RHBA-2017:0865 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform releases 3.4.1.12, 3.3.1.17, and 3.2.1.30 are now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.4.1.12, 3.3.1.17-4, and 3.2.1.30. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2017:0866

This update fixes the following bugs:

• When updating the atomic-openshift-docker-excluder RPM, the new RPM was not running the unexclude script of the old RPM. This caused the old excludes in the yum.conf file to not be cleaned up if there was any differences between the old and new excluders. This bug fix ensures the new RPM runs the old RPM's unexclude script before it touches anything. As a result, all of the old excludes in yum.conf are cleaned up when there is an update. (BZ#1430929)
• The index used by the Search Guard plug-in was not seeding properly. This caused the Elasticsearch node to get in a waiting state for the Search Guard ACLs and not service any requests. This bug fix moves the initial seeding logic to when the server starts in its run.sh. As a result, the initial Search Guard documents are seeded and the plug-in services requests.

(BZ#1431551, BZ#1432250)

• The Search Guard plug-in was trying to seed an index that did not exist yet, which generated an error. This bug fix catches the exception and returns silently. As a result, the plug-in will continue to try and seed index without generating exception. (BZ#1430913)
• Nodes initialized some of their data structures incorrectly at startup. After restarting a node, pods on that node would be unable to access some service IP addresses until a change was made to that service or a resync occurred. This bug fix updates the initialization code, and as a result all services should be accessible as expected after restarting a node.

(BZ#1380167)

• Quickly and repeatedly adding and deleting a route with same name in a namespace could cause the router pod to panic with a "invalid state transition: DELETED -> ADDED" message. This bug fix adds the objects UID to the event queue key generation function, and as a result this panic no longer occurs. (BZ#1419771)
• OpenShift Container Platform (OCP) 3.3 uses Cassandra 2.2.7, which does not ship with TimeWindowCompactionStrategy (TWCS). TWCS was previously backported to OCP 3.3 to address some compaction related problems. OCP 3.4 uses Cassandra 3.0.9 which does ship with TWCS; however, class names have changed. When Cassandra starts, it cannot find the TWCS classes that were being used in OCP 3.3. This caused Cassandra to fail to start after upgrading from OCP 3.3 to 3.4. This bug fix ensures that the older version of TWCS is now packaged with Cassandra in OCP 3.4. As a result, Cassandra starts up, and Hawkular Metrics is able to apply schema updates as expected. (BZ#1435706)

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.12, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

For OpenShift Container Platform 3.3, see the following documentation, which will be updated shortly for release 3.3.1.17-4, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html

For OpenShift Container Platform 3.2, see the following documentation, which will be updated shortly for release 3.2.1.30, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

• Red Hat OpenShift Container Platform 3.4 x86_64
• Red Hat OpenShift Container Platform 3.3 x86_64

Fixes

• BZ - 1380167 - Latency on iptables rules update after atomic-openshift-node service restart
• BZ - 1419771 - [3.4] Observed a panic: "Invalid state transition: DELETED -> ADDED" (Invalid state transition: DELETED -> ADDED) in router logs
• BZ - 1429827 - searchguard index needs manual recreation
• BZ - 1430929 - exclude list stays the same after atomic-openshift-docker-excluder pkg update
• BZ - 1431551 - OpenShift Logging not stable - does not survive node outage
• BZ - 1432250 - Kibana Unable to Connect to ElasticSearch
• BZ - 1434574 - [3.4] [networking_public_407] the router configuration not reloaded after the namespace label changed
• BZ - 1435695 - etcd cache in kube api server with large fixed size causing high memory usage
• BZ - 1435706 - Unable to Upgrade Metrics due to missging compaction strategy class's

CVEs

(none)

References

(none)