Announcing Flatcar Container Linux Stable release 2905.2.0, Beta release 2920.1.0, Alpha release 2942.0.0 and LTS-2021 release 2605.18.1

62 views
Skip to first unread message

Flatcar Container Linux User

unread,
Jul 28, 2021, 12:27:14 PM7/28/21
to Flatcar Container Linux User
Hello,

We are pleased to announce a Flatcar Container Linux maintenance release for our LTS-2021 channel, as well as new major releases for our Stable, Beta and Alpha channel.


New Alpha release 2942.0.0

Security Fixes

Bug Fixes

  • Add the systemd tag in udev for Azure storage devices, to fix /boot automount (init#41)

Changes

Updates

Note: Please note that ARM images remain experimental for now.



New Beta release 2920.1.0

Changes since Alpha 2920.0.0

Security Fixes

Updates

Changes since Beta 2905.1.0

Updates


New Stable release 2905.2.0

Changes since Beta 2905.1.0

Security Fixes

Updates

Changes since Stable 2765.2.6

Security Fixes:

Bug Fixes:

Changes

  • Docker: disabled SELinux support in the Docker daemon

  • The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. (baselayout#17)

  • The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. (coreos-overlay#857)

  • toolbox: replace rkt with docker (coreos-overlay#881)

  • flatcar-install: add parameters to make wget more resilient (init#35)

  • flatcar-install: Add -D flag to only download the image file (Flatcar#248)

  • flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag (Flatcar#332)

  • motd: Add OEM information to motd output (init#34)

  • open-iscsi: Command substitution in iscsi-init system service (coreos-overlay#801)

  • sshd: use secure crypto algos only (kinvolk/coreos-overlay#852)

  • kernel: enable kernel config CONFIG_BPF_LSM (kinvolk/coreos-overlay#846)

  • bootengine: set hostname for EC2 and OpenStack from metadata (kinvolk/coreos-overlay#848)

  • Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. (bootengine#23)

  • Enable using iSCSI netroot devices on Flatcar (bootengine#22)

  • systemd-networkd: Do not manage loopback network interface (bootengine#24 init#40)

  • containerd: Removed the containerd-stress binary (coreos-overlay#858)

  • dhcpcd: Removed the dhcpcd binary from the image, systemd-networkd is the only DHCP client (coreos-overlay#858)

  • samba: Update to EAPI=7, add new USE flags and remove deps on icu (kinvolk/coreos-overlay#864)

  • GCE: The oem-gce.service was ported to use systemd-nspawn instead of rkt. A one-time action is required to fetch the new service file because the OEM partition is not updated: sudo curl -s -S -f -L -o /etc/systemd/system/oem-gce.service https://raw.githubusercontent.com/kinvolk/coreos-overlay/fe7b0047ef5b634ebe04c9627bbf1ce3008ee5fa/coreos-base/oem-gce/files/units/oem-gce.service && sudo systemctl daemon-reload && sudo systemctl restart oem-gce.service

  • SDK: update portage and related packages to newer versions (coreos-overlay#840)

  • SDK: Drop jobs parameter in flatcar-scripts (flatcar-scripts#121)

  • SDK: delete Go 1.6 (coreos-overlay#827)

  • Update coreutils and make sure they have split-usr disabled for generic images (coreos-overlay#829)

  • systemd: Fix unit installation (coreos-overlay#810)

Updates

Deprecation

  • docker-1.12, rkt and kubelet-wrapper are deprecated and removed from Stable, also from subsequent channels in the future. Please read the removal announcement to know more


New LTS release 2605.18.1

Security Fixes

Updates


Best,

The Flatcar Container Linux team at Kinvolk

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages