- Issued:
- 2019-04-09
- Updated:
- 2019-04-09
RHBA-2019:0619 - Bug Fix Advisory
Synopsis
OpenShift Container Platform 3.9 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat OpenShift Container Platform release 3.9.74 is now available with
updates to packages and images that fix several bugs.
Description
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.9.74. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:0618
This update fixes the following bugs:
- Passing the `--incremental` argument when running a non-docker strategy build was not checked for validity. As a result, a null pointer error can occur attempting to process the invalid argument. Now, the arguments are checked to ensure they are applicable. An error is now returned to the user instead of a null pointer condition. (BZ#1541911)
- The SSL and TLS service uses Diffie-Hellman groups with insufficient strength (a key size less than 2048 bytes). As a result, the keys are more vulnerable. Now, the key strength has been increased and certificates are more secure. (BZ#1679841)
- The files that implemented log rotation functionality were not copied to the correct `fluentd` directory. As a result, logs were not rotated. Now, the container build inspects the `fluentd` gem to find out where to install the files. The files that implement log rotation are copied to the correct directory for `fluentd` usage. (BZ#1684048)
- When a cluster was installed, the user name in the loopback kubeconfig is the same as the host name of the master. Now, the variable in the playbook is changed to a different value. (BZ#1686587)
- Using `MERGE_JSON_LOG=true` would create fields in the record that would cause syntax violations or create too many fields in `Elasticsearch`, causing severe performance problems. Now, users who experience these problems can tune `fluentd` to accommodate their log record fields without errors or `Elasticsearch` performance degradation. (BZ#1686947)
All OpenShift Container Platform 3.9 users are advised to upgrade to these
updated packages.
Solution
Before applying this update, ensure all previously released errata relevant to your system are applied.
See the following documentation, which will be updated shortly for release 3.9.74, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.9 x86_64
Fixes
- BZ - 1405961 - Completion has some problems with multiple flags
- BZ - 1500633 - The 'Examples:' should be updated for `oc auth can-i -h`
- BZ - 1541911 - Unclear warning if set --incremental for docker build
- BZ - 1589252 - upgrade_control_plane.yml playbook - not able to run commands against master api during upgrade
- BZ - 1591158 - [3.9][crio] Event process failure error appears in atomic-openshift-node log
- BZ - 1601874 - While creating, deleting pvs in loop and running gluster volume heal in gluster pods 2 of the 4 gluster pods are in 0/1 state
- BZ - 1655404 - Unavailable metrics for pods since 3.9 upgrade
- BZ - 1657668 - Persistent volume HostPath type check failed for character device
- BZ - 1669965 - [3.9]FC volume in used by a node is not updated or appears twice in VolumeInUse
- BZ - 1672847 - While deploying logging in openshift cluster we are getting error while elasticsearch is initiating
- BZ - 1679841 - Diffie-Hellman keysize < 2048 in logging-es
- BZ - 1684048 - Newly introduced log-rotation in fluentd not working
- BZ - 1684332 - logging-es using cryptographically weak hashing algorithm.
- BZ - 1686587 - Task set_loopback_context.yml sets context.user to the wrong name for openshift-master.kubeconfig
- BZ - 1689149 - Aggregated Logging installation does not add secret to serviceaccount
CVEs
References
(none)
Red Hat OpenShift Container Platform 3.9
SRPM | |
---|---|
ansible-service-broker-1.1.20-1.el7.src.rpm | SHA-256: 68c5e6b1034875501fac880bfe02156a6459cf5bbdf6bb39e5fd858dce58d91f |
atomic-openshift-3.9.74-1.git.0.78e56ea.el7.src.rpm | SHA-256: 7975909acdc8f50f256f520f7dcf187491a7184ef1ec2148fd689e3ae2ecc5e4 |
atomic-openshift-web-console-3.9.74-1.git.50.93129da.el7.src.rpm | SHA-256: 642934fe8ce7cc49408627dcf4e3d2f93357cd49ef83b61b6f20f13127149f9a |
cri-o-1.9.16-1.git78b2041.el7.src.rpm | SHA-256: 372dbcac5eacf391781f0d66941794b645fa11ebc5546850efc0337308a79485 |
