- 发布:
- 2019-04-09
- 已更新:
- 2019-04-09
RHBA-2019:0620 - Bug Fix Advisory
概述
OpenShift Container Platform 3.10 bug fix update
类型/严重性
Bug Fix Advisory
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
标题
Red Hat OpenShift Container Platform release 3.10.127 is now available with
updates to packages and images that fix several bugs.
描述
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.10.127. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:0621
This update fixes the following bugs:
- Playbooks that redeployed master certificates did not update `webconsole` secrets, causing failure to start the `webconsole` after redeployment. Now, `webconsole` secrets are re-created when master certificate playbooks are used and the `webconsole`now works properly. (BZ#1667981)
- The files that implemented log rotation functionality were not copied to the correct `fluentd` directory. As a result, logs were not rotated. Now, the container build inspects the `fluentd` gem to find out where to install the files. The files that implement log rotation are copied to the correct directory for `fluentd` usage. (BZ#1684210)
- The SSL and TLS service uses Diffie-Hellman groups with insufficient strength (a key size less than 2048 bytes). As a result, the keys are more vulnerable. Now, the key strength has been increased and certificates are more secure. (BZ#1686135)
- When a cluster was installed, the user name in the loopback kubeconfig is the same as the host name of the master. Now, the variable in the playbook is changed to a different value. (BZ#1686585)
- Using `MERGE_JSON_LOG=true` would create fields in the record that would cause syntax violations or create too many fields in `Elasticsearch`, causing severe performance problems. Now, users who experience these problems can tune `fluentd` to accommodate their log record fields without errors or `Elasticsearch` performance degradation. (BZ#1686946)
- If an override host name had been set, the sync script generated an error in the sync logs. This has now been resolved and is no longer present in situations where `/etc/sysconfig/KUBELET_HOSTNAME_OVERRIDE` is not present. (BZ#1687803)
- Upgrade playbooks ran several `oc` commands that used resource aliases that may not be immediately available after a restart or other reasons. Now, the `oc` suite of commands uses the fully qualified resource name to avoid potential failure. (BZ#1688452)
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages.
解决方案
Before applying this update, ensure all previously released errata relevant to your system are applied.
See the following documentation, which will be updated shortly for release 3.10.127, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
受影响的产品
- Red Hat OpenShift Container Platform 3.10 x86_64
- Red Hat OpenShift Container Platform for Power 3.10 ppc64le
修复
- BZ - 1538488 - When token expired and command uses short name type, it prompts server doesn't have a resource type
- BZ - 1554624 - should not hard code scalable objects in 'oc status'
- BZ - 1572493 - openshift_logging_namespace default value should be openshift-logging in openshift_health_checker/openshift_checks/logging/logging.py
- BZ - 1579515 - Unexpected error when sort-by and -o yaml provided
- BZ - 1591118 - [crio] Event process failure error appears in atomic-openshift-node log
- BZ - 1624197 - [3.10] Binary builds hang the openshift api server in cluster up
- BZ - 1667981 - [3.10] After running redeploy-certificates.yml playbook in OCP 3.10 webconsole stop working.
- BZ - 1684210 - Newly introduced log-rotation in fluentd not working
- BZ - 1686135 - logging-es using cryptographically weak hashing algorithm.
- BZ - 1686140 - Diffie-Hellman keysize < 2048 in logging-es
- BZ - 1686585 - Task set_loopback_context.yml sets context.user to the wrong name for openshift-master.kubeconfig
- BZ - 1686946 - Allow MERGE_JSON_LOG=true for indexing of JSON payload fields
- BZ - 1687803 - [3.10] sync-pod tried to override the hostname
- BZ - 1688452 - [3.10] Upgrade from Openshift 3.9 to 3.10 fails at Remove Image Stream Tag if no Image Stream Tag is present.
