- Issued:
- 2017-04-19
- Updated:
- 2017-04-19
RHBA-2017:0989 - Bug Fix Advisory
Synopsis
OpenShift Container Platform 3.4, 3.3, 3.2, and 3.1 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat OpenShift Container Platform releases 3.4.1.16, 3.3.1.19, 3.2.1.31, and 3.1.1.11 are now available with updates to packages and images that fix several bugs.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.4.1.16, 3.3.1.19, 3.2.1.31 and 3.1.1.11. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2017:0990
This update fixes the following bugs:
- Previously, there was no option to configure the URL that proxies to $master/oauth/approve. When accessing the Jenkins application created by the default template jenkins-persistent, an error message of "The requested URL /oauth/approve was not found on this server" was returned. This bug fix addresses the issue and the error message no longer appears.(BZ#1434983)
- If NAMESPACE_LABELS was added to the router first, then the label to namespace was added or removed, then the router configuration could not be reloaded. However, if NAMESPACE_LABELS was added to the router last, the configuration could be reloaded. This bug fix addresses the issue. (BZ#1436296)
- Previously, Azure Disk would not attach to OpenShift Container Platform. If there was a pod created with a invalid disk, then creating a pod with a valid disk would always fail. This bug fix resolves this issue. (BZ#1438474)
- Previously, there was a logic error in how weak and strong references are identified when searching images eligible for pruning. Some images having both strong and weak references in pruning graph could be removed during pruning. This bug fix corrects the logic responsible for finding which images have strong references. Now, pruning correctly recognizes and prunes images. (BZ#1439926, BZ#1440197, BZ#1440199, BZ#1440201)
- Previously, 3.1 containerized installs may have incorrectly used the latest image when creating the initial certificates. Because of this and a change to the 3.5 image, this could have led to a scenario where the 3.1 installation would fail because the 3.5 image no longer creates openshift-registry.kubeconfig and openshift-router.kubeconfig as required of a 3.1 installation. The 3.1 installer has been updated to ensure that a 3.1 image is used when creating the initial certificates which ensures that all the necessary files are created. (BZ#1442346)
All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.16, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html
For OpenShift Container Platform 3.3, see the following documentation, which will be updated shortly for release 3.3.1.19, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html
For OpenShift Container Platform 3.2, see the following documentation, which will be updated shortly for release 3.2.1.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.4 x86_64
- Red Hat OpenShift Container Platform 3.3 x86_64
- Red Hat OpenShift Container Platform 3.1 x86_64
Fixes
- BZ - 1434983 - [3.4] Can't login to Jenkins application when ENABLE_OAUTH=true and RequestHeaderIdentityProvider is used
- BZ - 1436296 - [3.3] [networking_public_407] the router configuration not reloaded after the namespace label changed
- BZ - 1438474 - Cannot attach Azure Disk
- BZ - 1439926 - [3.3] Image pruning may incorrectly delete an image if it has both weak and strong references
- BZ - 1440197 - [3.1] Image pruning may incorrectly delete an image if it has both weak and strong references
- BZ - 1440199 - [3.2] Image pruning may incorrectly delete an image if it has both weak and strong references
- BZ - 1440201 - [3.4] Image pruning may incorrectly delete an image if it has both weak and strong references
