From 797db421ebe4fd44760f5afb5080651f2fd7e8a7 Mon Sep 17 00:00:00 2001 From: Kristal Dale Date: Fri, 10 Jan 2020 17:07:12 -0800 Subject: [PATCH] Add known limitation to R3 release notes Add known limitatoins section to R3 release notes to address the known issue with changing the Keystone admin pwd, and the known workaround. Change-Id: I2c048f5cbea82a9f251c50a8f43fa8a4349a7fc9 Signed-off-by: Kristal Dale --- doc/source/releasenotes/r3_release.rst | 47 ++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/doc/source/releasenotes/r3_release.rst b/doc/source/releasenotes/r3_release.rst index 00321bc6c..d511520c2 100644 --- a/doc/source/releasenotes/r3_release.rst +++ b/doc/source/releasenotes/r3_release.rst @@ -96,3 +96,50 @@ StoryBoard entries for the features. `2005860, `_ `2006347 `_ + +------------------------- +Known limitations in R3.0 +------------------------- + +The following are known limitations in the StarlingX R3.0 release. Workarounds +are suggested where applicable. Note that these limitations are considered +temporary and will likely be resolved in a future release. + +******************************** +Changing Keystone admin password +******************************** + +After the Keystone admin password is changed, kube-system namespace registry +secrets must be manually updated. +Tracking Launchpad: https://bugs.launchpad.net/starlingx/+bug/1853017 + +It is recommended that the Keystone admin password not be changed unless necessary. + +**Workaround:** If you must update the WRCP's Keystone admin user password in R3.0, +you must also manually update the kube-system namespace's registry secrets that +hold the admin password for image pulls: + +#. Update the WRCP Keystone admin user password: + + :: + + openstack user set --password newP@ssw0rd admin + +#. Update the kube-system namespace's `registry-local-secret` secret: + + :: + + kubectl -n kube-system create secret docker-registry registry-local-secret --docker-server=registry.local:9001 --docker-username=admin --docker-password=newP@ssw0rd -o yaml --dry-run=true > registry-local-secret-update.yaml + kubectl -n kube-system replace secret registry-local-secret -f registry-local-secret-update.yaml + +#. Update the kube-system namespace's `default-registry-key` secret: + + :: + + kubectl -n kube-system create secret docker-registry default-registry-key --docker-server=registry.local:9001 --docker-username=admin --docker-password=newP@ssw0rd -o yaml --dry-run=true > default-registry-key-update.yaml + kubectl -n kube-system replace secret default-registry-key -f default-registry-key-update.yaml + +In a distributed cloud deployment, the registry secrets must also be updated on +all subclouds in the system. + +