Export auth server version for upgrader#34917
Conversation
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
espadolini
left a comment
espadolini
left a comment
There was a problem hiding this comment.
The auth version is never going to change while we are holding a connection to the auth server, and we're holding a connection to the auth server as part of the standard behavior of the inventory control stream; could we just update the auth version whenever that connects, instead of piggybacking onto the upgrade window synchronizer? DownstreamInventoryHello already has the version of the auth server in it.
| return trace.Wrap(err) | ||
| } | ||
|
|
||
| if err := os.WriteFile(e.versionFile(), []byte(version), defaults.FilePermissions); err != nil { |
There was a problem hiding this comment.
@fspmarshall shouldn't this (and the schedule one) be atomic writes? What happens if the upgrader runs right as we're writing the file?
|
Closing in favor of #35150 |
2 participants
Paired with https://github.com/gravitational/teleport.e/pull/2722
Supports https://github.com/gravitational/cloud/issues/6773
Teleport will now export the auth server version:
agent-auth-version./etc/teleport-upgrade.d/versionunit file.This is necessary for the teleport-upgrade script to be able to identify the auth server version, and prevent an upgrade if the target upgrade version is a newer major version than the auth server.