CVE
参考
(none)
备注:
可能有这些软件包的更新版本。
点击软件包名称查看详情。
Red Hat OpenShift Container Platform 3.10
| SRPM | |
|---|---|
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.src.rpm | SHA-256: 04aa354af849c61841dcc2ad55e67d77391f8568e094e8e28b1f219fc9d48360 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.src.rpm | SHA-256: dd73c20dd7c7678a6520ea1baa27d84c54d3f6ff4b3db04822d428384ac12bcb |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.src.rpm | SHA-256: 7f3158b2a2454db325b1d06d59fecf6dc01644eb0605a4243206f9a766d4cc23 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.src.rpm | SHA-256: edc5367d7b4c62c05ab1d04d16ecf5994c4dab3613ac5cff8c491b0adc1876f9 |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.src.rpm | SHA-256: 557e28d9ab14f2033a5c6534c30f7febb4d2989259b0e3395eef79d167bcfd86 |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.src.rpm | SHA-256: 26b55d957e90ce2385d04df51123b5e94298e8e6fa8d803126258f853299cc57 |
| golang-github-prometheus-node_exporter-3.10.127-1.git.0.8ebe819.el7.src.rpm | SHA-256: 42e641c368b3cfe75d9c081abf0ad9ede9855ce2fe7f22d91de7df44e6694e84 |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.src.rpm | SHA-256: c45d282840cfb5a2e585a902a312a28be8d3bc8e790c92604ca195d43a436bbc |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.src.rpm | SHA-256: 63be87feb5fa7200adacdc59a2911b1e2cedda1490dcebb0aed17d9c6b892b25 |
| python-libcloud-2.2.1-20180102gitd701bf9.el7.src.rpm | SHA-256: 0b0ab6d7d48492b23f94dd23ea600937159a32ade7ebf5a43ca4b2bc3a8ced15 |
| rubygem-fluent-plugin-viaq_data_model-0.0.18-1.el7.src.rpm | SHA-256: 0eb5a6c0d8405b29de25557f4a6794e19110ddba0b519b0072d9182a309ba595 |
| x86_64 | |
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.x86_64.rpm | SHA-256: 192521684e108195f6c0ff02abed22328af516ef0397741466b625aaf46a620d |
| atomic-enterprise-service-catalog-svcat-3.10.127-1.git.55.b54f8c7.el7.x86_64.rpm | SHA-256: 1ba78575bc18540473b396c6c6cb24206517448a45e4c29e26deea4c437ce825 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: a7dfa54d5a14470939028037b8f5ea745beb1ce5dd8721df062c9f19506885c5 |
| atomic-openshift-clients-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: e06582f60b222aa100d12807d5696b30101bcc2601a1d1bdf84f35e06b789a90 |
| atomic-openshift-clients-redistributable-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: b1ee1a06fe590360356c632a84331f1ee34d0a12c781d4a0a077ef02b3e8fd56 |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.x86_64.rpm | SHA-256: 55e8c81c8f87dbb118ff9b51ddf2c7ec6073ffb0f8d1537bf1b7dc3db6aa9eab |
| atomic-openshift-docker-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 6358a0f0a9778046012fbcb1e7b4972bc5ad31d792c46184b8850dcc037f6f51 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.x86_64.rpm | SHA-256: 4da7e9f7f60ac23663ff47b12669c404622b5dd2c08b1a6187bcbba1d1911f4c |
| atomic-openshift-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 06f104a2af724df774f48c5fb22a3db32b7e4f510b84618014f3bebcb89023a7 |
| atomic-openshift-hyperkube-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 6bb7f03d03990444aa876c8d7183c4bddfa20d6948f607ffaec09cadf820109d |
| atomic-openshift-hypershift-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 08d82f216a85fa5270f8e66ee50b32c7059625e0794aec1e94d6cac33efd5f4d |
| atomic-openshift-master-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 8137e20a8b7ba63ae0454ddd65ccabba51bd86fd6f7e713f4dec7849a7775ad7 |
| atomic-openshift-node-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 614a0c7300818f1adcd6217e8f3db8783d6fbf39fc3f5a66dd5fa0a971cfd3de |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.x86_64.rpm | SHA-256: dd2256cf5c36a1e6ebf2d97709687a3b80e3a9aff8a1e31fff7945167f81e4e4 |
| atomic-openshift-pod-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: b734c187f70b884b079cc20daf435ddb7c3d10b72c1121594d8b62171a2cac4a |
| atomic-openshift-sdn-ovs-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: a2b1d002098bd7e2a10bd9eef27a2456d659be487cae8f106cabab632e97f449 |
