CoreDNS"
    L56: "cluster.go:117: [addons] Applied essential addon: kube-proxy"
    L57: "cluster.go:117: "
    L58: "cluster.go:117: Your Kubernetes control-plane has initialized successfully!"
    L59: "cluster.go:117: "
    L60: "cluster.go:117: To start using your cluster, you need to run the following as a regular user:"
    L61: "cluster.go:117: "
    L62: "cluster.go:117:   mkdir -p $HOME/.kube"
    L63: "cluster.go:117:   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config"
    L64: "cluster.go:117:   sudo chown $(id -u):$(id -g) $HOME/.kube/config"
    L65: "cluster.go:117: "
    L66: "cluster.go:117: Alternatively, if you are the root user, you can run:"
    L67: "cluster.go:117: "
    L68: "cluster.go:117:   export KUBECONFIG=/etc/kubernetes/admin.conf"
    L69: "cluster.go:117: "
    L70: "cluster.go:117: You should now deploy a pod network to the cluster."
    L71: "cluster.go:117: Run __kubectl apply -f [podnetwork].yaml__ with one of the options listed at:"
    L72: "cluster.go:117:   https://kubernetes.io/docs/concepts/cluster-administration/addons/"
    L73: "cluster.go:117: "
    L74: "cluster.go:117: Then you can join any number of worker nodes by running the following on each as root:"
    L75: "cluster.go:117: "
    L76: "cluster.go:117: kubeadm join 10.0.0.4:6443 --token sck4d4.3saif60v9lc3jy6g _"
    L77: "cluster.go:117:  --discovery-token-ca-cert-hash sha256:00b88f7e024518ffbf8797b2c7f551a0bdaf6e172150302a11b65f53a80a7628 "
    L78: "cluster.go:117: namespace/kube-flannel created"
    L79: "cluster.go:117: clusterrole.rbac.authorization.k8s.io/flannel created"
    L80: "cluster.go:117: clusterrolebinding.rbac.authorization.k8s.io/flannel created"
    L81: "cluster.go:117: serviceaccount/flannel created"
    L82: "cluster.go:117: configmap/kube-flannel-cfg created"
    L83: "cluster.go:117: daemonset.apps/kube-flannel-ds created"
    L84: "cluster.go:117: Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service ??? /etc/systemd/system/kubelet.service."
    L85: "harness.go:582: Found emergency shell on machine d99c1daf-0868-4007-b73d-58c61afc6578 console"
    L86: "harness.go:582: Found systemd unit failed to start (?[0;1;39mignition-f???es.service?[0m - Ignition (files). ) on machine d99c1daf-0868-4007-b73d-58c61afc6578 console"
    L87: "harness.go:582: Found systemd dependency unit failed to start (?[0;1;39mtorc???te torcx store to satisfy profile. ) on machine d99c1daf-0868-4007-b73d-58c61afc6578 console_"
    L88: " "
                Diagnostic output for qemu_uefi-arm64, run 1 
    L1: "  "
    L2: " Error: _kubeadm.go:281: unable to setup cluster: unable to create master node: machine __5c1f1b0f-349f-4954-84a2-385de25ef34a__ failed to start: ssh journalctl failed: time limit exceeded: dial tcp 10?.0.0.89:22: connect: connection refused"
    L3: "harness.go:582: Found emergency shell on machine 5c1f1b0f-349f-4954-84a2-385de25ef34a console"
    L4: "harness.go:582: Found systemd unit failed to start (?[0;1;39mignition-f???es.service?[0m - Ignition (files). ) on machine 5c1f1b0f-349f-4954-84a2-385de25ef34a console"
    L5: "harness.go:582: Found systemd dependency unit failed to start (?[0;1;39migni???0m - Ignition (record completion). ) on machine 5c1f1b0f-349f-4954-84a2-385de25ef34a console_"
    L6: " "

ok kubeadm.v1.26.5.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.26.5.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.26.5.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (2); qemu_uefi-arm64 (1) ❌ Failed: qemu_uefi-amd64 (1)

                Diagnostic output for qemu_uefi-amd64, run 1 
    L1: " Error: _cluster.go:117: I0927 13:26:14.119461    1521 version.go:256] remote version is much newer: v1.28.2; falling back to: stable-1.27"
    L2: "cluster.go:117: W0927 13:26:14.245298    1521 images.go:80] could not find officially supported version of etcd for Kubernetes v1.27.6, falling back to the nearest etcd version (3.5.7-0)"
    L3: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-apiserver:v1.27.6"
    L4: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-controller-manager:v1.27.6"
    L5: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-scheduler:v1.27.6"
    L6: "cluster.go:117: [config/images] Pulled registry.k8s.io/kube-proxy:v1.27.6"
    L7: "cluster.go:117: [config/images] Pulled registry.k8s.io/pause:3.9"
    L8: "cluster.go:117: [config/images] Pulled registry.k8s.io/etcd:3.5.7-0"
    L9: "cluster.go:117: [config/images] Pulled registry.k8s.io/coredns/coredns:v1.10.1"
    L10: "cluster.go:117: I0927 13:26:24.797326    1678 version.go:256] remote version is much newer: v1.28.2; falling back to: stable-1.27"
    L11: "cluster.go:117: [init] Using Kubernetes version: v1.27.6"
    L12: "cluster.go:117: [preflight] Running pre-flight checks"
    L13: "cluster.go:117: [preflight] Pulling images required for setting up a Kubernetes cluster"
    L14: "cluster.go:117: [preflight] This might take a minute or two, depending on the speed of your internet connection"
    L15: "cluster.go:117: [preflight] You can also perform this action in beforehand using _kubeadm config images pull_"
    L16: "cluster.go:117: W0927 13:26:25.108686    1678 checks.go:835] detected that the sandbox image __registry.k8s.io/pause:3.8__ of the container runtime is inconsistent with that used by kubeadm. It is rec?ommended that using __registry.k8s.io/pause:3.9__ as the CRI sandbox image."
    L17: "cluster.go:117: [certs] Using certificateDir folder __/etc/kubernetes/pki__"
    L18: "cluster.go:117: [certs] Generating __ca__ certificate and key"
    L19: "cluster.go:117: [certs] Generating __apiserver__ certificate and key"
    L20: "cluster.go:117: [certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local localhost] and IPs [10.96.0.1 10.0.0.8?4]"
    L21: "cluster.go:117: [certs] Generating __apiserver-kubelet-client__ certificate and key"
    L22: "cluster.go:117: [certs] Generating __front-proxy-ca__ certificate and key"
    L23: "cluster.go:117: [certs] Generating __front-proxy-client__ certificate and key"
    L24: "cluster.go:117: [certs] External etcd mode: Skipping etcd/ca certificate authority generation"
    L25: "cluster.go:117: [certs] External etcd mode: Skipping etcd/server certificate generation"
    L26: "cluster.go:117: [certs] External etcd mode: Skipping etcd/peer certificate generation"
    L27: "cluster.go:117: [certs] External etcd mode: Skipping etcd/healthcheck-client certificate generation"
    L28: "cluster.go:117: [certs] External etcd mode: Skipping apiserver-etcd-client certificate generation"
    L29: "cluster.go:117: [certs] Generating __sa__ key and public key"
    L30: "cluster.go:117: [kubeconfig] Using kubeconfig folder __/etc/kubernetes__"
    L31: "cluster.go:117: [kubeconfig] Writing __admin.conf__ kubeconfig file"
    L32: "cluster.go:117: [kubeconfig] Writing __kubelet.conf__ kubeconfig file"
    L33: "cluster.go:117: [kubeconfig] Writing __controller-manager.conf__ kubeconfig file"
    L34: "cluster.go:117: [kubeconfig] Writing __scheduler.conf__ kubeconfig file"
    L35: "cluster.go:117: [kubelet-start] Writing kubelet environment file with flags to file __/var/lib/kubelet/kubeadm-flags.env__"
    L36: "cluster.go:117: [kubelet-start] Writing kubelet configuration to file __/var/lib/kubelet/config.yaml__"
    L37: "cluster.go:117: [kubelet-start] Starting the kubelet"
    L38: "cluster.go:117: [control-plane] Using manifest folder __/etc/kubernetes/manifests__"
    L39: "cluster.go:117: [control-plane] Creating static Pod manifest for __kube-apiserver__"
    L40: "cluster.go:117: [control-plane] Creating static Pod manifest for __kube-controller-manager__"
    L41: "cluster.go:117: [control-plane] Creating static Pod manifest for __kube-scheduler__"
    L42: "cluster.go:117: [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory __/etc/kubernetes/manifests__. This can take up to 30m0s"
    L43: "cluster.go:117: [apiclient] All control plane components are healthy after 4.503394 seconds"
    L44: "cluster.go:117: [upload-config] Storing the configuration used in ConfigMap __kubeadm-config__ in the __kube-system__ Namespace"
    L45: "cluster.go:117: [kubelet] Creating a ConfigMap __kubelet-config__ in namespace kube-system with the configuration for the kubelets in the cluster"
    L46: "cluster.go:117: [upload-certs] Skipping phase. Please see --upload-certs"
    L47: "cluster.go:117: [mark-control-plane] Marking the node localhost as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]"
