RHBA-2017:3255 - Bug Fix Advisory

Topic

Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs and add enhancements are now available for OpenShift Container Platform 3.6 and 3.5.

Description

Red Hat OpenShift Container Platform (OCP) is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.

This update fixes the following bugs:

Installer component:

• With this bug fix, the `imagePullPolicy` for logging and metrics images is now set to `IfNotPresent` rather than `Always`, which prevents unnecessary image pulls. (BZ#1452939)
• Previously multiple router shards would not upload certificates properly for each corresponding shard. Now, the shards certificates are properly uploaded for each router. (BZ#1511404)

Logging component:

• The logging role of `openshift-installer` did not consider the replica count from the gathered facts when re-installing causing the replica counts to be set to the role defaults. Now, the `openshift-installer` evaluates and reapplies the value from the facts, preserving the counts. (BZ#1489498)
• Elasticsearch had a timing issue trying to seed its ACL index. This caused Elasticsearch to have difficulty starting and did not allow traffic because the ACLs were not properly seeded. This bux fix uses the `DC_NAME` instead of the pod name, resulting in SearchGuard more reliably allowing traffic to flow because ACLs are seeded. (BZ#1493820)

Upgrade component:

• With this bug fix, `openshift_install_examples` is now recognized during installation and upgrades, allowing administrators to choose to manage image streams and templates on their own. (BZ#1506578)
• Previously, a host was unreachable during fact gathering and failed. Later when the task ran and stepped through each host to map hostnames, the failed host did not have any facts defined causing that task to fail. With this bug fix, hosts are reachable and the task succeeds. (BZ#1499254)
• The default value for `etcd_quota_backend_bytes` was not available for `etcd_upgrade` role, causing an undefined variable error when running the `etcd_upgrade` role. This bug fix moved the `etcd_quota_backend_bytes` default from the `etcd` role to the `etcd_common` role, resulting in the `etcd_quota_backend_bytes` default variable being available for both `etcd` and `etcd_upgrade` roles. (BZ#1507934)

In addition, this update adds the following enhancements:

• With this bug fix, the `docker_image_availability` check now passes authentication credentials when checking for image availability. (BZ#1500698)
• With this bug fix, the upgrade playbooks were updated to pass authentication credentials when pulling requisite images from an authenticated registry. (BZ#1506896)

All OpenShift Container Platform users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:

# yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Container Platform 3.6 x86_64
• Red Hat OpenShift Container Platform 3.5 x86_64

Fixes

• BZ - 1452939 - [3.5] Should use "imagePullPolicy: IfNotPresent" instead of "imagePullPolicy: Always" in logging and metrics deployer images
• BZ - 1483787 - Unable to deploy service catalog as part of advanced installation
• BZ - 1489498 - [3.5] Upgrade of 3.4 to 3.5 does not preserve replica count settings for Elasticsearch indices
• BZ - 1491636 - [3.6] openshift_logging_es_ops_nodeselector didn't take affect
• BZ - 1493820 - [3.5] Elastic search pod fails start and gives error "ERR: Timed out while waiting for a green or yellow cluster state."
• BZ - 1499254 - [3.6] Unable to update nodes to 3.6 - 'dict object' has no attribute 'openshift'
• BZ - 1500698 - [3.6] docker_image_availability check failed when running testing against an authenticated registry
• BZ - 1501599 - [3.6] Exempt the logging project from cluster-wide over-commit resource restrictions
• BZ - 1506578 - [3.6] openshift_install_examples not respected in upgrades
• BZ - 1506896 - [3.6]Fail to upgrade when use an authenticated registry
• BZ - 1507934 - [3.6] etcd_quota_backend_bytes undefined during etcd upgrade
• BZ - 1511404 - [3.6] customized router certificate files defined in openshift_hosted_routers are not uploaded to master

CVEs

(none)

References

(none)