- Issued:
- 2017-04-12
- Updated:
- 2017-04-12
RHBA-2017:0903 - Bug Fix Advisory
Synopsis
OpenShift Container Platform atomic-openshift-utils bug fix and enhancement
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs and add enhancements are now available for OpenShift Container Platform 3.5.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Container Platform 3.5 Release Notes, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:
# yum update atomic-openshift-utils
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:
Affected Products
- Red Hat OpenShift Container Platform 3.5 x86_64
Fixes
- BZ - 1298787 - [RFE]openshift-ansible should support containerized ha-master installation
- BZ - 1306678 - handle Cluster Metrics updates
- BZ - 1311207 - [supportability] protect package versions upon upgrade
- BZ - 1368579 - quick installer fails installing to "localhost"
- BZ - 1383275 - installer should support user specified "IMAGE_VERSION" for registry console deployment.
- BZ - 1384753 - Support openshift_builddefaults_git_no_proxy with ansible installer to enable no_proxy setting for git cloning
- BZ - 1388191 - Default docker log driver should be journald
- BZ - 1388445 - Issues within playbook while upgrade from 3.X to 3.Y version
- BZ - 1388739 - [quick install]the number of completed plays is bigger than the expected number.
- BZ - 1390135 - [quick install]scaleup with quick install in unattended mode should not ask user to input host info
- BZ - 1392742 - OpenShift installer always sets --selinux-enabled in sysconfig/docker. Can break working overlay installs.
- BZ - 1393666 - Image-name for registry-console hardcoded in code.
- BZ - 1395081 - docker-registry did not update to specified version after OCP upgrade
- BZ - 1395168 - installer does not attach private key file to docker-registry when cloudfront is enabled.
- BZ - 1395637 - The masterClientConnectionOverrides are absent on app node node-config.yml in containerized installation/upgrade
- BZ - 1397958 - [RFE] Improve certificate management tooling
- BZ - 1399523 - The value of openshift_hosted_logging_elasticsearch_ops_pvc_prefix is the same with openshift_hosted_logging_elasticsearch_pvc_prefix in installer
- BZ - 1406057 - Node Selector for Metrics Install
- BZ - 1413447 - firewalld should be installed in containerized RHEL installation
- BZ - 1414619 - [IntService_public_295] Ansible var name is not consistant
- BZ - 1414625 - [IntService_public_295] add mandatory check 'httpd-tools' is installed on master
- BZ - 1414756 - master service can't be started when setting "openshift_buildoverrides_force_pull=true"
- BZ - 1414770 - Decouple the configuration of BuildDefaults and BuildOverrides
- BZ - 1415063 - [IntService_public_295] Ansible install failed at openshift_metrics : create JKS container
- BZ - 1415447 - [IntService_public_295] Ansible metrics failed at openshift_metrics : Stop Heapster
- BZ - 1415593 - [IntService_public_295] Using ansible to un-install failed
- BZ - 1415767 - Openshift ansible playbook fails for htpasswd auth
- BZ - 1415800 - Installer fails to add/check iptables rule due to lock on xtables.
- BZ - 1416156 - Modifying iptables causes ungraceful termination of docker.service
- BZ - 1416686 - installation failed on GCE with cloudprovider enabled
- BZ - 1417525 - Using openshift_hosted_logging_deploy=true fails on repeated runs
- BZ - 1418191 - Getting 'Failed to pull image .... x509: certificate signed by unknown authority', after redeployed certificates
- BZ - 1419026 - openshift_master_certificates task failed when installing multiple masters env
- BZ - 1419255 - Fail to redeploy certificates due to restart node's delay
- BZ - 1419811 - [IntService_public_324]Failed in running handler "[openshift_logging : restart master]" after task "[openshift_logging : Delete temp directory]"
- BZ - 1419838 - Logging deployment failed with AnsibleUndefinedVariable error
- BZ - 1419843 - Installation with ansible-2.2.1.0-2 may fail when set_fact for openshift_master
- BZ - 1419844 - The atomic-openshifit-node and openvswitch images weren't upgraded on master hosts
- BZ - 1419874 - Metrics deployment failed during installation
- BZ - 1419893 - [quick installer]quick installer failed due to a non-existent file_name
- BZ - 1419962 - [IntService_public_295] After clean then install, Cassandra show keystore/password error
- BZ - 1420182 - [3.5] conntrack executable not found on $PATH during cluster horizontal run
- BZ - 1420204 - Fluentd should overwrite the default value of openshift_logging_fluentd_use_journal by detecting whether or not Docker is using the journald log driver
- BZ - 1420219 - No log entry can be found in Kibana UI after deploying logging stacks with ansible
- BZ - 1420425 - Failed to create logging-deployer route with external certificate
- BZ - 1420538 - Unable to set Supplemental Groups or fsGroup for Cassandra, via metrics deployer.
- BZ - 1420636 - The node service can't be started after upgrade openvswitch to v2.6
- BZ - 1420666 - Fail to start master service when running redeploy-openshift-ca on an embedded-etcd env
- BZ - 1420667 - master.etcd-client.crt and master.etcd-client.key wouldn't be redeployed in embedded-etcd env
- BZ - 1420970 - [quick installer]quick installer failed due to a python method failure
- BZ - 1421002 - Fail to upgrade masters when set openshift_rolling_restart_mode=system
- BZ - 1421011 - ruamel.yaml package installation failed when enable metrics or logging deployment
- BZ - 1421033 - Fail to upgrade ocp with quick installer due to wrong variant version
- BZ - 1421037 - Should add '-n default' to the 'oc replace' command in redeploy-registry-certificates playbook
- BZ - 1421563 - [Intservice_public_324]kibana route unaccessible after logging deployment
- BZ - 1422348 - lib_openshift role not working for containerized env installation
- BZ - 1423425 - Fail to start upgrade process due to syntax error of storage_upgrade.yml
- BZ - 1423430 - Redeploy router certificates playbook couldn't work
- BZ - 1423444 - OCP 3.5 installation failed due to a symbolic link error
- BZ - 1423447 - fail to install ocp on the hosts which enable excluders due to no openshift_version available
- BZ - 1424981 - [IntService_public_324] Logging upgrade failed at TASK [openshift_logging : Applying /tmp/openshift-logging-ansible-1PQ3bY/templates/logging-curator-dc.yaml]
- BZ - 1425312 - The redirect URL of Kibana route takes wrong port number when logging in Kibana
- BZ - 1425400 - upgrade stopped and exited at task [grep pluginOrderOverride]
- BZ - 1425688 - Upgrade failed at Task Wait for node to be ready
- BZ - 1426070 - excluders are not upgraded to corresponding version when upgrade ocp
- BZ - 1426155 - docker-excluder should not be installed by mistake after upgrade ocp
- BZ - 1426536 - Logging/Metrics deployment options in example inventory need update
- BZ - 1426677 - scaleup playbook doesn't consider ca certificate specified in openshift_master_overwrite_certificates
- BZ - 1426936 - Unable to get router replicas during installation when setting openshift_hosted_router_replicas
- BZ - 1427003 - Failed to add masters if openshift_master_ca_certificate is defined
- BZ - 1427009 - Installation failed with pvc_volume_mounts undefined error when registry_storage_kind is nfs
- BZ - 1427040 - STI build failed due to cert error
- BZ - 1427067 - Failed to redeploy certificates with Atomic Hosts due to "etcd_is_atomic" is detected incorrectly
- BZ - 1427080 - The router wasn't upgraded to current ose-haproxy-router image version
- BZ - 1427378 - Docker registry was not created during installation
- BZ - 1427789 - [3.5] Pod may get the duplicate IP if it is created after the node service restarted on containerized env
- BZ - 1428229 - fail to upgrade ocp3.4 to 3.5 while petset created in cluster
- BZ - 1428248 - [IntService_public_295] After install using ansible, Hawkular won't start due to hawkular-jgroups.keystore is missing
