Synopsis

OpenShift Container Platform 3.5 and 3.4 bug fix update

Type/Severity

Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform releases 3.5.5.31.24 and 3.4.1.44.17 are now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.5.5.31.24 and 3.4.1.44.17. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2017:2643

This update fixes the following bugs:

• The iptables proxy was not properly locking its use of iptables. Therefore, the iptables proxy could conflict with docker and the openshift-node process and cause a failure to start containers. With this bug fix, the iptables proxy now locks its use of iptables. Pod creation failures due to improper locking of iptables no longer occur. (BZ#1481782, BZ#1484133)
  
• There were differences in the representation of the image object between internal and versioned, specifically the docker image metadata field. This prevented the ability to `oc edit` an image. ImageStreamTag only allows editing annotations, but that works only with the `oc annotate` or `oc patch` commands, which specifically say what is edited. When `oc edit` is being invoked, it has issues with the internal image object of an ImageStreamTag due to differences between internal and external representations of this object. This approach allows setting patchStrategy on struct objects, so they can be ignored, then deleted. With this bug fix, you can now `oc edit` an image without issue. (BZ#1482498)
  

All OpenShift Container Platform 3.5 and 3.4 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 3.5, see the following documentation, which will be updated shortly for release 3.5.5.31.24, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html

For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.44.17, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

• Red Hat OpenShift Container Platform 3.5 x86_64
• Red Hat OpenShift Container Platform 3.4 x86_64

Fixes

• BZ - 1479934 - Kibana nodejs runtime is not the same as the version distributed by Elastic
• BZ - 1481782 - 3.5 check for and use new iptables-restore 'wait' argument
• BZ - 1482226 - Kibana nodejs runtime is not the same as the version distributed by Elastic
• BZ - 1482498 - Unable to edit image
• BZ - 1484133 - 3.4 check for and use new iptables-restore 'wait' argument

CVEs

(none)

References

(none)

Red Hat OpenShift Container Platform 3.5

SRPM
atomic-openshift-3.5.5.31.24-1.git.0.ff74e0b.el7.src.rpm	SHA-256: d9e97927e4666a609fce843d1457c0464547834a8cce3754ca58b9be0fea0c63
kibana-4.6.4-3.el7.src.rpm	SHA-256: e25728de3859311efbc7a3d1a2f07979fcab830f680756ac4b8f468ed0f1a2a5
x86_64
atomic-openshift-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: 866ea3b7559eb1e289af4ae1eeb735b154076a237858363152840801a99dd86a
atomic-openshift-clients-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: 52ae227cb67729d8cd35e248d2a89ab4a78b0ce8a3e52c3d7578865daf36dc4b
atomic-openshift-clients-redistributable-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: 7226e494372955e9ef76e2e07d304538f14376989d123e31ea2bf1dedb4bd821
atomic-openshift-docker-excluder-3.5.5.31.24-1.git.0.ff74e0b.el7.noarch.rpm	SHA-256: 9cc3e476df76b0a914c8e4ca2e163c74255c194deaf4bda6385d491472f92b30
atomic-openshift-dockerregistry-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: 51f48ec84336e4e13261f8a53b5bc1857f26b7dce834786c903890b1a187e3da
atomic-openshift-excluder-3.5.5.31.24-1.git.0.ff74e0b.el7.noarch.rpm	SHA-256: 242acf3ea9e4b938c28584b63cffa8316dfe440952b7d33f12d919d4dd88c3aa
atomic-openshift-master-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: ef5a4f65f1c9cf0777f6ca99e448240ec7d91f0390b4324ca811406af0525923
atomic-openshift-node-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: fea0a252b806fa93a3bfc8a99fa95481abf381c1d4c58235a8b867acb8e4df96
atomic-openshift-pod-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: 7185bc94b7e112b838f4ba2d7edf09ca4b63c617609ed41be225138261f7b198
atomic-openshift-sdn-ovs-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: df44d1604b70374329ca06043ec6e6548f7faa1f62be8f94e315cf8491652c18
atomic-openshift-tests-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: fd6e2a07b947b04ff137fa9da7cb81e2be4914ce14520018f59bda7844a53b22
kibana-4.6.4-3.el7.x86_64.rpm	SHA-256: 8c08070fe6b7459daf4860fc7c08a65edd4f3f6666b666a1f58a4ca76d773d4b
kibana-debuginfo-4.6.4-3.el7.x86_64.rpm	SHA-256: 41a1a797a355d9d211747c6260fffcd1f6e831c81492b3868ee0189d24b62b3f
tuned-profiles-atomic-openshift-node-3.5.5.31.24-1.git.0.ff74e0b.el7.x86_64.rpm	SHA-256: 1d464dfbd2ef36536a4892d63952b220702efd6937a098a02e163f2609e1ea50

Red Hat OpenShift Container Platform 3.4

SRPM
atomic-openshift-3.4.1.44.17-1.git.0.3cb0a40.el7.src.rpm	SHA-256: 1829498f47b9bd4a498fb3a48f47810c9504ffe2fc915dee8275a352892505dd
kibana-4.6.4-3.el7.src.rpm	SHA-256: e25728de3859311efbc7a3d1a2f07979fcab830f680756ac4b8f468ed0f1a2a5
x86_64
atomic-openshift-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: a994038bdd86be44b34af8a6487376725f43ddedbd551c340660170148cc00fc
atomic-openshift-clients-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: dd7949b7bc7f4d4b77ede44b0394ab63de1a8c6b37c405081a00de8eb980fc96
atomic-openshift-clients-redistributable-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: fdbf0f251d50e9e4c7b8ec07a431ed59160ef4a321477461cdedce35f893037a
atomic-openshift-docker-excluder-3.4.1.44.17-1.git.0.3cb0a40.el7.noarch.rpm	SHA-256: f9e0071a9391421c01be2f3440da2576c029ae468cf06660924ea3a9352a73c6
atomic-openshift-dockerregistry-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: c57e286722fdade76268f22db2f752f056f79a9dd0f7bbc00fb4ae0813db0bc5
atomic-openshift-excluder-3.4.1.44.17-1.git.0.3cb0a40.el7.noarch.rpm	SHA-256: 7040e88e2cfbf47deb2aee57225a8f922dd3142090a8d1f5781d30dc5f6d3960
atomic-openshift-master-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: 015af6c13f8fca4c1a1dc07270b653e13b34fb86d695d2cfa2bdc3dd7b06489c
atomic-openshift-node-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: ba4ec4867fccf7fb6fc35cde57e927fd08a1b3fce45ecc56b6fd466a094c5d5e
atomic-openshift-pod-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: 1a8cee25cf52f69ab6169c2a25a700930d756169038e298efeef52a4eee47eb0
atomic-openshift-sdn-ovs-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: c74afc54a7519cd2ac1e84e147edd34e26c36e6e027712ecb1b099ced0391e06
atomic-openshift-tests-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: 11e1ab164e8a75c9edb34b49df3a38429a5e300cb24cdee6e12ee33e684d5fe8
kibana-4.6.4-3.el7.x86_64.rpm	SHA-256: 8c08070fe6b7459daf4860fc7c08a65edd4f3f6666b666a1f58a4ca76d773d4b
kibana-debuginfo-4.6.4-3.el7.x86_64.rpm	SHA-256: 41a1a797a355d9d211747c6260fffcd1f6e831c81492b3868ee0189d24b62b3f
tuned-profiles-atomic-openshift-node-3.4.1.44.17-1.git.0.3cb0a40.el7.x86_64.rpm	SHA-256: fc02f19e8143005ad69789a5b9dabec9a98914d8088a33d15009775dc4424bf2