- Issued:
- 2017-09-08
- Updated:
- 2017-09-08
RHBA-2017:2642 - Bug Fix Advisory
Synopsis
OpenShift Container Platform 3.6.1 bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat OpenShift Container Platform releases 3.6.1 are now available with updates to packages and images that fix several bugs and add various enhancements.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHEA-2017:2644
This update fixes the following bugs:
- When the atomic-openshift-node service got restarted, all processes in its control group are terminated, including the glusterfs-mounted points. Each glusterfs volume in OpenShift corresponds to one mounted point. If all mounting points are lost, so are all of the volumes. Set the control group mode to terminate only the main process and leave the remaining glusterfs mounting points untouched. When the atomic-openshift-node service is restarted, no glusterfs mounting point is terminated.
(BZ#1423640)
- A route can front up to four services that handle the requests. The load balancing strategy governs which endpoint gets each request. When round-robin is chosen, the portion of the requests that each
service handles is governed by the weight assigned to the service. Each endpoint in the service gets a fraction of the service's requests. (BZ#1473736)
- When fluentd was reading from the journald and the output buffer queue wass full, the fluentd log was filled up with KubeClient messages. This is a bug in the fluentd filter_kubernetes_metadata plug-in. Ignore fluentd log messages from Kubeclient::Common::WatchNotice. (BZ#1476731)
- Previously, the Copy Service Labels link in the Create Route form did not correctly copy the labels from the service to the new route. It has been fixed to copy the selected service's labels.
(BZ#1477933)
- Permissions on directories injected as a build input via the image source input mechanism have user-only access permissions. Therefore, the resulting application image cannot access the content when run as a random user ID. With this bug fix, the directories will be injected with group permissions, which will allow the user access to the container. (BZ#1479130)
- Kibana nodejs runtime was not the same as the version distributed by Elastic. With this bug fix, the versioning is updated. (BZ#1479928)
- Previously, the ScaleIO volume plug-in was missing in OpenShift Container Platform. With this bug fix, it is now fully enabled. (BZ#1482273)
- Namespaces that use reserved names and were not created by infrastructure components should be blocked, as they will cause the upgrade to fail. (BZ#1484958)
This update includes the following enhancement:
- There is now the ability to set reference policy with `oc import-image`. Set reference policy using the `--reference-policy` flag when invoking `oc import-image`. When importing all tags (using the `--all` flag), all tags will get passed to reference policy, including overwriting the already present one. (BZ#1420976)
All OpenShift Container Platform 3.6 users are advised to upgrade to these updated packages and images.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For OpenShift Container Platform 3.5, see the following documentation, which will be updated shortly for release 3.5.5.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html
For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.44, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.6 x86_64
Fixes
- BZ - 1420976 - - [platformmanagement_public_852]RreferencePolicy: Source/Local options parameters should be added to 'oc import-image' also
- BZ - 1423640 - Restart of atomic-openshift-node service terminates pod glusterfs mount
- BZ - 1473736 - A/B deployment seems to round-robin across all pods in multiple services, instead of proportional routing to services
- BZ - 1476731 - fluentd log is filled up with KubeClient messages when using journal and output queue is full
- BZ - 1477223 - Ordinary user can not view their newly created pods' metrics within their project in web console, at the same time, their old pods' metrics data is still visible
- BZ - 1477933 - Copy Service Labels on route creating page does not work
- BZ - 1479130 - Directory permissions are incorrect when using Image Source input
- BZ - 1479928 - Kibana nodejs runtime is not the same as the version distributed by Elastic
- BZ - 1481251 - [3.6] Regression or change in how kubelet pull credentials are defined?
