Chapter 9. RHBA-2014:1979 - OpenShift Enterprise 2.2.2 Bug Fix and Enhancement Update

Broker

BZ#1168036

When using the routing daemon with an nginx router, requests made to the router at '/' were forwarded to the first configured high-availability application. This was due to a bug in the routing daemon. This bug fix updates the routing daemon to ensure such requests instead return a 404 status, and the requests are no longer incorrectly forwarded.

BZ#1168034

When using the routing daemon with an nginx router, duplicate entries pointing to the same endpoint could be created in the nginx routing configuration. This issue occured when multiple applications with the same name were created under different domains, and was due to a bug in the routing daemon. As a result, "duplicate location" errors were reported when restarting the nginx service. This bug fix updates the routing daemon to no longer create /<app_name> endpoints in the nginx routing configuration. As a result, the nginx service no longer reports these errors when restarting.

BZ#1167707

When using the routing daemon, if the ActiveMQ service is restarted, the routing daemon did not reconnect to ActiveMQ automatically. The openshift-routing-daemon service had to be restarted as a result. This bug fix updates the routing daemon to now attempt to reconnect automatically after losing its ActiveMQ connection, and as a result this scenario no longer requires manual intervention.

BZ#1167625

When multiple hosts were specified with the ACTIVEMQ_HOST parameter in the /etc/openshift/routing-daemon.conf file, the routing daemon failed to start if ports were not specified along with the hosts. This was due to a bug in the routing daemon. This bug fix updates the routing daemon to define the ports for multiple ActiveMQ hosts whether specified with the ACTIVEMQ_HOST parameter or the ACTIVE_MQ_PORT parameter. As a result, the routing daemon now restarts successfully in this scenario.

BZ#1166729

When upgrading from OpenShift Enterprise 2.1 to 2.2, the Management Console was configured for the OpenShift Origin product branding instead of for OpenShift Enterprise. This bug fix updates the upgrade tool to set product branding configuration values properly, and as a result the OpenShift Enterprise branding is now used when upgrading to 2.2.

BZ#1166600

When using the routing daemon, duplicate entries were created in the nginx routing configuration when creating more than one scalable application. This was due to a bug in the routing daemon, and as a result, "duplicate location" errors were reported when restarting the nginx service. This bug fix updates the routing daemon to ensure these duplicate entries are no longer created, and the nginx service no longer reports these errors when restarting.

BZ#1166593

When using the routing daemon with an nginx router, duplicate nginx configuration files were created if a user uploaded a SSL certificate for an existing application alias. This was due to a bug in the routing daemon, and as a result, the application's SSL certificate was marked not trusted and nginx reported "conflicting server name" warnings. This bug fix updates the routing daemon to ensure these duplicate files are no longer created, and the issues no longer occur.

BZ#1166518

The openshift-routing-daemon service requires functions from the ruby-openshift-origin-common package, however the rubygem-openshift-origin-routing-daemon package previously did not have its dependencies set accordingly. As a result, the openshift-routing-daemon service failed to start when the ruby-openshift-origin-common package was not installed. This bug fix updates the rubygem-openshift-origin-routing-daemon package to require the ruby-openshift-origin-common package, and as a result the service starts successfully.

BZ#1165606

The routing plug-in and routing daemon now support SSL connections to ActiveMQ. This allows administrators to encrypt ActiveMQ traffic to provide a higher level of security by enabling SSL connectivity between ActiveMQ and both the routing daemon and the routing plug-in. See the OpenShift Enterprise Deployment Guide for configuration details.

BZ#1158704

Due a bug in the broker's controller library, DNS entries for high-availability applications were not created properly at creation time when using the broker REST API. This was inconsistent with the behavior when creating an application then performing the enable-ha or make-ha action on the existing application. This bug fix updates the controller, as a result the DNS entries are created properly. After applying this update, the openshift-broker service must be restarted.

BZ#1158773

Previously, starting the openshift-routing-daemon service always returned successfully, which could be confusing to administrators under certain conditions. For example, if the routing daemon was configured to use nginx but nginx was not yet installed, the openshift-routing-daemon service would still start successfully, then report "no instances running" when checking the service's status. This was due to a bug in the routing daemon in which the exit code was not reported correctly. This bug fix updates the routing daemon to handle several edge cases, and the service now reports exit codes correctly. After applying this update, the openshift-routing-daemon service must be restarted.

BZ#1159277

Previously, administrators could set the SSL certificate capability for user accounts using the oo-admin-ctl-user tool with the --allowprivatesslcertificates option, but there was no default configuration setting for this capability. This enhancement adds the DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES parameter to the /etc/openshift/broker.conf file on broker hosts. This parameter defaults to "false", but when "true" adds the SSL certificate capability to newly created user accounts. After applying this update, the openshift-broker service must be restarted for any changes to the DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES parameter to take effect.

BZ#1159182

When using the routing daemon with an nginx router, nginx configuration files were created for non-scalable applications. However, these files were not necessary as the routing daemon only routes for scalable applications. In addition, a hard-coded prefix of "ha-" was added to configuration files for scalable applications when they did not have an alias configured, which could cause confusion. This bug fix updates the routing daemon to no longer create nginx configuration files for non-scalable applications. In addition, the /etc/openshift/routing-daemon.conf file now includes the HA_DNS_PREFIX parameter, which allows administrators to define a prefix for scalable applications, if desired. This prefix must match the prefix that is set in the HA_DNS_PREFIX parameter in the /etc/openshift/broker.conf file, as well.

