- Issued:
- 2017-09-05
- Updated:
- 2017-09-05
RHBA-2017:2639 - Bug Fix Advisory
Synopsis
OpenShift Container Platform atomic-openshift-utils bug fix and enhancement
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs and add enhancements are now available for OpenShift Container Platform 3.5, 3.4, and 3.3.
Description
Red Hat OpenShift Container Platform (OCP) is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.
This update fixes the following bugs:
- If the master scaleup playbook was run without hosts in the new_masters group, the playbooks could have reconfigured certain master configuration variables. The playbooks have been updated to fail immediately if there are no hosts in the new_masters group. (BZ#1449911)
- Previously, the quick installer did not specify which generated configuration file should be edited to make changes. Edits to the host file were overwritten when rerunning the installer. The quick installer now indicates which configuration file it created so that you may update it in the future. (BZ#1460353)
- When conditions for creating PVCs within the logging role were incorrect, dynamic PVCs were created even if they were explicitly set as `false` for generating them. This bug fix updates the when conditions within the logging role and dynamic PVCs are no longer incorrectly created. (BZ#1463081)
- Masters in an HA environment with a configured proxy could not reach etcd hosts by DNS. As a result, an error of "etcd cluster is unavailable or misconfigured" was received. The Openshift Ansible installer was updated to collect the IP of all etcd hosts and insert them into the NO_PROXY settings for the HA masters. (BZ#1466783)
- Previously, the containerized load balancer did not properly use openshift_image_tag. This error is now corrected, ensuring proper containerized installation of the API load balancer host. (BZ#1467252)
- Previously, if the ansible_ssh_user did not have /sbin in their path, then the playbooks may have failed to execute the excluder scripts during installation and upgrade. The full path is now used, resolving this issue. (BZ#1474246)
- The key for the caCert was incorrectly capitalized. Therefore, the specified caCert value was not persisted to the created object. The capitalization is now corrected and the specified caCert is correctly persisted to the object. (BZ#1475004)
- After a migration to etcdv3, one OpenShift API server in the HA configuration returned old data. The results of this can vary from a user being unable to access their project sporadically to builds randomly being unable to push to the docker registry. With this bug fix, the issue is addressed. (BZ#1475351)
- If a PVC already existed, the playbook would fail trying to recreate it. With this bug fix, a PVC object is no longer created if it already exists and the playbook correctly completes without error. (BZ#1475761)
- The default image tag for the Ansible service now defaults to `v3.6` rather than `latest`, ensuring that the appropriate release is deployed. (BZ#1479165)
- When the nameservers were specified directly in /etc/resolv.conf, the node DNS configuration scripts failed to determine the correct nameservers. The configuration scripts are now updated to pull the nameservers from /etc/resolv.conf when they are not specified via other means. (BZ#1480438)
- .NET Core 2.0 image streams have been added to the install and upgrade playbooks for OCP 3.5 and 3.6. (BZ#1480606)
- Previously, only openvswitch 2.6 was marked as appropriate for OCP 3.6, which blocked installation of 2.7. This error is corrected. (BZ#1481721)
- When users set openshift_dns_ip, it was not properly configuring the node-config.yaml file to use this value, which resulted in a broken DNS configuration. This error is corrected. (BZ#1483387)
- With this bug fix, the metrics deployer template was updated to point at images labeled v3.4, which ensures that the latest builds are deployed. (BZ#1484398)