    L48: "cluster.go:117: [mark-control-plane] Marking the node localhost as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]"
    L49: "cluster.go:117: [bootstrap-token] Using token: qru7ox.wzs0gy9edpy84tl6"
    L50: "cluster.go:117: [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles"
    L51: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes"
    L52: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials"
    L53: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token"
    L54: "cluster.go:117: [bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster"
    L55: "cluster.go:117: [bootstrap-token] Creating the __cluster-info__ ConfigMap in the __kube-public__ namespace"
    L56: "cluster.go:117: [kubelet-finalize] Updating __/etc/kubernetes/kubelet.conf__ to point to a rotatable kubelet client certificate and key"
    L57: "cluster.go:117: [addons] Applied essential addon: CoreDNS"
    L58: "cluster.go:117: [addons] Applied essential addon: kube-proxy"
    L59: "cluster.go:117: "
    L60: "cluster.go:117: Your Kubernetes control-plane has initialized successfully!"
    L61: "cluster.go:117: "
    L62: "cluster.go:117: To start using your cluster, you need to run the following as a regular user:"
    L63: "cluster.go:117: "
    L64: "cluster.go:117:   mkdir -p $HOME/.kube"
    L65: "cluster.go:117:   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config"
    L66: "cluster.go:117:   sudo chown $(id -u):$(id -g) $HOME/.kube/config"
    L67: "cluster.go:117: "
    L68: "cluster.go:117: Alternatively, if you are the root user, you can run:"
    L69: "cluster.go:117: "
    L70: "cluster.go:117:   export KUBECONFIG=/etc/kubernetes/admin.conf"
    L71: "cluster.go:117: "
    L72: "cluster.go:117: You should now deploy a pod network to the cluster."
    L73: "cluster.go:117: Run __kubectl apply -f [podnetwork].yaml__ with one of the options listed at:"
    L74: "cluster.go:117:   https://kubernetes.io/docs/concepts/cluster-administration/addons/"
    L75: "cluster.go:117: "
    L76: "cluster.go:117: Then you can join any number of worker nodes by running the following on each as root:"
    L77: "cluster.go:117: "
    L78: "cluster.go:117: kubeadm join 10.0.0.84:6443 --token qru7ox.wzs0gy9edpy84tl6 _"
    L79: "cluster.go:117:  --discovery-token-ca-cert-hash sha256:0a1a735463bae95fee0b7a504bb980dbc35f3ff31ad6fab38ae3516c588d4a8f "
    L80: "cluster.go:117: i  Using Cilium version 1.12.5"
    L81: "cluster.go:117: ? Auto-detected cluster name: kubernetes"
    L82: "cluster.go:117: ? Auto-detected datapath mode: tunnel"
    L83: "cluster.go:117: ? Auto-detected kube-proxy has been installed"
    L84: "cluster.go:117: i  helm template --namespace kube-system cilium cilium/cilium --version 1.12.5 --set cluster.id=0,cluster.name=kubernetes,encryption.nodeEncryption=false,extraConfig.cluster-pool-ipv4-?cidr=192.168.0.0/17,extraConfig.enable-endpoint-routes=true,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vx?lan"
    L85: "cluster.go:117: i  Storing helm values file in kube-system/cilium-cli-helm-values Secret"
    L86: "cluster.go:117: ? Created CA in secret cilium-ca"
    L87: "cluster.go:117: ? Generating certificates for Hubble..."
    L88: "cluster.go:117: ? Creating Service accounts..."
    L89: "cluster.go:117: ? Creating Cluster roles..."
    L90: "cluster.go:117: ? Creating ConfigMap for Cilium version 1.12.5..."
    L91: "cluster.go:117: i  Manual overwrite in ConfigMap: cluster-pool-ipv4-cidr=192.168.0.0/17"
    L92: "cluster.go:117: i  Manual overwrite in ConfigMap: enable-endpoint-routes=true"
    L93: "cluster.go:117: ? Creating Agent DaemonSet..."
    L94: "cluster.go:117: ? Creating Operator Deployment..."
    L95: "cluster.go:117: ? Waiting for Cilium to be installed and ready..."
    L96: "cluster.go:117: ? Cilium was successfully installed! Run _cilium status_ to view installation health"
    L97: "cluster.go:117: ?[33m    /??_"
    L98: "cluster.go:117: ?[36m /???[33m___/?[32m??_?[0m    Cilium:         ?[32mOK?[0m"
    L99: "cluster.go:117: ?[36m ___?[31m/??_?[32m__/?[0m    Operator:       ?[32mOK?[0m"
    L100: "cluster.go:117: ?[32m /???[31m___/?[35m??_?[0m    Hubble:         ?[36mdisabled?[0m"
    L101: "cluster.go:117: ?[32m ___?[34m/??_?[35m__/?[0m    ClusterMesh:    ?[36mdisabled?[0m"
    L102: "cluster.go:117: ?[34m    ___/"
    L103: "cluster.go:117: ?[0m"
    L104: "cluster.go:117: Deployment       cilium-operator    "
    L105: "cluster.go:117: DaemonSet        cilium             "
    L106: "cluster.go:117: Containers:      cilium             "
    L107: "cluster.go:117:                  cilium-operator    "
    L108: "cluster.go:117: Cluster Pods:    0/0 managed by Cilium"
    L109: "cluster.go:117: Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service ??? /etc/systemd/system/kubelet.service."
    L110: "--- FAIL: kubeadm.v1.27.2.cilium.base/node_readiness (91.85s)"
    L111: "kubeadm.go:297: nodes are not ready: ready nodes should be equal to 2: 1_"
    L112: " "
    L113: "  "

ok kubeadm.v1.27.2.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.28.1.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.28.1.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (2) ❌ Failed: qemu_uefi-arm64 (1)

                Diagnostic output for qemu_uefi-arm64, run 1 
    L1: "  "
    L2: " Error: _kubeadm.go:281: unable to setup cluster: unable to create master node: machine __9a70b714-96ae-4978-9de9-bb916ae9bfb1__ failed to start: ssh journalctl failed: time limit exceeded: dial tcp 10?.0.0.35:22: connect: no route to host"
    L3: "harness.go:582: Found emergency shell on machine 9a70b714-96ae-4978-9de9-bb916ae9bfb1 console"
    L4: "harness.go:582: Found systemd unit failed to start (?[0;1;39mignition-f???es.service?[0m - Ignition (files). ) on machine 9a70b714-96ae-4978-9de9-bb916ae9bfb1 console"
    L5: "harness.go:582: Found systemd dependency unit failed to start (?[0;1;39mtorc???te torcx store to satisfy profile. ) on machine 9a70b714-96ae-4978-9de9-bb916ae9bfb1 console_"
    L6: " "

ok kubeadm.v1.28.1.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok linux.nfs.v3 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok linux.nfs.v4 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok linux.ntp 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok packages 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok skipped qemu update tests 🟢 Succeeded: qemu_update-amd64 (1); qemu_update-arm64 (1)

ok systemd.journal.remote 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.journal.user 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.sysext.custom-docker 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.sysext.custom-oem 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.sysext.simple 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.sysusers.gshadow 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok torcx.enable-service 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

@dongsupark dongsupark marked this pull request as ready for review September 27, 2023 15:18
@dongsupark dongsupark requested a review from a team September 27, 2023 15:18
krnowak
krnowak approved these changes Sep 29, 2023
View reviewed changes
Copy link
Member

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for handling it.

@dongsupark dongsupark merged commit 0866b8b into main Oct 2, 2023
7 checks passed
@dongsupark dongsupark deleted the dongsu/samba-4.18 branch October 2, 2023 08:01
@github-actions github-actions bot mentioned this pull request Nov 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krnowak krnowak krnowak approved these changes

Assignees
No one assigned
Labels
main
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

update: samba
2 participants
@dongsupark @krnowak