- Issued:
- 2017-04-25
- Updated:
- 2017-04-25
RHBA-2017:1140 - Bug Fix Advisory
Synopsis
OpenShift Container Platform atomic-openshift-utils bug fix and enhancement
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs and add an enhancement are now available for OpenShift Container Platform 3.5, 3.4, 3.3, and 3.2.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.
This update fixes the following bugs:
- When trying to install aggregated logging, the playbook called the `oo_first_master` host group, however the evaluate_groups.yml file was not included prior to the play. Because the `oo_first_master` host group was not created, the entire play was skipped and logging was not installed. This bug fix adds an include for the evaluate_groups.yml file to create the required host groups, and as a result aggregated logging can be installed as expected. (BZ#1441922)
- On older RHEL Atomic Host instances, there could be an out of date version of docker which is not supported. In such cases, an OpenShift Container Platform installation would finish but pods would be unusable. This bug fix checks for unsupported versions of docker when using RHEL Atomic Host. If an old version is found, the install is halted and the user is notified. (BZ#1425583)
- The installer previously incorrectly set the default logging and metrics image versions. Because the installer is unique per OpenShift Container Platform minor release, this bug fix hardcodes the default of `3.5.0` instead. These defaults can still be overridden by setting `openshift_hosted_logging_deployer_version` or `openshift_hosted_metrics_deployer_version` for logging and metrics, respectively. (BZ#1442185)
- When deploying metrics, the entry point to the metrics deployment playbook was invalid, and metrics were not installed as expected. This bug fix adds a proper entry point, and metrics can now be deployed as expected. (BZ#1441915)
- Parameter values were previously used to directly populate environment variables. This meant the value of the environment variable was exposed in the web console, potentially exposing password credentials. This bug fix sets the environment variables indirectly via a secret and sets the secret from a parameter value. As a result, the environment variable value is no longer displayed in the web console by default. (BZ#1233513)
- When the quick installer attempted to gather facts from remote hosts, the installer would fail due to an incorrect path specified in the byo/openshift_facts.yml playbook. This bug fix corrects the path in byo/openshift_facts.yml and as a result the installer completes as expected. (BZ#1439109, BZ#1440588, BZ#1440614)
In addition, this update adds the following enhancement:
- Enhanced certificate redeployment playbooks have been backported to OpenShift Container Platform 3.4, 3.3, and 3.2. See updated documentation for latest usage.
All OpenShift Container Platform users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:
# yum update atomic-openshift-utils
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.5 x86_64
- Red Hat OpenShift Container Platform 3.4 x86_64
- Red Hat OpenShift Container Platform 3.3 x86_64
Fixes
- BZ - 1233513 - Passwords are shown in the web console
- BZ - 1364160 - [3.5] facts collection for openshift.common.admin_binary does not seem to work in mixed environments
- BZ - 1367685 - [quick-install] Can't specify LB in arbitrary installer yaml
- BZ - 1388760 - [3.4] quick install - No error message output when the packages can't be found.
- BZ - 1397530 - [3.3] facts collection for openshift.common.admin_binary does not seem to work in mixed environments
- BZ - 1425583 - Install should fail for unsupported docker version on atomic host
- BZ - 1427429 - [3.4] Certificate redeploy playbook shouldn't remove CA certificate by default
- BZ - 1433068 - [3.3] Certificate redeploy playbook shouldn't remove CA certificate by default
- BZ - 1433378 - [3.2] ansible-playbook fails with dict object has no attribute oo_etcd_to_config
- BZ - 1439109 - [quick installer][3.4]quick installer failed due to a non-existent file_name
- BZ - 1440588 - [3.3]quick installer failed due to a non-existent file_name
- BZ - 1440614 - [3.2]quick installer failed due to a non-existent file_name
- BZ - 1441915 - Failed to deploy metrics by steps in OpenShift 3.5 formal documentation
- BZ - 1441922 - logging can't be deployed by openshift-logging.yml playbook
- BZ - 1442185 - [3.5] OpenShift logging pods not deploying using correct image version
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.5
SRPM | |
---|---|
openshift-ansible-3.5.60-1.git.0.b6f77a6.el7.src.rpm | SHA-256: 76e14caabfa851171aed7448f686a78115f1111103aa2a5260f39b7342145b03 |
x86_64 | |
atomic-openshift-utils-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: f5a49544ed3fb334698108abba4a046ea38ab1bf680d4106937ac08f0a688bb2 |
openshift-ansible-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: 4f0e181ad72279a198b65a1af4c22fc66048a8b75c99f52a91bdd02fd0ec5a81 |
openshift-ansible-callback-plugins-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: 8925b5afaacad17cb47298c8dcb2844fc74d23bac63085eea1594e30d3ba9d8c |
openshift-ansible-docs-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: b2536c8d2658e203418e75ddf63fdb6fede40a7f6252179c72589664d4ddd907 |
openshift-ansible-filter-plugins-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: 58278218ea8243312b3404e2efe5272f53f21b413222c8d3e4817d104a8638a5 |
openshift-ansible-lookup-plugins-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: 020bb1516b8c0ce3fe0f95d00ffe17894334d5bb83e005d65261b179ce439e9e |
openshift-ansible-playbooks-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: 2f6f9be84b6699e3808644d8d707d29bf3ed92f5738427dfdbbc7afdead4ee2d |
openshift-ansible-roles-3.5.60-1.git.0.b6f77a6.el7.noarch.rpm | SHA-256: 751511d1f43092d88a4bce7b2f0c571c81ca97c67ce160261863b4a1eac8a882 |
Red Hat OpenShift Container Platform 3.4
SRPM | |
---|---|
openshift-ansible-3.4.79-1.git.0.6faa668.el7.src.rpm | SHA-256: ba7867ab9702e294a48c749df5f3ab049fcd4ef09c481e5c365961191f80677d |
x86_64 | |
atomic-openshift-utils-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: 7735da02a3835a78e250e9491e5454aab7d8234141ff00c27c590677327269c1 |
openshift-ansible-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: f651e68b21a4b17e97f2dad80117a23f49fc502d25f16e3bbc3ece9f229f79a1 |
openshift-ansible-callback-plugins-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: 779e1b6d1b5b925a808cc51a27d6971dbce2b6b5a7ea98edab1346c21e2c7516 |
openshift-ansible-docs-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: 0fc02d677f1c158d4688bbf5023743dda891b7b4698f2efeef8d49490a5e11bd |
openshift-ansible-filter-plugins-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: e464bc634d57356c8256100ea1f174920336dcce3eef9fd706b3f7129fb41935 |
openshift-ansible-lookup-plugins-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: f60484075f8c30d7502a94056623f203968ab1ecc5d7e37830d957622b3ce045 |
openshift-ansible-playbooks-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: 6f532603667c74f9b192485cb66cc9ed7f06dd3e411c5d13943f39c5c2a591bf |
openshift-ansible-roles-3.4.79-1.git.0.6faa668.el7.noarch.rpm | SHA-256: c957c9b39a0307b3efa4708b9c6c4b2731ee3a953c9bfd19d5e24810542ff3fb |
Red Hat OpenShift Container Platform 3.3
SRPM | |
---|---|
openshift-ansible-3.3.72-1.git.0.d10f480.el7.src.rpm | SHA-256: c4e077f9cf01a1c9e4522ef8559795435549fbdf82d9ab284cf5b280bff84cee |
x86_64 | |
atomic-openshift-utils-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: a19d17b66e264c693ddb70bc58ec5d8f1d26c5896c668d057681f24cacd88e35 |
openshift-ansible-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: 46aa755215585cf3713d18d84fe253ecb17b403f97d2cedaa8fea0b431208fb6 |
openshift-ansible-callback-plugins-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: 3343e930b4be2da3c1fbd26a361b98ed651ad455195c3e097bb4b0069942b2d4 |
openshift-ansible-docs-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: c20e9658062050144b728f7dcdb2706f5156a3c5342b45df9a953cae96d1d6df |
openshift-ansible-filter-plugins-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: 474483c2a3c51aed16e222a2b50c8154f38119e0e9098a7d8deab0c7db5b9b38 |
openshift-ansible-lookup-plugins-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: 2501b3c1314df8159bfac5546fc4211ff7ebc8e90e5f26dbcd12672999933d47 |
openshift-ansible-playbooks-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: f1b281feaa79b9dd96de14de202e9ee3536af72f333f68dc67ba0602f2927d90 |
openshift-ansible-roles-3.3.72-1.git.0.d10f480.el7.noarch.rpm | SHA-256: fcd2ede9e778b9bafe68bf95790653e7766ef4ce1becaa7db2508802b2245a90 |
Red Hat OpenShift Container Platform 3.2
SRPM | |
---|---|
openshift-ansible-3.2.55-1.git.0.5feab7c.el7.src.rpm | SHA-256: dbda29398308696289f554aeb202ca12584ced29f9a4e0105c6a871b6b80a74e |
x86_64 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.