- BZ - 1482273 - Missing scaleio volume plugin in openshift
- BZ - 1484958 - namespaces that use reserved names and were not created by infrastructure components should be blocked
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat OpenShift Container Platform 3.6
| SRPM | |
|---|---|
| atomic-openshift-3.6.173.0.21-1.git.0.f95b0e7.el7.src.rpm | SHA-256: 4ed928534b0f0946035d48d11d0d591b127dd6a2686cf14ee3f1987849919d6b |
| fluentd-0.12.39-2.el7.src.rpm | SHA-256: 00767bd3a2fe9c2b2b50091b47170f595b0587fc25ed48040b90c10d542bdac0 |
| jenkins-2-plugins-3.7.1502412812-1.el7.src.rpm | SHA-256: a497044614dc4fb679bef07badd45b14a54327fbbb1f04f65d89e582bab4a6e4 |
| kibana-4.6.4-3.el7.src.rpm | SHA-256: e25728de3859311efbc7a3d1a2f07979fcab830f680756ac4b8f468ed0f1a2a5 |
| rubygem-cool.io-1.5.1-1.el7.src.rpm | SHA-256: 80c4850d381cd5e3a8a4c3a798810bf1c6d1201ac290e28f4aa42d5ea48742f0 |
| rubygem-excon-0.58.0-1.el7.src.rpm | SHA-256: 63428f95cf0f9bb39ba056ea2fd0fcfbff866326265837e60de1b871312d93c5 |
| rubygem-faraday-0.13.0-1.el7.src.rpm | SHA-256: 433198f24de59cfb612dd2159851a1c73ca6d451ca6d37a553f82b7d0bd15cb5 |
| rubygem-fluent-plugin-kubernetes_metadata_filter-0.29.0-1.el7.src.rpm | SHA-256: 886f8bbb20781435750df8052839dd96f57d68efd3a129fa05c1621ac32a5069 |
| rubygem-fluent-plugin-viaq_data_model-0.0.5-1.el7.src.rpm | SHA-256: eb262472cc353db83b93f470e80cccbd3e0f8bcdaaa1a43abd7dabac84870138 |
| rubygem-i18n-0.8.6-1.el7.src.rpm | SHA-256: 40784e1f25cb39521f75a31c131cde2f767a0d7a6ee96ab762adb0e1b23f68a9 |
| rubygem-systemd-journal-1.3.0-1.el7.src.rpm | SHA-256: 9789eee1754ad68324cbef95473522c1153b468fe0f3ba761752466fa705a9ef |
| x86_64 | |
| atomic-openshift-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 2343edeb8b6ffcc97d80a57fa9b769ddaee14ec938de945a6a8cbb01137e8e8d |
| atomic-openshift-clients-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: ce109bf14d2fb1348c50bd9a587e4582504d398665d5812f5ad239e07295ad60 |
| atomic-openshift-clients-redistributable-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: ec3665c3ca73c874b26631bb412e0f0294ffe5ff583baa1aed5897c79091a6c8 |
| atomic-openshift-cluster-capacity-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: bd613e4fc86d412dd7584e534683cf2504925ef111915021b9504eaf877c3808 |
| atomic-openshift-docker-excluder-3.6.173.0.21-1.git.0.f95b0e7.el7.noarch.rpm | SHA-256: 5b6916115483b41cd2233ceb19798f9de8b3ed9209120080a756ad429ebc3636 |
| atomic-openshift-dockerregistry-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: f67fb4814cf2a0e197c60656c9c0e927d553382861ac85d606b677b30378df1a |
| atomic-openshift-excluder-3.6.173.0.21-1.git.0.f95b0e7.el7.noarch.rpm | SHA-256: 895d82eb00d37beeb5c7f4c9eb0828e104626dbc977e71c7d3a97122ab485798 |
| atomic-openshift-federation-services-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: c0c56ffd3dd4d11d0c5ada609054e39c3b972bb336c7d8c1cb9f4732501e150c |
| atomic-openshift-master-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 5d2acb6eaf9f80bcce9a94ad6e2eb03137175c1ab7e9b110d0b3f95d784769f4 |
| atomic-openshift-node-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 6d65015dd37477eee762441b6e251174cb9b0f43c8f87be3ce9fce34663628c3 |
