RHBA-2015:2667 - Bug Fix Advisory

Topic

Updated atomic-openshift-utils and openshift-ansible packages are now available that fix several bugs.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This update fixes the following bugs:

• The advanced installation method now allows users to set the node configuration dnsIP value, which is used to specify the IP address of the internal cluster DNS (SkyDNS). This is useful in OpenShift Enterprise 3.0 environments where the master may have multiple IP addresses and you wish to specify which address to use for cluster DNS lookups.

OpenShift Enterprise 3.1 nodes perform DNS lookups via the Kubernetes Service IP ensuring that requests are load balanced across the available masters. As such, nodes generally should not have the dnsIP value set. Users who require setting the dnsIP may now set the Ansible variable openshift_dns_ip. (BZ#1246458)

• The openshift-ansible playbooks previously required setting the system host name. This is no longer necessary as all necessary host names can now be overridden using configuration. (BZ#1275395)
• Custom named certificate files are now copied from local systems to masters instead of requiring that certificates be deployed prior to installation. (BZ#1281255)
• The atomic-openshift-master service no longer fails to start if the names of custom certificate files start with an asterisk. (BZ#1281257)
• The SELinux boolean virt_sandbox_use_fusefs is now turned on during quick and advanced installations, which is required for containers with GlusterFS mounts. (BZ#1282336)
• The uninstall playbook now correctly removes all atomic-openshift-master-api, atomic-openshift-master-controllers, and atomic-openshift-node configuration files. (BZ#1282370)
• The advanced installation method's configuration option openshift_master_named_certificates did not properly set the correct path when installing provided certificates on your masters. This error has been corrected. (BZ#1283004)
• The "Host Configuration" text during a quick installation has been improved to provide more clear guidance on the step that follows. (BZ#1284085)
• Quick installations now default to OpenShift Enterprise 3.1 instead of 3.0 as the target variant, which can be easily overridden during the interactive installation process. (BZ#1284088)
• The atomic-openshift-installer tool previously generated an unattended installation file which was unusable when the administrator provided a pre-configured load balancer. This error has been corrected. (BZ#1287977)
• When installing Pacemaker-based highly-available (HA) masters, the cluster password was not set properly. This error has been corrected. (BZ#1288481)
• Quick and advanced installations previously deployed ImageStream content that was only compatible with OpenShift Enterprise 3.1 when installing OpenShift Enterprise 3.0 environments. This error has been corrected and OpenShift Enterprise 3.0 installations now receive the proper ImageStream content. (BZ#1289043)

All OpenShift Enterprise 3 users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:

# yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

• Red Hat OpenShift Container Platform 3.1 x86_64

Fixes

• BZ - 1246458 - Need an option in ansible hosts to set node's dnsIP in node yaml config file to an external IP or empty
• BZ - 1275395 - openshift-ansible currently sets the system hostname unnecessarily
• BZ - 1281255 - The ansible playbook should copy custom certificate files to the master machines
• BZ - 1281257 - Fail to start master service if the names of certificate begin with "*"
• BZ - 1282336 - Ansible installer needs to turn on selinux boolean 'virt_sandbox_use_fusefs'
• BZ - 1282370 - The uninstall playbook should remove the master api and controllers configuration
• BZ - 1283004 - ansible should change the ca filepath if certificate contains 'names' key
• BZ - 1284085 - atomic-openshift-installer Host Configuration text is confusing
• BZ - 1284088 - atomic-openshift-installer - version 3.0 selected as default installation target
• BZ - 1287977 - Incorrect check output from atomic-openshift-installer when working with preconfigured load balancer
• BZ - 1288481 - pacemaker master HA can not set up due to "Set the cluster user password" is skipped.
• BZ - 1289043 - unable to get ImageStream images because installer is downloading ImageStream json file for 3.1 version

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal