Upgrading to Terraform 0.12 and fix issues in crio, grafana, kubelet, skuba, and terraform

SUSE Recommended Update: Upgrading to Terraform 0.12 and fix issues in crio, grafana, kubelet, skuba, and terraform
Announcement ID: SUSE-RU-2020:0710-1
Rating: important
References: #1145003 #1157323 #1159082 #1160463 #1161056 #1161110 #1161179 #1161225 #1162093
Affected Products:
  • SUSE CaaS Platform 4.0

An update that has 9 recommended fixes can now be installed.


Upgrade Terraform Files and State
In order to seamlessly switch to Terraform 0.12 you need to make sure that:

  • all files follow the new syntax for the HashiCorp Configuration Language included in Terraform 0.12;
  • all boolean values are `true` or `false` and *not* 0 or 1;
  • all variables are explicitly declared;
  • all dependencies are explicitly declared to reach the expected behavior.

Recommended Procedure
If you can tear down your existing cluster, do delete your cluster before upgrading to Terraform 0.12. After that follow our documentation to create a new cluster. That will lead to the cleanest upgrade result.
If you are using Terraform 0.11 and you cannot tear down your cluster, you will need to update your Terraform files (and states) in place for Terraform 0.12.
To do this, enter your Terraform files/state folder and:
  • Migrate Terraform files with the automatic migration tool by running `terraform 0.12upgrade`.
  • For OpenStack, run the extra operations for in-place upgrade, which follow just below.
  • For VMware, there is no extra operation.
  • You can then run the `terraform init/plan/apply` commands as usual.

Extra Operations for In-place Upgrade of OpenStack Terraform Files
  • Replace any boolean values written as a number with `false`/`true`. For example, for the variables in `openstack/variables.tf` (and their equivalent in your `terraform.tfvars` file), replace `default = 0` with `default = false` in the variables `workers_vol_enabled` and `dnsentry`. Do the same for any extra boolean variable you might have added.
  • Introduce a `depends_on` on the resource `"openstack_compute_floatingip_associate_v2" "master_ext_ip"` in `master-instance.tf`:

---- depends_on = [openstack_compute_instance_v2.master] ----
  • Introduce a `depends_on` on the resource `"master_wait_cloudinit"` in `master-instance.tf`:

---- depends_on = [ openstack_compute_instance_v2.master, openstack_compute_floatingip_associate_v2.master_ext_ip ] ----
  • Introduce a `depends_on` on the resources `"openstack_compute_floatingip_associate_v2" "worker_ext_ip"` and `"null_resource" "worker_wait_cloudinit"` in `worker-instance.tf`, similarly to the ones for master. Replace `master` with `worker` in the examples above.
  • Update the resources `resource "openstack_compute_instance_v2" "master"` and `resource "openstack_compute_instance_v2" "worker"` with `master-instance.tf` and `worker-instance.tf` respectively. Add the following resources:

---- lifecycle { ignore_changes = [user_data] } ----
This will make it possible to update your cluster from a Terraform 0.11 state into a Terraform 0.12 state without tearing it down completely.
[WARNING] When adding `lifecycle { ignore_change = [user_data] }` in your master and worker instances, you will effectively prevent updates of nodes, should you or SUSE update the `user_data`. This should be removed as soon as possible after the migration to Terraform 0.12.

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE CaaS Platform 4.0:
    To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

  • SUSE CaaS Platform 4.0 (x86_64):
    • caasp-release-4.1.2-24.17.2
    • cri-o-1.16.1-3.28.2
    • cri-o-kubeadm-criconfig-1.16.1-3.28.2
    • etcdctl-3.3.15-4.9.2
    • patterns-caasp-Management-1.1-4.6.2
    • skuba-1.2.9-3.27.2
    • terraform-0.12.19-3.3.2
    • terraform-provider-aws-2.29.0-1.3.2
    • terraform-provider-openstack-1.25.0-3.3.2
    • terraform-provider-susepubliccloud-0.0.1-1.6.1
  • SUSE CaaS Platform 4.0 (noarch):
    • skuba-update-1.2.9-3.27.2