Release v1.6.11

    • rancher/server:v1.6.10
    • rancher/agent:v1.2.6
    • rancher/lb-service-haproxy:v0.7.9
    • rancher-v0.6.4
    • Docker 1.12.3-1.12.6
    • Docker 1.13.1
    • Docker 17.03.0-ce/ee
    • Docker 17.06.0-ce/ee

    Rancher Server Tags

    Rancher server has 2 different tags. For each major release tag, we will provide documentation for the specific version.- tag will be our latest development builds. These builds will have been validated through our CI automation framework. These releases are not meant for deployment in production.- rancher/server:stable tag will be our latest stable release builds. This tag is the version that we recommend for production.

    Please do not the releases with a rc{n} suffix. These rc builds are meant for the Rancher team to test out builds.

    Important - Upgrade

    • Users on a version prior to Rancher v1.5.0: We will automatically upgrade the network-services infrastructure stack as without this upgrade, your release will not work.

    Note on Rollback: If you are rolling back and have authentication enabled using Active Directory, any new users/groups added to site access on the Access Control page after the upgrade will not be retained upon rolling back. Any users added before the upgrade will continue to remain. [#9850]

    Due to this new check, you should be aware that if the hostname/IP does not match your TLS certificate, you will be locked out of your Rancher server if you do not correct this prior to upgrading. To ensure you have no issues with the upgrade, please execute the following to verify your configuration is correct.

    • Verify the hostname/IP you used for your AD configuration. To do this, log into Rancher using a web browser as an admin and click Admin -> Access Control. Note the server field to determine your configured hostname/IP for your AD server.
    • To verify your the configure hostname/IP for your TLS cert, you can execute the following command to determine the CN attribute:openssl s_client -showcerts -connect domain.example.com:443You should see something like:subject=/OU=Domain Control Validated/CN=domain.example.comVerify that the CN attribute matches with your configured server field from the above step.If the fields match, you are good to go. Nothing else is required.

    If the fields do not match, please execute the following steps to correct it.

    • Open a web browser and go to Rancher’s URL. This can be done by logging into Rancher as an admin and click API->Keys. You should see an Endpoint (v2-beta) field. Take the value of that field and append /settings. The final URL should look something like my.rancher.url:8080/v2-beta/settings. Launch this URL in your browser and you should see Rancher’s API browser.
    • Search for api.auth.ldap.server and click that setting to edit it. On the top right, you should be able to click an edit button. Change the value of that to match the hostname/IP of the value found in your cert as identified by the CN attribute and click Show Request->Send Request to persist the value into Rancher’s DB. The response should show your new value.Once this is completed and the hostname/IP matches your certs’ CN attribute, you should have no issues with AD login after upgrading to 1.6.8.

    Enhancements

    Known Major Issues

    • Kubernetes Users with a auth protected private registry: Add-on starter is unable to pull the pause-amd64:3.0 image, which causes add-ons to not start. Workaround: If the pause-amd64:3.0 image is pre-pulled onto the hosts, then add-ons will be able to start as expected. [#9790]
    • Fixed an issue with AD authentication where users cannot configure AD auth if login domain is used as prefix for test username [#9889]

    Rancher CLI Downloads

    Rancher-Compose Downloads

    https://github.com/rancher/rancher-compose/releases/tag/v0.12.5