All OpenShift Container Platform users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:
# yum update atomic-openshift-utils
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:
Affected Products
- Red Hat OpenShift Container Platform 3.6 x86_64
- Red Hat OpenShift Container Platform 3.5 x86_64
- Red Hat OpenShift Container Platform 3.4 x86_64
- Red Hat OpenShift Container Platform 3.3 x86_64
Fixes
- BZ - 1449911 - [3.6] Master configuration not persistent after running scaleup playbook
- BZ - 1460353 - [3.6] Quick Installer should specify which config file to edit
- BZ - 1463081 - [3.6] Running logging deployer with openshift_logging_es_pvc_dynamic=false still creates a dynamic pvc
- BZ - 1466783 - [3.6] NO_PROXY of etcd IPs need to be configured in master-controllers
- BZ - 1467252 - [3.6] haproxy lb containerized install failed due to 'openshift_image_tag' is undefined
- BZ - 1474246 - [3.6] Installer doesn't always use absolute path for excluders
- BZ - 1474339 - [3.5] Installer doesn't always use absolute path for excluders
- BZ - 1474341 - [3.4] Installer doesn't always use absolute path for excluders
- BZ - 1475004 - [3.6] hawkular-metrics route does not properly create the caCertificate
- BZ - 1475351 - [3.6] API server results inconsistent after migration to etcdv3
- BZ - 1475761 - [3.6] Installer failed on logging deployment on the second run
- BZ - 1479165 - [3.6] ansible_service_broker_image_tag should be set to 3.6 by default instead of latest
- BZ - 1479204 - [3.6] The image tag for container-engine should follow OpenShift version instead of hard coded "latest"
- BZ - 1480438 - [3.6] Installer fails due to missing /etc/origin/node/resolv.conf
- BZ - 1480606 - New .NET Core 2.0 imagestreams/templates for OpenShift Container Platform
- BZ - 1481721 - [3.6] Post Install the health_check Playbook Throws Errors on Incorrect openvswitch Version
- BZ - 1483387 - [3.6] Installation by openshift-ansible failed at task openshift_node_dnsmasq : Install dnsmasq configuration
- BZ - 1484398 - [3.4] Metrics and Logging deployer templates should use v3.x
- BZ - 1484403 - [3.3] Metrics and Logging deployer templates should use v3.x
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.6
SRPM | |
---|---|
openshift-ansible-3.6.173.0.21-2.git.0.44a4038.el7.src.rpm | SHA-256: 910c5cbdd59f8e4c9e361e7c787ff5b9ecee03c39d756318b626605639dcd210 |
x86_64 | |
atomic-openshift-utils-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: d4bcf18c2a35e73c46c898cddce799ca5cfcd13190e25ca9cd8e731a55a6a683 |
openshift-ansible-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: a0bf8f39c7ec19be4ac6ddf93510494a0de5a14136cadee008ff24688583b0ac |
openshift-ansible-callback-plugins-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: 4a155f0f14095ac5cbbbb3865f9741895f0eb06e2ec3e49643af4d1f255ba454 |
openshift-ansible-docs-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: fde24bf33a6b0ac398f839def31b13b64bc2ee958c9057069ed699dbc3e2fabd |
openshift-ansible-filter-plugins-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: dbef8082fc29b0036cfbd6f110a2d76636249c5a8f88862c29666c27dff7dc49 |
openshift-ansible-lookup-plugins-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: 63e7f39dea9c17849a856fef3ae9f5f624ff2d1c076d0d9baca254b047055cfb |
openshift-ansible-playbooks-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: dae6c5ad9f72d1541aab81ac8a987e00fde379d6b37ad0f77589111a321e50a8 |
openshift-ansible-roles-3.6.173.0.21-2.git.0.44a4038.el7.noarch.rpm | SHA-256: 958debfa7d677a8e37ecb8623baf557a6115417b0b168c368e71d6e13d7185ca |
Red Hat OpenShift Container Platform 3.5
SRPM | |
---|---|
openshift-ansible-3.5.120-1.git.0.c60f69a.el7.src.rpm | SHA-256: 9b25b7deb2f13ac0913a45c29397dc3c7bd011a013f4330d6e0d990e8b2783a2 |
x86_64 | |
atomic-openshift-utils-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: c28c4ffa92d1fa6210da39981f34f3e3b8a27bbcc0977a6d3702e70dfc01b6ee |
