- Issued:
- 2018-05-07
- Updated:
- 2018-05-07
RHBA-2018:1335 - Bug Fix Advisory
Synopsis
OpenShift Container Platform atomic-openshift-utils bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated atomic-openshift-utils and openshift-ansible packages that fix multiple bugs are now available for OpenShift Container Platform 3.6 and 3.7.
Description
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.
This advisory contains the RPM packages for this release. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:1336
This update fixes the following bugs:
- etcd 3.2.15 is compiled with go 1.9, which tightens certificate security. This caused certificates created without a SAN entry to be treated as invalid in etcd 3.2.15. With this bug fix, certificates are now regenerated during OpenShift Container Platform 3.5 to 3.6 upgrades, ensuring that certificates are compatible with the new etcd. As a result, openshift-ansible now generates valid certificates for etcd 3.2.15. (BZ#1572377)
- etcd 3.2.15 is compiled with go 1.9, which tightens certificate security. This caused certificates created without a SAN entry to be treated as invalid in etcd 3.2.15. With this bug fix, certificates are now regenerated during OpenShift Container Platform 3.6 to 3.7 upgrades, ensuring that certificates are compatible with the new etcd. As a result, openshift-ansible now generates valid certificates for etcd 3.2.15. (BZ#1572763)
All OpenShift Container Platform 3.6 and 3.7 users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:
# yum update atomic-openshift-utils
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:
Affected Products
- Red Hat OpenShift Container Platform 3.7 x86_64
- Red Hat OpenShift Container Platform 3.6 x86_64
Fixes
- BZ - 1567857 - [3.6] Upgrade failed for validate_etcd_conf.yml not found
- BZ - 1572377 - 3.5->3.6 Upgrade fails: Error: client: etcd cluster is unavailable or misconfigured; error #0: x509: certificate is not valid for any names, but wanted to match <hostname>
- BZ - 1572763 - Need to validate etcd server certs have proper SAN prior to upgrading to etcd-3.2.15-2.el7
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.7
| SRPM | |
|---|---|
| openshift-ansible-3.7.44-1.git.9.684c638.el7.src.rpm | SHA-256: fa61d567087c4260ca907cc570bffe19eb5efc800d64ce22e67886c214c8603a |
| x86_64 | |
| atomic-openshift-utils-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: b2c72310df3873adf4cb49e3259e136e1869a55ce7a14a1e5ab6fec37b315c36 |
| openshift-ansible-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: 48aca1fc60a6af4e800f50c9946673d3ced135710b75081adfcc7fbbf9957f1c |
| openshift-ansible-callback-plugins-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: 4119f8e74599e077e5be7187301366be2c18dd93dc8716f90940f03cc8510fb7 |
| openshift-ansible-docs-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: c6561f0b50f082196ce8859b836102b5ae0c655842ebe55e912ed191726a228f |
| openshift-ansible-filter-plugins-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: 3fc4bca75b1835e2ae8e1e353fe630bbf6239eb2be4fd399db1fec976a712231 |
| openshift-ansible-lookup-plugins-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: 6d475b023b5567eeeffe30e3e4043b20f0041036d80befe0d4fdce95b9c06aea |
| openshift-ansible-playbooks-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: af4c906f30e656c638435c1b5e6fdd6886f6cd0f63ea5f0d8413b67a71ea34fd |
| openshift-ansible-roles-3.7.44-1.git.9.684c638.el7.noarch.rpm | SHA-256: 8d2e0c7485defe24eca639bae7c48006fdd58c84f630b9e3fdf518ddfafc4b92 |
Red Hat OpenShift Container Platform 3.6
| SRPM | |
|---|---|
| openshift-ansible-3.6.173.0.113-1.git.13.f3b3b1d.el7.src.rpm | SHA-256: 74f0b34945b0f4067c9603b5135589e70db92120c6084e6f60442c0be1bb9eb1 |
| x86_64 | |
| atomic-openshift-utils-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: cf617f189f83901f28037a83f5beb28701bf3e824cec4cdb186872bae91a650b |
| openshift-ansible-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: ed0b0c1f1734cb6dfea3db4f0b3bc2b593c981884a1cdc0815ea0dad104d1aa4 |
| openshift-ansible-callback-plugins-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: 0f5d4dd5d192b2854707883008a9d836ddbd59266a1bf40521e9fb36ab780c81 |
| openshift-ansible-docs-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: af10ee4227f99bd58ed49e0d495b35be968ebb6880c7a58e1b047408639c35fc |
| openshift-ansible-filter-plugins-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: 0375e332136f5018e534b6f7420e2e7aa40062d7992d2f7f93711bdc5482429f |
| openshift-ansible-lookup-plugins-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: e65440ef31674bc7fa5283d54fcbb975c8f78b864817b00b6567c35ce69183ae |
| openshift-ansible-playbooks-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: 4eb5e742f26ef8b38aaea63dce91e75ef36665615a072ba0d8d7090fcd3be4da |
| openshift-ansible-roles-3.6.173.0.113-1.git.13.f3b3b1d.el7.noarch.rpm | SHA-256: 12c48a9dacc1bb090a42c29dacfa133b6a6a6457567cc0b936df9c4fa863e700 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
