RHBA-2016:0510 - Bug Fix Advisory

Topic

Updated atomic-openshift packages and images that fix a bug are now available for Red Hat OpenShift Enterprise 3.1.

Description

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This update fixes the following bugs:

• Previously, cadvisor was improperly collecting network stats for processes for which it did not need to gather stats, creating potential for increased CPU utilization. This bug fix ensures cadvisor now only collects network stats for relevant processes, and significantly decreased CPU utilization is now observed. (BZ#1314495)
• Persistent volume claims (PVCs) were added to the list of volumes to preserve rather than the actual name of the persistent volume (PV) associated with the PVC. This caused the periodic cleanup process to unmount the volume if a pod utilizing the PVC had not yet entered running state. This bug fix ensures that the actual name of the PV associated with a PVC is used when determining which volumes can be cleaned up, preventing the cleanup process from considering them orphaned. As a result, PVs are no longer unmounted while the pod requiring the volume is starting. (BZ#1318472)
• EBS persistent volume (PV) attachment data cannot be cached reliably. After a persistent volume claim (PVC) was released, it retained a reference to the PVC to which it was bound. This caused volumes that had been detached to not be made available as they should have been. Also, if a PVC was deleted and the PV it was bound to was released, and another claim was created with the same name, it would try to bind the old PV. This bug fix ensures that cached volume attachment data is no longer relied upon and instead each request is checked to mount or unmount an EBS volume. The claim's UID is also now checked when trying to bind a PV based on the claim to ensure that the correct claim matches the correct PV. As a result, EBS volume attachment tasks are much more reliable. (BZ#1313560)

This update includes the following images:

openshift3/node:v3.1.1.6
openshift3/ose:v3.1.1.6

All OpenShift Enterprise 3 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

After ensuring all packages on each host have been updated, restart the atomic-openshift-master service on each master to complete this update.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

The Red Hat Enterprise Linux container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "docker pull" command. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat OpenShift Container Platform 3.1 x86_64

Fixes

• BZ - 1313560 - EBS persistent volume claims fail on re-use
• BZ - 1314495 - Updating to latest RHEL 7.2 Kernel causes higher load with Openshift Node process, time spent in regexp to high.
• BZ - 1318472 - Registry pod doesn't mount persistent volume(NFS) after restarting system

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal