From 2be079d2c79c4d1444a41bf76c45bc6132e7392b Mon Sep 17 00:00:00 2001 From: peng9808 Date: Tue, 29 Oct 2024 17:58:28 +0800 Subject: [PATCH] update drbd v0.4.3 and fix some CRITICAL vulnerabilities Signed-off-by: peng9808 Signed-off-by: peng9808 --- api/v1alpha1/cluster_types.go | 1 - api/v1alpha1/zz_generated.deepcopy.go | 5 --- config/crd/bases/hwameistor.io_clusters.yaml | 9 ----- config/samples/hwameistor.io_hmcluster.yaml | 3 -- helm/operator/.relok8s-images.yaml | 15 ++++---- .../operator/templates/hwameistorcluster.yaml | 5 +-- helm/operator/values.yaml | 7 +--- pkg/install/drbd/drbd_adapter.go | 10 ++--- pkg/install/localstorage/localstorage.go | 37 +------------------ test/e2e/sample.yaml | 3 -- 10 files changed, 17 insertions(+), 78 deletions(-) diff --git a/api/v1alpha1/cluster_types.go b/api/v1alpha1/cluster_types.go index 0d40b1ce..47f25925 100644 --- a/api/v1alpha1/cluster_types.go +++ b/api/v1alpha1/cluster_types.go @@ -137,7 +137,6 @@ type LocalStorageSpec struct { type MemberSpec struct { DRBDStartPort int `json:"drbdStartPort,omitempty"` MaxHAVolumeCount int `json:"maxHAVolumeCount,omitempty"` - RcloneImage *ImageSpec `json:"rcloneImage,omitempty"` JuicesyncImage *ImageSpec `json:"juicesyncImage,omitempty"` HostPathSSHDir string `json:"hostPathSSHDir,omitempty"` HostPathDRBDDir string `json:"hostPathDRBDDir,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index dff35949..d373666c 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1011,11 +1011,6 @@ func (in *LocalStorageStatus) DeepCopy() *LocalStorageStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MemberSpec) DeepCopyInto(out *MemberSpec) { *out = *in - if in.RcloneImage != nil { - in, out := &in.RcloneImage, &out.RcloneImage - *out = new(ImageSpec) - **out = **in - } if in.JuicesyncImage != nil { in, out := &in.JuicesyncImage, &out.JuicesyncImage *out = new(ImageSpec) diff --git a/config/crd/bases/hwameistor.io_clusters.yaml b/config/crd/bases/hwameistor.io_clusters.yaml index 903d9bb8..44748b6b 100644 --- a/config/crd/bases/hwameistor.io_clusters.yaml +++ b/config/crd/bases/hwameistor.io_clusters.yaml @@ -9040,15 +9040,6 @@ spec: type: object maxHAVolumeCount: type: integer - rcloneImage: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - type: object resources: description: ResourceRequirements describes the compute resource requirements. diff --git a/config/samples/hwameistor.io_hmcluster.yaml b/config/samples/hwameistor.io_hmcluster.yaml index 8c29fa35..bce3ff90 100644 --- a/config/samples/hwameistor.io_hmcluster.yaml +++ b/config/samples/hwameistor.io_hmcluster.yaml @@ -41,9 +41,6 @@ spec: registry: "ghcr.m.daocloud.io" repository: "hwameistor/local-storage" tag: "v0.9.2" - rcloneImage: - repository: "rclone/rclone" - tag: "1.53.2" tolerationOnMaster: true localDiskManager: kubeletRootDir: "/var/lib/kubelet" diff --git a/helm/operator/.relok8s-images.yaml b/helm/operator/.relok8s-images.yaml index ea8789da..852f2165 100644 --- a/helm/operator/.relok8s-images.yaml +++ b/helm/operator/.relok8s-images.yaml @@ -7,7 +7,6 @@ - "{{ .global.k8sImageRegistry }}/{{ .localDiskManager.csi.attacher.imageRepository }}:{{ .localDiskManager.csi.attacher.tag }}" - "{{ .global.k8sImageRegistry }}/{{ .localStorage.csi.registrar.imageRepository }}:{{ .localStorage.csi.registrar.tag }}" - "{{ .global.hwameistorImageRegistry }}/{{ .localStorage.member.imageRepository }}:{{ .localStorage.member.tag }}" -- "{{ .localStorage.migrate.rclone.imageRepository }}:{{ .localStorage.migrate.rclone.tag }}" - "{{ .global.hwameistorImageRegistry }}/{{ .localStorage.migrate.juicesync.imageRepository }}:{{ .localStorage.migrate.juicesync.tag }}" - "{{ .global.k8sImageRegistry }}/{{ .localStorage.csi.provisioner.imageRepository }}:{{ .localStorage.csi.provisioner.tag }}" - "{{ .global.k8sImageRegistry }}/{{ .localStorage.csi.attacher.imageRepository }}:{{ .localStorage.csi.attacher.tag }}" @@ -24,13 +23,13 @@ - "{{ .global.hwameistorImageRegistry }}/{{ .ui.imageRepository }}:{{ .ui.tag }}" - "{{ .global.hwameistorImageRegistry }}/{{ .operator.imageRepository }}:{{ .operator.tag }}" - "{{ .global.hwameistorImageRegistry }}/{{ .preHookJob.imageRepository }}:{{ .preHookJob.tag }}" -- "{{ .global.hwameistorImageRegistry }}/{{ .ha.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" -- "{{ .global.hwameistorImageRegistry }}/{{ .drbdRhel7.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" -- "{{ .global.hwameistorImageRegistry }}/{{ .drbdRhel8.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" -- "{{ .global.hwameistorImageRegistry }}/{{ .drbdRhel9.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" -- "{{ .global.hwameistorImageRegistry }}/{{ .drbdKylin10.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" -- "{{ .global.hwameistorImageRegistry }}/{{ .drbdBionic.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" -- "{{ .global.hwameistorImageRegistry }}/{{ .drbdFocal.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.2" +- "{{ .global.hwameistorImageRegistry }}/{{ .ha.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" +- "{{ .global.hwameistorImageRegistry }}/{{ .drbdRhel7.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" +- "{{ .global.hwameistorImageRegistry }}/{{ .drbdRhel8.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" +- "{{ .global.hwameistorImageRegistry }}/{{ .drbdRhel9.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" +- "{{ .global.hwameistorImageRegistry }}/{{ .drbdKylin10.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" +- "{{ .global.hwameistorImageRegistry }}/{{ .drbdBionic.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" +- "{{ .global.hwameistorImageRegistry }}/{{ .drbdFocal.imageRepository }}:{{ .ha.drbdVersion }}_v0.4.3" - "{{ .global.hwameistorImageRegistry }}/{{ .dataLoadManager.imageRepository }}:{{ .dataLoadManager.tag }}" - "{{ .global.hwameistorImageRegistry }}/{{ .dataSetManager.imageRepository }}:{{ .dataSetManager.tag }}" - "{{ .global.hwameistorImageRegistry }}/{{ .dataLoadInit.imageRepository }}:{{ .dataLoadInit.tag }}" diff --git a/helm/operator/templates/hwameistorcluster.yaml b/helm/operator/templates/hwameistorcluster.yaml index b3c6564d..9b5e7667 100644 --- a/helm/operator/templates/hwameistorcluster.yaml +++ b/helm/operator/templates/hwameistorcluster.yaml @@ -112,9 +112,6 @@ spec: tag: {{ template "hwameistor.localStorageImageTag" . }} resources: {{- toYaml .Values.localStorage.member.resources | nindent 8 }} - rcloneImage: - repository: {{ $.Values.localStorage.migrate.rclone.imageRepository }} - tag: {{ $.Values.localStorage.migrate.rclone.tag }} juicesyncImage: registry: {{ $.Values.global.hwameistorImageRegistry }} repository: {{ $.Values.localStorage.migrate.juicesync.imageRepository }} @@ -252,7 +249,7 @@ spec: operator: DoesNotExist - key: node-role.kubernetes.io/control-plane operator: DoesNotExist - chartVersion: "v0.4.2" + chartVersion: "v0.4.3" storageClass: allowVolumeExpansion: {{ $.Values.storageClass.allowVolumeExpansion }} reclaimPolicy: {{ $.Values.storageClass.reclaimPolicy }} diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index 440ce9f3..cfe2789e 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -65,9 +65,6 @@ localStorage: imageRepository: sig-storage/csi-snapshotter tag: v6.0.0 migrate: - rclone: - imageRepository: rclone/rclone - tag: 1.53.2 juicesync: imageRepository: hwameistor/hwameistor-juicesync tag: v1.0.4-01 @@ -147,7 +144,7 @@ ha: deployOnMaster: "yes" imageRepository: hwameistor/drbd9-shipper drbdVersion: v9.0.32-1 - shipperChar: v0.4.2 + shipperChar: v0.4.3 drbdRhel7: imageRepository: hwameistor/drbd9-rhel7 @@ -211,4 +208,4 @@ storageClass: preHookJob: imageRepository: dtzar/helm-kubectl - tag: 3.9 \ No newline at end of file + tag: 3.16 \ No newline at end of file diff --git a/pkg/install/drbd/drbd_adapter.go b/pkg/install/drbd/drbd_adapter.go index 48ec5f57..8ff3dbfd 100644 --- a/pkg/install/drbd/drbd_adapter.go +++ b/pkg/install/drbd/drbd_adapter.go @@ -22,7 +22,7 @@ var defaultImageRegistry = "ghcr.io" var defaultShipperRepository = "hwameistor/drbd9-shipper" var defaultImagePullPolicy = "IfNotPresent" var defaultDRBDVersion = "v9.0.32-1" -var defaultShipperChar = "v0.4.2" +var defaultShipperChar = "v0.4.3" var defaultDRBDUpgrade = "no" var defaultCheckHostName = "no" var defaultUseAffinity = "no" @@ -40,7 +40,7 @@ var defaultNodeSelectTerms = []corev1.NodeSelectorTerm{ }, }, } -var defaultChartVersion = "v0.4.2" +var defaultChartVersion = "v0.4.3" var distroRegexMap = map[string]string{ "(red hat enterprise|centos|almalinux|rocky linux) .*?7(\\.|\\s|$)": "rhel7", @@ -424,9 +424,9 @@ func GetDistro(node *corev1.Node) (string, bool) { if matched { distro = v } - if distro == "jammy" { - tag = "v9.1.11" - } + //if distro == "jammy" { + // tag = "v9.1.11" + //} } if distro == "unsupported" { return distro, false diff --git a/pkg/install/localstorage/localstorage.go b/pkg/install/localstorage/localstorage.go index c4ee5488..2a3a5681 100644 --- a/pkg/install/localstorage/localstorage.go +++ b/pkg/install/localstorage/localstorage.go @@ -38,11 +38,9 @@ var defaultLSDaemonsetImageTag = install.DefaultHwameistorVersion var defaultLSDaemonsetCSIRegistrarImageRegistry = "k8s-gcr.m.daocloud.io" var defaultLSDaemonsetCSIRegistrarImageRepository = "sig-storage/csi-node-driver-registrar" var defaultLSDaemonsetCSIRegistrarImageTag = "v2.5.0" -var defaultRCloneImageRepository = "rclone/rclone" -var defaultRCloneImageTag = "1.53.2" var memberContainerName = "member" var registrarContainerName = "registrar" -var rcloneEnvName = "MIGRAGE_RCLONE_IMAGE" + var juicesyncEnvName = "MIGRAGE_JUICESYNC_IMAGE" var lsDaemonSetTemplate = appsv1.DaemonSet{ @@ -395,13 +393,7 @@ func setLSDaemonSetContainers(clusterInstance *hwameistoriov1alpha1.Cluster, lsD Name: "CSI_ENDPOINT", Value: "unix:/" + clusterInstance.Spec.LocalStorage.KubeletRootDir + "/plugins/lvm.hwameistor.io/csi.sock", }) - // rcloneImageSpec := clusterInstance.Spec.LocalStorage.Member.RcloneImage - container.Env = append(container.Env, corev1.EnvVar{ - Name: rcloneEnvName, - // Value: rcloneImageSpec.Registry + "/" + rcloneImageSpec.Repository + ":" + rcloneImageSpec.Tag, - // Value: rcloneImageSpec.Repository + ":" + rcloneImageSpec.Tag, - Value: getRcloneEnvFromClusterInstance(clusterInstance), - }) + container.Env = append(container.Env, corev1.EnvVar{ Name: juicesyncEnvName, Value: getJuicesyncEnvFromClusterInstance(clusterInstance), @@ -442,11 +434,6 @@ func getLSContainerRegistrarImageStringFromClusterInstance(clusterInstance *hwam return imageSpec.Registry + "/" + imageSpec.Repository + ":" + imageSpec.Tag } -func getRcloneEnvFromClusterInstance(clusterInstance *hwameistoriov1alpha1.Cluster) string { - rcloneImage := clusterInstance.Spec.LocalStorage.Member.RcloneImage - return rcloneImage.Repository + ":" + rcloneImage.Tag -} - func getJuicesyncEnvFromClusterInstance(clusterInstance *hwameistoriov1alpha1.Cluster) string { juicesyncImage := clusterInstance.Spec.LocalStorage.Member.JuicesyncImage return juicesyncImage.Registry + "/" + juicesyncImage.Repository + ":" + juicesyncImage.Tag @@ -460,17 +447,6 @@ func needOrNotToUpdateLSDaemonset(cluster *hwameistoriov1alpha1.Cluster, gotten if container.Name == memberContainerName { var containerModified bool - wantedRcloneEnv := getRcloneEnvFromClusterInstance(cluster) - for i, env := range container.Env { - if env.Name == rcloneEnvName { - if env.Value != wantedRcloneEnv { - env.Value = wantedRcloneEnv - container.Env[i] = env - containerModified = true - } - } - } - wantedJuicesyncEnv := getJuicesyncEnvFromClusterInstance(cluster) juicesyncEnvNotFound := true for i, env := range container.Env { @@ -647,15 +623,6 @@ func FulfillLSDaemonsetSpec(clusterInstance *hwameistoriov1alpha1.Cluster) *hwam if clusterInstance.Spec.LocalStorage.Member.Image.Tag == "" { clusterInstance.Spec.LocalStorage.Member.Image.Tag = defaultLSDaemonsetImageTag } - if clusterInstance.Spec.LocalStorage.Member.RcloneImage == nil { - clusterInstance.Spec.LocalStorage.Member.RcloneImage = &hwameistoriov1alpha1.ImageSpec{} - } - if clusterInstance.Spec.LocalStorage.Member.RcloneImage.Repository == "" { - clusterInstance.Spec.LocalStorage.Member.RcloneImage.Repository = defaultRCloneImageRepository - } - if clusterInstance.Spec.LocalStorage.Member.RcloneImage.Tag == "" { - clusterInstance.Spec.LocalStorage.Member.RcloneImage.Tag = defaultRCloneImageTag - } if clusterInstance.Spec.LocalStorage.CSI == nil { clusterInstance.Spec.LocalStorage.CSI = &hwameistoriov1alpha1.CSISpec{} } diff --git a/test/e2e/sample.yaml b/test/e2e/sample.yaml index b6fc83ab..87862499 100644 --- a/test/e2e/sample.yaml +++ b/test/e2e/sample.yaml @@ -41,9 +41,6 @@ spec: registry: "ghcr.m.daocloud.io" repository: "hwameistor/local-storage" tag: "v0.9.2" - rcloneImage: - repository: "rclone/rclone" - tag: "1.53.2" tolerationOnMaster: true localDiskManager: kubeletRootDir: "/var/lib/kubelet"