Minio - RELEASE.2024-04-18T19-09-19Z

Upgrading for LDAP enabled setups

If you are not using the MinIO server's LDAP integration, please follow the usual upgrade instructions.

Release version RELEASE.2024-03-30T09-41-56Z brought a change to LDAP user and group policy mappings storage where the Distinguished Name (DN) of a user or group is stored in a normalized form. This normalization was necessary to ensure consistent handling of values with non-ASCII unicode characaters in a DN. However, this broke existing deployments with LDAP integration enabled, especially for existing mappings because older releases did not store them in a normalized form. The main way to restore mappings in that release and in release version RELEASE.2024-04-06T05-26-02Z was to recreate the mappings - however this was not sufficient to restore operation of access keys (aka service accounts) created by LDAP users.

This release provides a fix for this - however user action is required. Please follow these steps:

  1. In your existing MinIO cluster export all IAM data as an administrator with:

mc admin cluster iam export ALIAS

This will output a zip file containing IAM data (credentials, policies and policy mappings) in JSON format.

  1. Upgrade your cluster to the current release following the usual upgrade instructions.

  2. Now import the IAM data with:

mc admin cluster iam import ALIAS /path/to/zipfile

providing the path to the zip file from step 1.

For most deployments this should be enough to migrate the IAM policy mappings on LDAP users into the right format.

In some setups there may be duplicate mappings for the same user or group DN but with casing/normalization differences. In these cases, step 3 will return an error describing the conflicting mapping as the server cannot determine the right mapping to use. To fix this error, unzip the exported zip file, open the appropriate mapping file (either iam-assets/stsuser_mappings.json or iam-assets/group_mappings.json). Both these files have a simple JSON structure - they are JSON objects with DN strings as keys and the values are JSON objects. Remove the conflicting DN keys from this file, zip it again and run step 3 once more.

What's Changed

  • fix: add fallbackDisks for disk healing by @harshavardhana in https://github.com/minio/minio/pull/19425
  • fix: increase the tiering part size to 128MiB by @harshavardhana in https://github.com/minio/minio/pull/19424
  • heal: Add more per disk healing result in the audit by @vadmeste in https://github.com/minio/minio/pull/19427
  • batch-repl: Do not allow both source/target to be remote by @vadmeste in https://github.com/minio/minio/pull/19434
  • Allow setting readOnlyRootFilesystem in securityContext by @AlexanderThaller in https://github.com/minio/minio/pull/19437
  • Add a warning when the total size of an object versions exceeds 1 TiB by @vadmeste in https://github.com/minio/minio/pull/19435
  • make if-none-match PUT/POST RFC compliant by @harshavardhana in https://github.com/minio/minio/pull/19448
  • fix: unknow contentType for ArchiveFileHandler by @jiuker in https://github.com/minio/minio/pull/19451
  • fix: noHost for collectLocalMetric by @jiuker in https://github.com/minio/minio/pull/19457
  • doc: add Content-Type to s3zip by @jiuker in https://github.com/minio/minio/pull/19455
  • Allow specifying the local server with env variable _MINIO_SERVER_LOCAL by @allanrogerr in https://github.com/minio/minio/pull/19453
  • handle missing LDAP normalization in SetPolicy() API by @harshavardhana in https://github.com/minio/minio/pull/19465
  • avoid busy loops in bad path component by @harshavardhana in https://github.com/minio/minio/pull/19466
  • allow protection from invalid config values by @harshavardhana in https://github.com/minio/minio/pull/19460
  • fix CopyObject with replace overwriting inline status by @poornas in https://github.com/minio/minio/pull/19468
  • Updated Console UI to v1.2.0 by @bexsoft in https://github.com/minio/minio/pull/19467
  • update versioning tests to cover CopyObject() by @harshavardhana in https://github.com/minio/minio/pull/19472
  • remove SetDiskLoc() rely on the endpoint values instead by @harshavardhana in https://github.com/minio/minio/pull/19475
  • Add drive metrics in metrics-v3 by @anjalshireesh in https://github.com/minio/minio/pull/19452
  • remove permission denied error for being drive error by @harshavardhana in https://github.com/minio/minio/pull/19478
  • Inspect: Add error if no results by @klauspost in https://github.com/minio/minio/pull/19476
  • simplify common functions in replication by @harshavardhana in https://github.com/minio/minio/pull/19480
  • Fix some CI warnings by @donatello in https://github.com/minio/minio/pull/19482
  • Correct sample for node scrape configuration by @shtripat in https://github.com/minio/minio/pull/19491
  • fix: close sessionPolicyFile in the sts-assume-role example by @testwill in https://github.com/minio/minio/pull/19428
  • fix: list operations resuming when hitting different node by @klauspost in https://github.com/minio/minio/pull/19494
  • Keep an up-to-date copy of the KMS master key by @allanrogerr in https://github.com/minio/minio/pull/19492
  • remove older deploymentID fix behavior to speed up startup by @harshavardhana in https://github.com/minio/minio/pull/19497
  • code clean for dynamicSleeper by @jiuker in https://github.com/minio/minio/pull/19499
  • ILM expiry replication status only if enabled by @shtripat in https://github.com/minio/minio/pull/19503
  • convert multipart-cleanup from a blocking unlink() to a rename to trash by @harshavardhana in https://github.com/minio/minio/pull/19495
  • removed hardcoded datasource uid by @mawatech in https://github.com/minio/minio/pull/19477
  • fix: ListObjectVersions returning duplicates when resuming with null version id by @klauspost in https://github.com/minio/minio/pull/19518
  • Use pkg helper to allow default MINIO_KMS_KEY_CACHE_INTERVAL as a time.Duration by @allanrogerr in https://github.com/minio/minio/pull/19512
  • update all deps regular cadence by @harshavardhana in https://github.com/minio/minio/pull/19523
  • At server init, use the correct context when creating the KMS Master Key by @allanrogerr in https://github.com/minio/minio/pull/19526
  • ftp: Return current time for prefixes/directories by @klauspost in https://github.com/minio/minio/pull/19519
  • Improve typos configuration by @szepeviktor in https://github.com/minio/minio/pull/19489
  • allow detaching any non-normalized DN by @harshavardhana in https://github.com/minio/minio/pull/19525
  • reload from drive tier-config when in-memory cache is not found by @harshavardhana in https://github.com/minio/minio/pull/19527
  • Add system memory metrics in v3 by @anjalshireesh in https://github.com/minio/minio/pull/19486
  • Add cluster audit metrics in metrics-v3 by @anjalshireesh in https://github.com/minio/minio/pull/19514
  • list: Fix rare listing continuation freeze by @vadmeste in https://github.com/minio/minio/pull/19524
  • ldap: Normalize DNs when importing by @donatello in https://github.com/minio/minio/pull/19528
  • add ftp example for to helm's values.yaml extraArgs field by @jiuker in https://github.com/minio/minio/pull/19541
  • fix: ldap: avoid unnecessary import errors by @donatello in https://github.com/minio/minio/pull/19547

New Contributors

  • @mawatech made their first contribution in https://github.com/minio/minio/pull/19477
  • @szepeviktor made their first contribution in https://github.com/minio/minio/pull/19489

Full Changelog: https://github.com/minio/minio/compare/RELEASE.2024-04-06T05-26-02Z...RELEASE.2024-04-18T19-09-19Z

Details

date
April 18, 2024, 9:23 p.m.
name
Bug fix Release
type
Unknown
official page
https://github.com/minio/minio/releases/tag/RELEASE.2024-04-18T19-09-19Z
👇
Register or login to:
  • 🔍View and search all Minio releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or