BZ#1160860

Because nginx in Red Hat Software Collections 1.2 has been updated to version 1.6, this enhancement updates the routing daemon configuration defaults for nginx 1.6.

BZ#1155290

Due to a bug in broker gear placement during gear moves, the oo-admin-move command could fail at random by selecting a destination node in a different region than the gear started in. This bug fix updates the oo-admin-move command to filter potential destination nodes correctly by region.

Cartridge

BZ#1136706

The Jenkins cartridge requires that the unzip package be installed on the node host when creating a Jenkins Server application. Attempting to create the application with the unzip package not installed caused the creation to fail. This bug fix updates the Jenkins cartridge package to add the unzip package to its dependencies so that both packages are installed. As a result, creating Jenkins Server applications no longer fails in this way.

BZ#1155766

If a gear hosting the git repository for an application moves to another node, subsequent Jenkins clones will fail. This was due to the Jenkins git SSH wrapper checking Known Hosts. This bug fix updates the related call to remove Known Host checking. Other security methods built in to git provide sufficient protection against tampering. As a result, gears can now be moved freely and Jenkins builds are able to be triggered successfully. After applying this update, a cartridge upgrade is required.

BZ#1153666

An update to Python 2.7 dependencies cause some dependencies using C extensions to not run properly when using the Python 2.7 cartridge, and applications using the cartridge could return an Internal Server Error. This bug fix updates the Python cartridge to set the WSGIApplicationGroupdirective to %{GLOBAL}, which forces a WSGI application to run within the first interpreter. As a result, applications using the cartridge are once again accessible. After applying this update, a cartridge upgrade is required.

BZ#1158851

Due to a bug in the cron cartridge, environment variables were not properly quoted. This could result in variables being set incorrectly when loaded by gear cron jobs. This bug fix updates the cron cartridge script that handles running the jobs, and as a result, variables are now set correctly. After applying this update, a cartridge upgrade is required.

Management Console

BZ#1156605

Previously, after adding a team as a "view" member to a domain, "admin" members for the same domain could not view the team in the Management Console. This bug fix updates the Management Console to address this issue, and as a result "admin" members of a domain can now view teams that are a member of the same domain in the Management Console.

Node

BZ#1161244

Previously, when determining the last access time for a gear, the oo-last-access command did not count access via application aliases. This caused the command to return inaccurate last access information. This bug fix updates the oo-last-access command to also check for access via application aliases, and as a result the command output is now more accurate.

BZ#1161623

Apache vhost configuration creation was not always handled in an atomic manner. In environments with a high number of concurrent front end modifications, invalid configuration files could be created. This bug fix makes Apache vhost configurations  atomic by ensuring that concurrent modifications do not result in broken configuration files. As a result, concurrent application creation, updates, and deletion no longer results in broken Apache vhost configuration files. Additionally, a Watchman plug-in has been added to check for this type of error.

BZ#1163406

Apache vhost definitions for high-availability applications were not created on the second node front end. Requests to the second node host would not be routed to the application, resulting in 404 errors. This bug fix updates the Apache vhost plug-in to ensure definitions are now created for high-availability applications on the second node front end. As a result, requests to the second node host are now routed properly to the application.

BZ#1154763

Previously, the polyinstanciated /tmp directory could be removed by running the "rhc app tidy" command, causing the /tmp directory to no longer function properly. This bug fix updates the pam_openshift module to prevent this command from removing gear /tmp directories. The module also now ensures that permissions are correctly set on gear /tmp directories. After applying this update, the ruby193-mcollective service must be restarted.

BZ#1154063

Previously, attempting to restart a gear from within an SSH session failed with a permission error. This issue was due to the gear restart process using the oo-exec-ruby command, which used the rpm command to check the Ruby version. This bug fix updates the oo-exec-ruby command to use the "/usr/bin/ruby --version" command instead of the rpm command, and as a result gears can now be restarted successfully from within an SSH session.

BZ#1154649

While restoring a snapshot for a JBoss EWS or JBoss EAP application, it was possible for the restoration to time out due to unnecessary content being stored in the snapshot. This bug fix updates the JBoss EWS and JBoss EAP cartridges to ensure that temporary artifacts are no longer snapshotted to save space and time. As a result, the time outs no longer occur. After applying this update, a cartridge upgrade is required.

BZ#1154157

Due to a bug in the broker MCollective plug-in, confusing output was displayed to administrators when running the oo-admin-move command during a gear move. Specifically, the application name was used in output where the gear UUID should have been displayed. This bug fix updates the plug-in to properly display the gear UUID, and the confusing output is no longer displayed. After applying this update, the openshift-broker service must be restarted.

BZ#1162192

A bug in the oo-admin-ctl-gears tool prevented the forcestopgear command from killing all gear processes. As a result, the forcestopgear command could leave processes running. This bug fix updates the oo-admin-ctl-gears to ensure all processes are killed successfully.

BZ#1160562

Restarting the openshift-sni-proxy service did not call the oo-rebuild-haproxy-sni-proxy function, which is required to rebuild the HAProxy configuration. As a result, if SNI proxy plug-in configuration changes had been made, they were not reflected on a service restart. This bug fix updates the SNI proxy plug-in and now a rebuild of the configuration is initiated prior to startup when either starting or restarting the openshift-sni-proxy service.

BZ#1108254

Due to a bug in the node runtime, if a user hit the maximum number of environment variables set, they would no longer be able to update the variables. This bug fix improves error handling, and users can now update environment variables in this scenario. After applying this update, the ruby193-mcollective service must be restarted.