| atomic-openshift-pod-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 8bad2ff969b9f60617e78d5b0931cfe665f9818374b7adadfcb9aba7809d19d5 |
| atomic-openshift-sdn-ovs-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 4ce35093482417929605e9c75b559c57c272bb2fbf1faf338496fe65610149b2 |
| atomic-openshift-service-catalog-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 61b5538e620f84c77f66db73bdf03d5bba1cfd77487ee27f31bb2b806edc931a |
| atomic-openshift-tests-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 2801876a62b938bd2fa129b4f18cfca54188cb763c9ea273e7603fff048a2517 |
| fluentd-0.12.39-2.el7.noarch.rpm | SHA-256: 94e6853a11be28c07e5897f4d9703271fa4610799b39900e15df8b61902c97e7 |
| fluentd-doc-0.12.39-2.el7.noarch.rpm | SHA-256: f9685024e83f88e0ac7021271259234105bf256809530ce51ede6e19ebebee3a |
| kibana-4.6.4-3.el7.x86_64.rpm | SHA-256: 8c08070fe6b7459daf4860fc7c08a65edd4f3f6666b666a1f58a4ca76d773d4b |
| kibana-debuginfo-4.6.4-3.el7.x86_64.rpm | SHA-256: 41a1a797a355d9d211747c6260fffcd1f6e831c81492b3868ee0189d24b62b3f |
| rubygem-cool.io-1.5.1-1.el7.x86_64.rpm | SHA-256: 5ebd38ffc86c456c51ce1534fee8d18152da24152a96e6305d10b5dd59e48874 |
| rubygem-cool.io-debuginfo-1.5.1-1.el7.x86_64.rpm | SHA-256: 5d76b2337eb8b03d6ce77fbe5d84389d9cac3dcad1126c81526cedc4262f26d6 |
| rubygem-cool.io-doc-1.5.1-1.el7.noarch.rpm | SHA-256: 8c9628a7c5d0df5e39caa63feb68eff989ed82b030a5f5e1ce9e8d6bb22fde88 |
| rubygem-excon-0.58.0-1.el7.noarch.rpm | SHA-256: 13e137eb10bfb5315a3d272ec851125fe502380e3b0339ef754c94dc19888e40 |
| rubygem-excon-doc-0.58.0-1.el7.noarch.rpm | SHA-256: 57412d8460409372e1ad54e97933cfa1777df4293a38fac83d3fc3deaea767d6 |
| rubygem-faraday-0.13.0-1.el7.noarch.rpm | SHA-256: 793d53a7894deb1a29048e739cca9f1baf0b751f622d06f4c92fbb5d0d38dc2c |
| rubygem-faraday-doc-0.13.0-1.el7.noarch.rpm | SHA-256: 332336fdaf5a538c043f9bb1c0bbe0212aa922b9f6d0d8e59f51d96e6654ebec |
| rubygem-fluent-plugin-kubernetes_metadata_filter-0.29.0-1.el7.noarch.rpm | SHA-256: 930952f07c0c7108d7c9f04712a27ab817b7a359f36331c215a4ee7e963c83db |
| rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0.29.0-1.el7.noarch.rpm | SHA-256: c60d04a4a3374465281c3b5cb6a7cbf1b6ca487b616391ceca46a1c467e4362d |
| rubygem-fluent-plugin-viaq_data_model-0.0.5-1.el7.noarch.rpm | SHA-256: f43cb9d747ee1b7a1191381f70fc8a090010688e3902441f77de35d10454de3e |
| rubygem-fluent-plugin-viaq_data_model-doc-0.0.5-1.el7.noarch.rpm | SHA-256: 4c518b89b31601a125a415c87d9a5f16eeefd20919ce1f6134e6798d9d02d847 |
| rubygem-i18n-0.8.6-1.el7.noarch.rpm | SHA-256: 07e90d56705e47009688dd0470cab06756227b7396187c26d6c3cc7be734c15b |
| rubygem-i18n-doc-0.8.6-1.el7.noarch.rpm | SHA-256: 824d425881c989a749a44d142cfc810d048edebabc2901e80dcb874775020745 |
| rubygem-systemd-journal-1.3.0-1.el7.noarch.rpm | SHA-256: 7168882610d840c80dfb9a978299a354d57d2cd26844ef85b0143e7f039eb0f8 |
| rubygem-systemd-journal-doc-1.3.0-1.el7.noarch.rpm | SHA-256: caca6df412c6455967b322977d393707e09c643bb21f8248aea290e31d9f2728 |
| tuned-profiles-atomic-openshift-node-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64.rpm | SHA-256: 0c233037c22eebd8346ed5d53af61cc0e1c46255880301f067cfac8bdfd79467 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