- BZ - 1442346 - [3.1] registry/router certificates are not generated in containerized install which is leading installer exit
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat OpenShift Container Platform 3.4
| SRPM | |
|---|---|
| atomic-openshift-3.4.1.16-1.git.0.ea2919c.el7.src.rpm | SHA-256: c4eaa5f2e8752534dbf15a4a12e17b4d7381cf34918a88bf1f80500c30f36263 |
| x86_64 | |
| atomic-openshift-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: ef588846d6d688c1372b9a6696b72f25c1e6f7928d4fcb5909d8d6c463ab9084 |
| atomic-openshift-clients-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: b3c1644da3f7e367b784ec989ae79e6d0602f2414cc645f65a6baa5d837ebaaf |
| atomic-openshift-clients-redistributable-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: a3253448f7cc3472db5b2f7e40fa53b407180d0968d1981908b710d73a53840b |
| atomic-openshift-docker-excluder-3.4.1.16-1.git.0.ea2919c.el7.noarch.rpm | SHA-256: 7072dcddf1f2d31896129f09c21266e420619f87652fa979e22d0ac45dc1be29 |
| atomic-openshift-dockerregistry-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: e1b774ab5f6a3256e838b2c29d2a27c146227810b0e3b5296672adef784e64e5 |
| atomic-openshift-excluder-3.4.1.16-1.git.0.ea2919c.el7.noarch.rpm | SHA-256: f54118faf2f216fe0a01c62227a86b1d6d740e53cdf243fe046171dd01fbc9b5 |
| atomic-openshift-master-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: fdc0ba36d8bd6f45d03d4fd5cec0a3aff2b69e13f0e1a87ce0fc0d2d40a8310c |
| atomic-openshift-node-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: 43db2570f159583b445e5eff8ea5c607416dc960acc15e95ee0af233bf62bb75 |
| atomic-openshift-pod-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: dc53e02d039c9a606d1c81ed42395fa20e203b6b32505dac307825cd6fee40b7 |
| atomic-openshift-sdn-ovs-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: ad1132c251fd9c578723fc90fd9541838ca6a9614df2dc9b05c494c7890c9d9d |
| atomic-openshift-tests-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: 785b552de8f9d7e6d4a4fd40401136427699f81dfe691c9ee1d4a43340330fac |
| tuned-profiles-atomic-openshift-node-3.4.1.16-1.git.0.ea2919c.el7.x86_64.rpm | SHA-256: fe06b9c34f8f2ed03d0e0ad27b75f62fc84db9f3535dc8d5f5450ee20d21b856 |
Red Hat OpenShift Container Platform 3.3
| SRPM | |
|---|---|
| atomic-openshift-3.3.1.19-1.git.0.d5749a7.el7.src.rpm | SHA-256: 1ea0b6fd143c65e28cf5a76ef1ec6cc3417e153868c04d3a30c08d32846f10d0 |
| x86_64 | |
| atomic-openshift-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 6adb4630f667dc5090a3df53a069a90ae588cd93490322736b7ee4abd3ca098c |
| atomic-openshift-clients-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: b1e0f936f36459e03a96b3d94d8240337f7ea21eb59d6f81612814f7d82acbae |
| atomic-openshift-clients-redistributable-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 9b034f4163cd005fc21144c7e813db92b7e3f80627733674f14aed34009822e3 |
| atomic-openshift-docker-excluder-3.3.1.19-1.git.0.d5749a7.el7.noarch.rpm | SHA-256: ba3dbb6a18f628737f92b7c6909d6a1815519b689a52973f198558152d444058 |
| atomic-openshift-dockerregistry-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 0b4dcafe447fa1536c23912fbd023532e9f4da7254652515a27cec111f8f4a75 |
| atomic-openshift-excluder-3.3.1.19-1.git.0.d5749a7.el7.noarch.rpm | SHA-256: 43ea0c5e56e152ab71046517b12c90517015b2bbcd3830e95bcb2ea7f162379c |
| atomic-openshift-master-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: e92a2decc85bff72e98257d2caa42cee419f9ab42b51db01b902445af3abcd2e |
| atomic-openshift-node-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 309b964d2c2c8fb9800f185220dba82f562e1135c5759179b851d28049003a10 |
| atomic-openshift-pod-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 50074a4779e690a60f956d4be4b676fc83201a743971d3fe27e4cbc17073c281 |
| atomic-openshift-sdn-ovs-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 26f83366534775de5c681aab9d27817c6c65f6ef1ca52ffc4dd972ffe0e97796 |
| atomic-openshift-tests-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 89e4ae76de8f01518b8371f78d356fb7e4ca1eb99e86fb171e9a719b30e5ced0 |
| tuned-profiles-atomic-openshift-node-3.3.1.19-1.git.0.d5749a7.el7.x86_64.rpm | SHA-256: 55fc9fae249c43a9d79c68289c23b0fa19301c2c9cc986a15de950e0948362b5 |
Red Hat OpenShift Container Platform 3.2
| SRPM | |
|---|---|
| atomic-openshift-3.2.1.31-1.git.0.0e3335d.el7.src.rpm | SHA-256: 014180c664e1b33533e124356e0be113f790d21a7c4b23800c87acf43910fed1 |
| x86_64 | |
Red Hat OpenShift Container Platform 3.1
| SRPM | |
|---|---|
| atomic-openshift-3.1.1.11-1.git.0.599a921.el7aos.src.rpm | SHA-256: 2fe19ef2a12b0c74fd9cc6dd4c40006651dfaa415f616701b378029a6eae63e6 |
| openshift-ansible-3.0.100-1.git.0.95611a0.el7aos.src.rpm | SHA-256: 2d85e54c5ae4c8c4f33a53a2300c10ffeaeda4b0c70af59b831857f896d0674f |
| x86_64 | |
| atomic-openshift-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: fc4c6277722a82eec05f05b4801d2bc01b88228d4b76191ba137e033844b8dff |
| atomic-openshift-clients-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 46027e4f2d21e37b37fbc12c6ddd729179e064c5e45ad302037f9adfa6523d8e |
| atomic-openshift-clients-redistributable-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 7193e3636fbfe75f9bb825c4cfb149f885273892fb97b65b0bee30929fe0fb50 |
| atomic-openshift-docker-excluder-3.1.1.11-1.git.0.599a921.el7aos.noarch.rpm | SHA-256: d0e4354550cb2353bed8b5cfd9305c6c251cb9ce178a06b45f42a5c8b5e879fa |
| atomic-openshift-dockerregistry-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 9420a3d038d1ddb4d3758f0035e38f0617cfbd4cc8beba1a0e8891fbd2d296ae |
| atomic-openshift-excluder-3.1.1.11-1.git.0.599a921.el7aos.noarch.rpm | SHA-256: dfeb550241ca4824392f6d6c125a606c708f52a03bb48513adeb87758d7b4934 |
| atomic-openshift-master-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 9f91271681b7d034b0fa40dbd8948e2a72a36025fb3947c76fbbe5c2027d2395 |
| atomic-openshift-node-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: c9fe65e1267da4ef3e8156819fbcfecaba966a3dc73df232fb121c908dec7e28 |
| atomic-openshift-pod-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: cf2b4c5f85e61c336cdc8ec86168b54226a5235a8478cc6db662cd3d5fc13969 |
| atomic-openshift-recycle-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 7f55d1ba88225ef32c9c9f8224a53735595324b3af6fd7f6cdd9f08bc13bae5e |
| atomic-openshift-sdn-ovs-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 22567ba3f8b0fa793e7c37f6102a5d7fd20a94db00334c7219d80790b291da81 |
| atomic-openshift-utils-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: 8b7b1f0025f3188a32a6b0194760ff8d03002cf193c6d91662c7070df2981cf7 |
| openshift-ansible-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: 8cfef539e8ab426f28bd9f8503ac2fdbcf462a77c71ee2a7e4f3314bb4653eeb |
| openshift-ansible-docs-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: 027b9da43d0d0f62884c66c4b5c9e1086151e0565bba48c1a1c0d1d5f6fadb4a |
| openshift-ansible-filter-plugins-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: e4d6afc05756c6d882ab3e3ca8c75746d202bbf325b98d9bdef1403153cd32f6 |
| openshift-ansible-lookup-plugins-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: 7d7482926eb143047c5e8e1838e41ea15c7445f313102970e7a537e56573200b |
| openshift-ansible-playbooks-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: 4282128586dab705bf0bda8725d1696e3947b3908c6c3751fc9a993076d2dd90 |
| openshift-ansible-roles-3.0.100-1.git.0.95611a0.el7aos.noarch.rpm | SHA-256: 2f8526a1e2f6f2858536dcd09051283a0d43b00708e1012b1b343185f9c9c970 |
| tuned-profiles-atomic-openshift-node-3.1.1.11-1.git.0.599a921.el7aos.x86_64.rpm | SHA-256: 0b510787e580fb5a5eff1b5f819ba9a529d84e501f309c3a9838be66ee867c00 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
