- Issued:
- 2017-07-27
- Updated:
- 2017-07-27
RHBA-2017:1810 - Bug Fix Advisory
Synopsis
OpenShift Container Platform atomic-openshift-utils bug fix and enhancement
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs and add enhancements are now available for OpenShift Container Platform 3.5, 3.4, and 3.3.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.
This update fixes the following bugs:
- Due to a YAML library wrapping long lines, LDAP configuration parameters were parsed incorrectly. This bug fix configure YAML library dumper with a longer line length. As a result, LDAP configuration parameters are written without line wraps and can be parsed correctly. (BZ#1450007)
- When `openshift_image_tag` was specified in an inventory in the format `3.x` instead of a full tag of `3.x.x.x`, the evaluation of `openshift_image_tag >= LooseVersion('3.x.0.0')` would result in "False". This caused the condition to be improperly applied to logic elsewhere in the code, resulting in invalid evaluation of version specific facts. This bug fix updates the version comparisons to compare against the terse minimum version of `3.x`. (BZ#1443416, BZ#1466770)
- A property was missing from a logging configuration file, causing Elasticsearch to fail to start, generating a large stack trace. This bug fix modifies the installer to create the configuration with the required property. As a result, Elasticsearch now starts as expected. (BZ#1466626)
- Previously, the upgrade playbooks used the default `kubeconfig` file, which may have been modified since creation to use a non-administrator user. With this bug fix, the upgrade playbooks use the system:admin user's `kubeconfig`, which avoids this problem. (BZ#1470338)
- The fact `etcd_is_atomic` was detected incorrectly due to the role ordering of some fact-setting operations. RHEL Atomic Host systems do not support `yum`, `repoquery`, or `rpm` commands, but they would attempt to run commands specific to managing and inspecting repositories and packages when they should not. This bug fix changes the ordering of role calls and fact updates and wraps them in a meta-role to ensure they stay in the correct order. As a result, these systems no longer attempt to run these unsupported commands because the `etcd_is_atomic` fact is correctly detected. (BZ#1442009, BZ#1442010)
- In some mixed-node environments, it was possible that host facts were not collected for containerized hosts, causing a conditional to fail. This bug fix adds a conditional to allow the check to complete correctly. (BZ#1466501)
In addition, this update adds the following enhancements:
- Containerized masters now mount `/etc/pki` from the host, enabling the master process to make use of the host's CA trust store and certificates. (BZ#1465120, BZ#1465121)
- The CloudForms Management Engine (CFME) templates have been updated to support CFME 4.5. (BZ#1468502)
All OpenShift Container Platform users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:
# yum update atomic-openshift-utils
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:
Affected Products
- Red Hat OpenShift Container Platform 3.5 x86_64
- Red Hat OpenShift Container Platform 3.4 x86_64
- Red Hat OpenShift Container Platform 3.3 x86_64
Fixes
- BZ - 1442009 - [3.4]Failed to redeploy CA certificates on Atomic Hosts
- BZ - 1442010 - [3.3]Failed to redeploy CA certificates on Atomic Hosts
- BZ - 1443416 - [3.5] Running the config.yml playbook fails on the second run
- BZ - 1450007 - Long DN string for LDAP authentication provider in ansible hosts file causes incorrect master-config.yaml to be created
- BZ - 1466501 - [3.4] Failed to install v3.4 on mix env rpm master plus atomic node
- BZ - 1466626 - Unable to load index mapping for io.fabric8.elasticsearch.kibana.mapping.empty.
