RHBA-2014:1903 - Bug Fix Advisory

Topic

Red Hat OpenShift Enterprise release 2.2.1 is now available with updates to
packages that fix several bugs and introduce a feature enhancement.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.

This update fixes the following bugs:

• During application or gear restarts, the MongoDB cartridge did not ensure that

users could authenticate to MongoDB prior to reporting a successful connection.
As a result, applications that made use of MongoDB could attempt to connect to
MongoDB before it was finished initializing, causing a "command denied" error.
This bug fix updates the MongoDB cartridge, and now applications that make use
of MongoDB wait until MongoDB is fully initialized before attempting to connect.
After applying this fix, a cartridge upgrade is required. (BZ#1156106)

• Previously, the jenkins-plugin-openshift package did not require the wget

package. When the jenkins-plugin-openshift package was installed using a method
that did not require wget, such as Puppet, this caused the Jenkins plug-in to
fail to retrieve remote resources due to the missing wget package, and Jenkins
builds failed as a result. This bug fix updates the jenkins-plugin-openshift
package to add the wget package as a dependency, and Jenkins builds now trigger
properly regardless of the installation method. (BZ#1161372)

• When Red Hat Enterprise Linux (RHEL) Server 6.6 was released, the ose-upgrade

tool required an update for compatibility with the latest subscription-manager
RPM package. Because the ose-upgrade tool ships with the
openshift-enterprise-release package, adding the dependency in that package
causes problems for administrators that maintain their own stream of RHEL 6.
This bug fix updates the openshift-enterprise-release package to remove the
explicit dependency on the subscription-manager package. As a result, the
ose-upgrade tool now works with all RHEL 6 versions of the subscription-manager
package. (BZ#1163500)

• A race condition existed between destroy-app and configure actions for the

same application. When the configure action timed out in MCollective and the
broker tried to destroy the application, it was possible for artifacts to be
left behind in apache-vhost configuration files. As a result, applications could
become unreachable. This bug fix updates the apache-vhost front-end server
plug-in to verify whether the directory exists before configuring apache-vhost
configuration files, and the artifacts are no longer left behind. (BZ#1157643)

This update also adds the following enhancement:

• Previously in the apache-vhost front-end server plug-in, the

SSLCertificateChainFile setting in the frontend-vhost-https-template.erb file
was set to the same value as the SSLCertificateFile setting. This enhancement
updates the plug-in so that SSLCertificateChainFile is a configurable setting.
As part of this enhancement, the following new configuration parameters have
been added to the /etc/openshift/node.conf file on node hosts, which use the
following default values when undefined:

OPENSHIFT_DEFAULT_SSL_KEY_PATH="/etc/pki/tls/private/localhost.key"
OPENSHIFT_DEFAULT_SSL_CRT_PATH="/etc/pki/tls/certs/localhost.crt"
OPENSHIFT_DEFAULT_SSL_CRT_CHAIN_PATH="/etc/pki/tls/certs/localhost.crt"

(BZ#1160300)

All OpenShift Enterprise users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

See the OpenShift Enterprise 2.2 Release Notes, which will be updated shortly
for release 2.2.1, for important instructions on how to fully apply this
asynchronous errata update:

https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.

Affected Products

• Red Hat OpenShift Enterprise Infrastructure 2.2 x86_64
• Red Hat OpenShift Enterprise Application Node 2.2 x86_64

Fixes

• BZ - 1156106 - MongoDB failed to make an initial connection when the cartridge restarts
• BZ - 1157643 - Race condition between destroy-app and configure leaves broken vhost conf
• BZ - 1160300 - make the default crt/key/chain file to be configurable in vhost template
• BZ - 1161372 - Can not trigger jenkins build due to lack of wget package
• BZ - 1163500 - Remove explicit dependency on RHEL 6.6's subscription-manager package

CVEs

(none)

References

(none)