openshift-ansible-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: aba4938d4cd90c21849c8e63a70acb9e63b40086c0a467efa1e5846dd7ae30a7 |
openshift-ansible-callback-plugins-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: e2ae18d344b025e6334d3e9119a3f9951ac2a2aea7044f51439c0efce339ee7e |
openshift-ansible-docs-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: b0c114001bb510a3d3abad43f89d6d22746a9d201ef964401d77f335b8869571 |
openshift-ansible-filter-plugins-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: c136a8ba448198774cf3336409afa616364551c58d8df26f7aaac667a8c48fda |
openshift-ansible-lookup-plugins-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: 6763230bc4547581095fc7c8fad08718cdc53bfebb3f7ad7fb4e5765ec6e55b6 |
openshift-ansible-playbooks-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: ec36bef0b89b8d1dcf69d6a4e97c07f1712e65bfa016c48f830ee367cbdeb33f |
openshift-ansible-roles-3.5.120-1.git.0.c60f69a.el7.noarch.rpm | SHA-256: 8d723aac1988910c64244cd1d899700a7332b00026a9b2e5ce61501d786f7fb5 |
Red Hat OpenShift Container Platform 3.4
SRPM | |
---|---|
openshift-ansible-3.4.131-1.git.0.50210f9.el7.src.rpm | SHA-256: af4000f4e79d8a6640d0bf736d5c95aea2b8e3dcf1ca2fbfd0563bbb25e29b3e |
x86_64 | |
atomic-openshift-utils-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: 0db21f42627cf20aa9f572dc17d6a45d4833f4718639acd7b19f53b1049bb90d |
openshift-ansible-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: aa5ae4f919db6b0e2798818446224988bf8034003173d3f7c15b942f11d0bda3 |
openshift-ansible-callback-plugins-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: 20f5468a510ef322531d3a2b57c7d581043ca834f340922dce9ee3a4907c19af |
openshift-ansible-docs-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: efc6327bc5611237e1d83c8539683659aec53390df38e41dc433e13f93b1f63a |
openshift-ansible-filter-plugins-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: 8f8041c4a5207661519e52412a953b8404817eba1a7a7e23f94bc91b1e6ed886 |
openshift-ansible-lookup-plugins-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: 14bad2fe0e5bc6e299a5f8ba808cbdeffdbc75c09649637247e4fe90a867bb0e |
openshift-ansible-playbooks-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: 02a855ebffad9ee42a078f9ca049adc415e0012c8048b68138ec6c4834853dc0 |
openshift-ansible-roles-3.4.131-1.git.0.50210f9.el7.noarch.rpm | SHA-256: 13a15aa7e750caf6e5010f0a2e3fbb188e8f0f06f7fba8c39084cfa86121a667 |
Red Hat OpenShift Container Platform 3.3
SRPM | |
---|---|
openshift-ansible-3.3.119-1.git.0.2872586.el7.src.rpm | SHA-256: 21d6b8a7f9f878ad0e37e651b42ddeee8f86db5de5043fed24f6e9060f4c29d5 |
x86_64 | |
atomic-openshift-utils-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: a1bd6c3a462f936b4474b0fadcdbca1521f7fb1ea0ec1be83304059515d5df71 |
openshift-ansible-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: 81f32bc9dc8e612f33f2630766546e8acb8c757df465270f074e0bbb3ff5d001 |
openshift-ansible-callback-plugins-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: 03087384fd617f1a7ec8789e149e5edaadc9a2c108b5ca8651755dbbdc9ebf3a |
openshift-ansible-docs-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: 5c1e0412fd4878ddfc44ea11a248cea1f0f5afa3460ad76c2c8d592144f67f91 |
openshift-ansible-filter-plugins-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: 539d6892e60b7824d1818a55f292bdf3dec3273c9479d1a09c815ec46d4dba77 |
openshift-ansible-lookup-plugins-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: b5ca8341645428d0715ea69ec98f76a485b4ed94dfdd3a43621570c6bfb4ab5f |
openshift-ansible-playbooks-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: f5e54d51956a74fd86e35c8eab420d96663136f0c025ea4ea139e43f4f2ab437 |
openshift-ansible-roles-3.3.119-1.git.0.2872586.el7.noarch.rpm | SHA-256: ca921c1b3747549f16a0f5636816550c42cf9d10b61469195487c08451134ae4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.