golang-github-prometheus-node_exporter-3.9.74-1.git.0.2ab615c.el7.src.rpm | SHA-256: 25f75da95fb449d1c284e8b2951dcab592eb553a6a3cb2fd65277ef7ff36ae89 |
openshift-ansible-3.9.74-1.git.0.70a0a63.el7.src.rpm | SHA-256: 4e8747511d05f1dd7723bab80a692559f19c9ebb6b136794306c814e9a294371 |
x86_64 | |
ansible-service-broker-1.1.20-1.el7.x86_64.rpm | SHA-256: 632487ebf55241f2fd2485376f01ec5f79054cdbfaa5c7839e8e7d5c0a2228e6 |
ansible-service-broker-container-scripts-1.1.20-1.el7.noarch.rpm | SHA-256: b21a7e7e632750c11f73e2c3d6ddf86751c715bfe0e9d5723eb4060ab17cb325 |
ansible-service-broker-selinux-1.1.20-1.el7.noarch.rpm | SHA-256: b99c6b47f000e8ad01fe7d6c4847d9042a0efd5d0730f47420daf1ff3f840956 |
atomic-openshift-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 2845c23e5580eacd76fe0e1d4969e048dddfa5e7f52bb9f1b0caa10ea997a741 |
atomic-openshift-clients-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 7f511534baa4758543685257c0c6a6a9977f17e967c0fd071e5d06c7fde7e192 |
atomic-openshift-clients-redistributable-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: fe08fb2ff8416d0b3525ddbce3dda994a91ae42fe0461352c833607a4f7de8e7 |
atomic-openshift-cluster-capacity-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 896dbca74d80d817de9d656d46b5d5dad02bd07cc16fe6cb42c0f31e675f3daf |
atomic-openshift-docker-excluder-3.9.74-1.git.0.78e56ea.el7.noarch.rpm | SHA-256: e68d057a7626554f6c382251acb45cab0b002ebcdb37f5cafce6128ebff83303 |
atomic-openshift-dockerregistry-3.9.74-1.git.0.b102e93.el7.x86_64.rpm | SHA-256: e40daba3f1bdc9a31ac5cc809a826f709fe9628c6b0cb63693cac4c6173b64c0 |
atomic-openshift-excluder-3.9.74-1.git.0.78e56ea.el7.noarch.rpm | SHA-256: c478db06a867ff713c78e0d34782f2ea50e2529f80afe1083e372b2b141f22a1 |
atomic-openshift-federation-services-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: e2a11b699ec434f4d51febbcd402ec72aaad928dcadf9b76b35715748a573b98 |
atomic-openshift-master-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: f8ba1002713c15ce6f4bab8213c9d6023617f91c52e2c78d0ee7d41ae14b78da |
atomic-openshift-node-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 09c9b03e94cdc8531daea90fae9bccc25c82af0871ec2e65a0cd8a8cadf53619 |
atomic-openshift-pod-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 7888a6e43ee612a2a96c3f60274a82615abc83dace6aefd80420b8b2ad7d50a7 |
atomic-openshift-sdn-ovs-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: cd8c50c0aec4b317c81a38a7822cf7acdc82095391c988ef76b083d04c6d5a76 |
atomic-openshift-service-catalog-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 0677fe0207023d3f4b3a1d12051682ae303b6a14a0b1672d3d491fbd798772ff |
atomic-openshift-template-service-broker-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 747cc97b45aaedd7d10a7cfa503d9463e9e470fb92d2664f5e6ea30ef7026ef0 |
atomic-openshift-tests-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm | SHA-256: 38b4751628493bac7a53fecba44552a3f5f6d2788317a53f8d0120cb481edb59 |
atomic-openshift-utils-3.9.74-1.git.0.70a0a63.el7.noarch.rpm | SHA-256: 40193e9a46f56d11405160fe9818da9ee5a8a2071faa59ec58723cd847163a76 |
atomic-openshift-web-console-3.9.74-1.git.50.93129da.el7.x86_64.rpm | SHA-256: 6c24ab59a3f33a1c6d6126b9df01bf1b74ac4925c37bb68af03cfff373a0b98c |
cri-o-1.9.16-1.git78b2041.el7.x86_64.rpm | SHA-256: c1fe7aeaf8b92da67ae65f171d481f78fa7b69231989ac9f15f7a9b0d168b484 |
cri-o-debuginfo-1.9.16-1.git78b2041.el7.x86_64.rpm | SHA-256: 293abe021c5952aad26eb015b8bea828a548b8b34758e8337e56e042b3135563 |
openshift-ansible-3.9.74-1.git.0.70a0a63.el7.noarch.rpm | SHA-256: 4c9fb7c0bb5c97e09bdb459e777c7c9d222045579fca8bbac44d2210b48527c6 |
openshift-ansible-docs-3.9.74-1.git.0.70a0a63.el7.noarch.rpm | SHA-256: 891bfbe2c608361e3d14891277f9a19e09fa9f6c57d7ac4568abd190a2eb42de |
openshift-ansible-playbooks-3.9.74-1.git.0.70a0a63.el7.noarch.rpm | SHA-256: 6f37d71b590619edcbae8d8b07a1759f09902a1ad54056d257ad946ab47fec6f |
openshift-ansible-roles-3.9.74-1.git.0.70a0a63.el7.noarch.rpm | SHA-256: 1a4ba4037a1076e76e772317711fd52a586702c617bdd3fa3da016700cd83a47 |
prometheus-node-exporter-3.9.74-1.git.0.2ab615c.el7.x86_64.rpm | SHA-256: 0be2081e6dc61a0f9128f5518862c79828648205a06a48777af53748baf9ead7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.