RHBA-2016:1983 - Bug Fix Advisory

Topic

Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs are now available for OpenShift Container Platform 3.3.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.

This update fixes the following bugs:

• When Network Manager restarts, it resets the net.ipv4.ip_forward parameter, which can cause OpenShift Container Platform to lose certain functionality. This bug fix updates the installer to set the sysctl parameter at the system level now, and as a result Network Manager restarts no longer interfere with the installation process. (BZ#1372388)
• Previously, the quick installer asked the user which product version to install because the installer handled multiple versions. This bug fix updates the installer to be specific to the version of OpenShift being installed, and as a result users are no longer asked which version they want to install. (BZ#1336271)
• The installer previously checked for service presence by looking for "LoadState=not-found" in the output of `systemctl show` however systemd updates in RHEL 7.3 now return an error rather than output. The installer has been updated to accommodate this behavior change ensuring that installations on RHEL 7.3 work properly. (BZ#1378337)
• If the openshift_builddefaults_no_proxy Ansible variable had been set, it previously was not converted into a list, resulting in a broken master configuration file. With this bug fix, the variable is now converted to a list, ensuring that the master configuration generated for builddefaults is properly defined. (BZ#1353461)
• Previously, the installer did not configure proxy settings for the node service. In some cases, this is required for the node service to communicate with the cloud provider, which would have prevented the node from starting properly. This bug fix updates the installer to configure proxy settings for the node service, ensuring the node can communicate with the cloud API when a proxy is required to do so. (BZ#1375723)
• The scaleup playbook previously utilized the credentials of the Ansible user without ensuring that the user was a cluster administrator. With this bug fix, the scaleup playbook now ensures that the cluster administrator login is used by using a pristine kubeconfig for all tasks, ensuring that the playbook runs correctly. (BZ#1327409)
• Previously, the rootdirectory for S3 docker registry storage was hard coded in the registry configuration. This bug fix adds a new variable to modify the S3 rootdirectory: `openshift_hosted_registry_storage_s3_rootdirectory=<directory_path>` with a default value of `/registry`. (BZ#1367284)
• Named certificates which had matching host names in CN and subjectAlternativeNames certificate entries previously caused duplicate host names to be detected and configured in the /etc/origin/master/master-config.yaml file. This caused an error and prevented the master from starting. With this bug fix, duplicate host names are now correctly removed from detected certificate names. (BZ#1379841)
• An incorrect variable was previously referenced when persisted settings were being fetched. This caused users to be forced to re-enter saved proxy information. This bug fix corrects the variable reference, and as a result users no longer must re-enter proxy information if it has already been saved. (BZ#1339624)

All OpenShift Container Platform 3.3 users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:

# yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

• Red Hat OpenShift Container Platform 3.3 x86_64

Fixes

• BZ - 1327409 - scaleup playbook uses current oc login which may not have enough permissions
• BZ - 1336271 - Installer should not ask which version number to install
• BZ - 1339624 - re-running the quick installer should not prompt a user to re-enter proxy information.
• BZ - 1353461 - NO_PROXY was set in builddefaults config with additional commas
• BZ - 1367284 - rootdirectory configuration is hardcode when installer is using s3 as registry storage
• BZ - 1372388 - Installer should persist net.ipv4.ip_forward
• BZ - 1375723 - OCP 3.3 ansible installer doesn't support proxy setting for OpenShift Node
• BZ - 1378337 - [RHEL73] checking service presence on containerized install didn't work well on RHEL-7.3
• BZ - 1379841 - Named certificates with SANs cause duplicate name entries when cafile is specified

CVEs

(none)

References

(none)