- BZ - 1466770 - [3.4] Running the config.yml playbook fails on the second run
- BZ - 1468502 - Image-streams for cloudforms 4.2 are incorrect in Openshift 3.4
- BZ - 1470338 - [3.5] Error upgrading control_plane
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.5
SRPM | |
---|---|
openshift-ansible-3.5.101-1.git.0.0107544.el7.src.rpm | SHA-256: 36b02ebf260a308f651c214858f3f7448bad9093e5f7644f2846c5ca0f817b6b |
x86_64 | |
atomic-openshift-utils-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: 106c5fd9eca318d2f84de010dee7b4652f96251da82008495e766dc6d9750028 |
openshift-ansible-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: 4850368c5c71867f19c5910b8f38e50326c0167a9fa62fd39d93784aedd86588 |
openshift-ansible-callback-plugins-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: 0a41a59d21bdf04b54322e84126ffe35989ff05c455500bfa040851ada396320 |
openshift-ansible-docs-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: 501596dca8089e3c3c377a5147b69527c23e050c2e8849438af0de7aff523cc4 |
openshift-ansible-filter-plugins-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: 8f5cb577af695072a09b89055230d9091c871262984d56b09afb9b190dad180f |
openshift-ansible-lookup-plugins-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: 215d383f1383f21ce7ab79ed0b8244ca541683884b3e16241b1f18b6bdf1a8a6 |
openshift-ansible-playbooks-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: dbcdbb70d342f5c615c4edce603103339566a019c6bc5b7359ce75bf1454e67c |
openshift-ansible-roles-3.5.101-1.git.0.0107544.el7.noarch.rpm | SHA-256: f0fe29f3a25ae06fb58abe7060bda08b518cba2fa080611ff86bc09e601123e2 |
Red Hat OpenShift Container Platform 3.4
SRPM | |
---|---|
openshift-ansible-3.4.119-1.git.0.2b36c8a.el7.src.rpm | SHA-256: 61a13b6e9252afc8b3488c843c3b348ae162320a980bcc70915de09836ae14f7 |
x86_64 | |
atomic-openshift-utils-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: db8a5db138a13dced9b724fe0baf1db632664b04ed9f3ac8b74f762d662db3f7 |
openshift-ansible-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: a1b487c329fbfdf051ea6fd6ceb00e4bbd937fa1010992185b5b8ffcaf52ed99 |
openshift-ansible-callback-plugins-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: 75cd4fab7139e1858caf5dcff4c0b1d4005d6c11773237a1ad2bb0e9c8f28ecf |
openshift-ansible-docs-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: 200d882c61aff19a3dc5a43f39d723219eb147bac7b023875cb852fa3513a469 |
openshift-ansible-filter-plugins-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: ff05147c5e343c736e5c178efc6dc7565da7f5ee73669a5791224faa803c4dac |
openshift-ansible-lookup-plugins-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: dd9bf7dd0921f4b8aea81ac2c1eb94df5de3badd700f01e93f68d034dceb1fff |
openshift-ansible-playbooks-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: cc2fd75df548a4d00d5fb2704953af3c89da31fdf2b44b273a2d29c7e1d881ab |
openshift-ansible-roles-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm | SHA-256: a173a6783c2ea7d8f41f42ff10082efa55c8a32509116b20b09a517168d32066 |
Red Hat OpenShift Container Platform 3.3
SRPM | |
---|---|
openshift-ansible-3.3.106-1.git.0.7291555.el7.src.rpm | SHA-256: be93d56ad230fd3cd1f756ec8f6758aaa2d3270da546ad6d79fb5414fae664b0 |
x86_64 | |
atomic-openshift-utils-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 0a7aeaa8615726721ffeb57320c5f9b0a5294fd39e8bb6306708016997eb008d |
openshift-ansible-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 49f0b82d4457289a8a136bd987a163c085d872377fbb7036c1bb897b486049b3 |
openshift-ansible-callback-plugins-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 62083e4f50bc5358b6104506f149210c53c4d11efc662c65274d916fbeb429ab |
openshift-ansible-docs-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: e82a015a6362b2611b667a10345ee65bca7477f5be701465aadec3973a6067b2 |
openshift-ansible-filter-plugins-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 668c2642869ca795ee0d188b5490b7614a95a0f4988e29ed0267b3512295cc96 |
openshift-ansible-lookup-plugins-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 25af09aa12184256916d76b6433627fb529db0a32a3ba990f1d1b4405c3cdcb5 |
openshift-ansible-playbooks-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 0e44a11edbefebafdd1a4fee14af8465dd29c61f80e5f24d604fa07813d1d326 |
openshift-ansible-roles-3.3.106-1.git.0.7291555.el7.noarch.rpm | SHA-256: 193dd9e77b81d8949a8f9f213fe102db3fa1915f346f09c437613da9b78b4351 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.