Announcing new Alpha release 3165.0.0, Beta release 3139.1.0, Stable release 3033.2.3, LTS-2605 release 2605.26.1

32 views
Skip to first unread message

Flatcar Container Linux User

unread,
Mar 7, 2022, 12:16:37 PM3/7/22
to Flatcar Container Linux User

Hello,
We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable, and LTS-2605 channel.

New Alpha Release 3165.0.0

Changes since Alpha 3139.0.0

Security fixesBug fixes
  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances (coreos-overlay#1628)
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
  • Added auditd.service but left it disabled by default, a custom configuration can be created by removing /etc/audit/auditd.conf and replacing it with an own file (coreos-overlay#1636)
Changes
  • The systemd-networkd ManageForeignRoutes and ManageForeignRoutingPolicyRules settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under /etc/systemd/networkd.conf.d/ because drop-in files take precedence over /etc/systemd/networkd.conf (init#61)
  • Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. (coreos-overlay#1664)
  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
  • Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.
Updates

New Beta Release 3139.1.0

Changes since Alpha 3139.0.0

Security fixesBug fixes
  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
Changes
  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
Updates

Changes since Beta 3066.1.2

Security fixesBug fixes
  • Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (init#55)
  • Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail (bootengine#33)
  • network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting (init#51, coreos-cloudinit#12, bootengine#30)
  • flatcar-update: Stopped checking for the USER environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional sudo invocation (init#58)
  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
Changes
  • Update-engine now creates the /run/reboot-required flag file for kured (update_engine#15)
  • Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference (init#56)
  • Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config (coreos-overlay#1524)
  • Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in grub.cfg (check it taking effect with cat /proc/sys/crypto/fips_enabled) (coreos-overlay#1602)
  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
  • Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)
Updates

New Stable Release 3033.2.3

Changes since Stable 3033.2.2

Security fixesBug fixes
  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
Updates

New LTS-2605 Release 2605.26.1

Changes since LTS 2605.25.1

Security fixesUpdates

Best,
The Flatcar Container Linux Maintainers

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages