- Issued:
- 2015-10-01
- Updated:
- 2015-10-01
RHBA-2015:1854 - Bug Fix Advisory
Synopsis
Red Hat OpenShift Enterprise bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated release of Red Hat OpenShift Enterprise 3.0.2.0 is now available with updates to packages that fix several bugs.
Description
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This update fixes the following bugs:
- If the HTTP_PROXY environment variable was set, the `oc exec` and `oc port-forward` commands would previously fail. This was due to the SPDY implementation used by these commands, which did not support HTTP proxies. This bug fix updates the implementation to support HTTP proxies, and as a result these failures no longer occur. (BZ#1241045)
- When upgrading from OpenShift Enterprise 3.0.2, if the upgrade documentation was not followed completely, adding the networkConfig.serviceNetworkCIDR parameter to the master configuration would prohibit the master from starting. This bug fix updates the master so that the service subnet defined in the kubernetesMasterConfig stanza is used if networkConfig.serviceNetworkCIDR is not set. As a result, the master now starts as expected in either scenario. (BZ#1266155)
- If a client certificate was specified for the CLI without also specifying the server's CA, the system-trusted CAs were not used, causing CLI commands to fail. This bug fix updates the CLI to default to the system-trusted CAs if no certificate authority data is available for the server. As a result, CLI commands no longer fail for this reason. (BZ#1266144)
- Previously, upgrading an OpenShift server without using "oadm policy reconcile-cluster-roles" would cause Subject Access Review API calls from older clients to be denied due to a lack of API backwards compatibility. This would most commonly occur when using an older docker-registry image against a master that has been upgraded to OpenShift Enterprise 3.0.2. This bug fix restores backwards compatibility allowing older API clients to work with OpenShift Enterprise 3.0.2 without requiring policy reconciliation. (BZ#1266150)
All OpenShift Enterprise 3 users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
https://docs.openshift.com/enterprise/3.0/install_config/upgrades.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.0.0.0 x86_64
Fixes
- BZ - 1241045 - oc exec does not work over a proxy
- BZ - 1266144 - System CAs are not respected
- BZ - 1266150 - Backwards compatibility policy issue in 3.0.2
- BZ - 1266155 - Master fails to start if networkConfig.serviceNetworkCIDR is unset
CVEs
(none)
Red Hat OpenShift Container Platform 3.0.0.0
SRPM | |
---|---|
openshift-3.0.2.0-0.git.16.4d626fe.el7ose.src.rpm | SHA-256: d122b8a53a590a7ab589d9dc9c413be2ac07da857a10a36534e6ada148145516 |
x86_64 | |
openshift-3.0.2.0-0.git.16.4d626fe.el7ose.x86_64.rpm | SHA-256: 10e27b98327df02ef2bad17f225c865ae2f19eb92468cf088e560df88e3b617f |
openshift-clients-3.0.2.0-0.git.16.4d626fe.el7ose.x86_64.rpm | SHA-256: 7ef15cff86dfa29337003414198de82e6742342c83396226a75793917c8b11f5 |
openshift-master-3.0.2.0-0.git.16.4d626fe.el7ose.x86_64.rpm | SHA-256: 8bf664a8dca4759459522666a3790f735d091d14899ecc443dc8a3534ae3a28f |
openshift-node-3.0.2.0-0.git.16.4d626fe.el7ose.x86_64.rpm | SHA-256: 1ac1401b1d04ae3b569bdb7e053c1f8f634ba5264bdef7f2947df25b59cb8cb0 |
openshift-sdn-ovs-3.0.2.0-0.git.16.4d626fe.el7ose.x86_64.rpm | SHA-256: dd27ca7c36d9fd1e8ad48d6f088b650bc8c4728f55d461caf95d69efdc834414 |
tuned-profiles-openshift-node-3.0.2.0-0.git.16.4d626fe.el7ose.x86_64.rpm | SHA-256: ea79bbe83832c1ad345230a18546224d4f404e55dff3b6c9f39496310cc06678 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.