- BZ - 1428249 - [IntService_public_324] Elasticsearch stayed at 3.3.1 level and reported "java.lang.IllegalArgumentException: Could not resolve placeholder 'NAMESPACE'" after logging was upgraded to 3.5.0
- BZ - 1428532 - 3.5.0.37: Task Ensure etcd datadir exists fails in containerized install due to non-existent etcd user
- BZ - 1430612 - Docker-excluder should be always enabled during installation
- BZ - 1430613 - openshift-excluder should be enabled after install ocp
- BZ - 1430625 - Metrics and logging deployment with dynamic pv failed
- BZ - 1430626 - Metrics deployment with NFS volume failed
- BZ - 1430627 - Logging deployment with NFS volume failed
- BZ - 1430628 - openshift_master_logging_public_url option didn't work
- BZ - 1430700 - docker-excluder should be upgraded during upgrade for containerized installed ocp
- BZ - 1431077 - fatal excluder error when upgrade atomic OCP
- BZ - 1431527 - Ansible faild at TASK [openshift_logging : Generate Elasticsearch DeploymentConfig for Ops] if enabled ops cluster
- BZ - 1431583 - [cluster_lifecycle__11] missing permissions for router service account which lead router with NAMESPACE_LABELS setting does not work
- BZ - 1431935 - Ansible failed at TASK [openshift_logging : Generate Elasticsearch DeploymentConfig], 'es_pvc_pool' is undefined
- BZ - 1431972 - The version of excluder packages should be matched with node/master packages
- BZ - 1432345 - Fail to install ocp3.5 on fresh hosts when set enable_excluders=false
- BZ - 1432402 - Installer didn't get correct router replica
- BZ - 1432868 - Excluders should be installed on new node/master when scaleup cluster
- BZ - 1433272 - The etcd db file should be backed during upgrade
- BZ - 1436106 - Metrics deployment failed when running "Create objects"
- BZ - 1438160 - [quick installer]wrong variant version generated in installer.cfg.yml when selecting "Registry"
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.5
SRPM | |
---|---|
ansible-2.2.1.0-2.el7.src.rpm | SHA-256: dfa13008ac2bd9d52b3a70bc3b74ebbcdd71fe45d80ab7fb9aaf91bc723ed234 |
openshift-ansible-3.5.53-1.git.0.8ade9f2.el7.src.rpm | SHA-256: bff032c898686d99baaab61ccb3f3f08293f0d3e5e8c652eb73c5c8ba86eef33 |
python-crypto-2.6.1-1.el7aos.src.rpm | SHA-256: 31199f92878d8ca944ec8e274f84fc9d25f4d0faf47b336433b15ab401b4327c |
python-httplib2-0.9.1-2.el7aos.src.rpm | SHA-256: 910ba8432700fa515e12ca33d991fcbefbe62c47cff0c7d4d48eaec6b11d7091 |
python-keyczar-0.71c-2.el7aos.src.rpm | SHA-256: eeaccfacea1fb6bc13dc9f74a8e9c50e4bbe68171e3642c08e0aca1e85c738a7 |
python-paramiko-2.1.1-1.el7.src.rpm | SHA-256: 2406778400f76e4e31bc6dae113136d8477a4a1dff8ac186c0f37aa25de35f17 |
python-passlib-1.6.5-1.el7.src.rpm | SHA-256: 17abc72fe9141653e0d894e413a6f471c3302f2cd6906c2edbd908ee87e43d4b |
python-ruamel-ordereddict-0.4.9-3.el7.src.rpm | SHA-256: 5b9cbf5c337e1e6c37d808fcfac6dedcee00638fb4549b13a23344e8169a3800 |
python-ruamel-yaml-0.12.14-9.el7.src.rpm | SHA-256: 205dbdf62ac4bb0a191e2ab43eaffe9bc9d0f51a18ac8a163cb482c6c6315e4c |
sshpass-1.05-5.el7aos.src.rpm | SHA-256: 36a2f38d1f33981a1b4bd1c89ba66124151f09464a48c6d4e46846fe85ef46b4 |
x86_64 | |
ansible-2.2.1.0-2.el7.noarch.rpm | SHA-256: ab188473ff03be0b7916a8c80c17027efc1ea944b6332b04fb5d43494ef4f478 |
atomic-openshift-utils-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: 533c2073a42ddcb88ed76a732c7064acf5a4c79099c15c782956ce660e7f1964 |
openshift-ansible-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: c97cd2f325ff004036226ae0bf7f570fcea92b1bc9db1c2e43ac1b1655465c02 |
openshift-ansible-callback-plugins-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: e76db17f5c123174cd01cf3db70649eb7b53bbdaad1c245fc304a0369ca23ba1 |
openshift-ansible-docs-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: e4d06d1a3af1c7222a421fc804ba6a8c0a97d5c274b2aee937924806ece0e5f9 |
openshift-ansible-filter-plugins-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: 369a0e1bb3ec6d7ba78594baf4be745397a51c4bf2fb9126d572508e6b9b20aa |
openshift-ansible-lookup-plugins-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: d5f2ac748974697dd1f421d9ca0fd17a826106013b168bfca01d16c6222a790a |
openshift-ansible-playbooks-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: 782e8a032b9c95a2a9884ee6e0dbe48a337a519ef52cc80ed74f9a5dc31a1633 |
openshift-ansible-roles-3.5.53-1.git.0.8ade9f2.el7.noarch.rpm | SHA-256: fb75b847aedf34bd66f66cc9143bc94facf53b2b49fc4a1da8737c8f6a3fa402 |
python-crypto-2.6.1-1.el7aos.x86_64.rpm | SHA-256: 4f50ff4a0461c09ceb928ecf43d0c3d4e1364af1cd2bfed901dc1cea2f53e581 |
python-crypto-debuginfo-2.6.1-1.el7aos.x86_64.rpm | SHA-256: 876f0c7c8b17f29fc39bb0e6d7e5ff44f53c97b361562a20211f35e055ae5222 |
python-httplib2-0.9.1-2.el7aos.noarch.rpm | SHA-256: 8e118bd288e734c3677c9bca9d3ee6f64cd7c693aebf25c94eaf1b2011716384 |
python-keyczar-0.71c-2.el7aos.noarch.rpm | SHA-256: 40dc9a3c299a46c6bc41384449d3185d65061e03c18decdef4fa64ae9aa1c61e |
python-paramiko-2.1.1-1.el7.noarch.rpm | SHA-256: a7d08a0ad23bff3848f4752b7d08bb56c653e7bf5682297cdef673c8d2ab29ae |
python-paramiko-doc-2.1.1-1.el7.noarch.rpm | SHA-256: 048eef229681aeba0d9da20ea8285800d7d44ac71ca6fe256fa115e1643b89e4 |
python-ruamel-ordereddict-debuginfo-0.4.9-3.el7.x86_64.rpm | SHA-256: 4cc73545d6b684ba25b18c0536447a920b04cf8f9da21996c6e6593cba0a1ad2 |
python-ruamel-yaml-debuginfo-0.12.14-9.el7.x86_64.rpm | SHA-256: 5eb059b62ef50784dc0af4fd9b7eaaeb2862f88f597f7d8ea792f10e6be6bbf6 |
python2-passlib-1.6.5-1.el7.noarch.rpm | SHA-256: 493cd4898552bddc721a3f5a6681f9d2009ffa85244d83fa7fb01b9178cf8d78 |
python2-ruamel-ordereddict-0.4.9-3.el7.x86_64.rpm | SHA-256: e8ee94dac65e3a3661f746bc133ff072de128c466d29e95f6ad6a3a1ea1a50fd |
python2-ruamel-yaml-0.12.14-9.el7.x86_64.rpm | SHA-256: afcb3c4904b0319ff89969fee070d1d7843237a5f5691caef47ebfe2933cda87 |
sshpass-1.05-5.el7aos.x86_64.rpm | SHA-256: 94be4744b68b4cede5fa3f8d930a75d3544b1725a15eae011cf5105de10a3426 |
sshpass-debuginfo-1.05-5.el7aos.x86_64.rpm | SHA-256: 13990d85276bd3f237c948e65fa45e97dd7a8c0325a0630fdfdaf79388efbc2b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.