| atomic-openshift-template-service-broker-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 3df10f04a8de7930253240c6ceab32b448674e91363f5f6032b7aec621dc6699 |
| atomic-openshift-tests-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: f8637dd9ab463fcda40a2572703d8a38d57cd35a08f25e3f49a0d3cbcb424428 |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.x86_64.rpm | SHA-256: 568ad32d1055feab10103290ee748bb8462a6aac3e82b371e4eb3f9a2cb2d60a |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 91b300d40b8b35925c81ed41d6ac5070acc2fb71aacc019235ced0495f211a1b |
| openshift-ansible-docs-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 1c260326f91f5dd7bd081937d93b9bfe4848b57013d9169242bc1fd491ced35d |
| openshift-ansible-playbooks-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: b996f8a758afe731d4585a77cc440b15d31099e25faac5fca7b31bee77aeebb5 |
| openshift-ansible-roles-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 55218180bbb0908b9dde27c0bfe766911b2831e16e4ecf54b53e274d4bee71c3 |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.x86_64.rpm | SHA-256: f1f3adcf600c2b5c6cfbb80ebeb108afee5eb5bfbf3b4e1e32eb8552d33cc08c |
| prometheus-node-exporter-3.10.127-1.git.0.8ebe819.el7.x86_64.rpm | SHA-256: 5514d74d248ebb869d609e18accdb737c1005332154e6464c530b497bc0bdead |
| python-libcloud-2.2.1-20180102gitd701bf9.el7.noarch.rpm | SHA-256: e18a4877a00a271ecae0778fa521ee4d1e8dc090bc2744f004b5cff4a5cbad2e |
| rubygem-fluent-plugin-viaq_data_model-0.0.18-1.el7.noarch.rpm | SHA-256: daf98074112acdc44769b6c351b2cb832a15c5e2540f03a7b02ffe0952c378c9 |
| rubygem-fluent-plugin-viaq_data_model-doc-0.0.18-1.el7.noarch.rpm | SHA-256: b73a26a7727907e551a4ac049c0337d2844bca1a082cc3de8d85fbba641b7049 |
Red Hat OpenShift Container Platform for Power 3.10
| SRPM | |
|---|---|
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.src.rpm | SHA-256: 04aa354af849c61841dcc2ad55e67d77391f8568e094e8e28b1f219fc9d48360 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.src.rpm | SHA-256: dd73c20dd7c7678a6520ea1baa27d84c54d3f6ff4b3db04822d428384ac12bcb |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.src.rpm | SHA-256: 7f3158b2a2454db325b1d06d59fecf6dc01644eb0605a4243206f9a766d4cc23 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.src.rpm | SHA-256: edc5367d7b4c62c05ab1d04d16ecf5994c4dab3613ac5cff8c491b0adc1876f9 |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.src.rpm | SHA-256: 557e28d9ab14f2033a5c6534c30f7febb4d2989259b0e3395eef79d167bcfd86 |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.src.rpm | SHA-256: 26b55d957e90ce2385d04df51123b5e94298e8e6fa8d803126258f853299cc57 |
| golang-github-prometheus-node_exporter-3.10.127-1.git.0.8ebe819.el7.src.rpm | SHA-256: 42e641c368b3cfe75d9c081abf0ad9ede9855ce2fe7f22d91de7df44e6694e84 |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.src.rpm | SHA-256: c45d282840cfb5a2e585a902a312a28be8d3bc8e790c92604ca195d43a436bbc |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.src.rpm | SHA-256: 63be87feb5fa7200adacdc59a2911b1e2cedda1490dcebb0aed17d9c6b892b25 |
| ppc64le | |
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.ppc64le.rpm | SHA-256: e657c2caee6df554b726572b2345b38ad7ae798629c82c2e3d698126d29a024d |
| atomic-enterprise-service-catalog-svcat-3.10.127-1.git.55.b54f8c7.el7.ppc64le.rpm | SHA-256: 32b56e0d22f1b081987c64f31d68239b06d0a37ac033ff9f907f80f8df6b0de0 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: c582ab6e550f4e93bd772a86d2b6d4136970e2d3f678f0ad4e40008660b6a4c8 |
| atomic-openshift-clients-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: c862d0df577c336c225c1667811645d91f9fbe81aa8e1ab8eb38c37e00cb87e6 |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.ppc64le.rpm | SHA-256: e7857015ed4e3aa710f17f97d4d54768522c0aba7b33e2fc4227b2034922e8bc |
| atomic-openshift-docker-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 6358a0f0a9778046012fbcb1e7b4972bc5ad31d792c46184b8850dcc037f6f51 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.ppc64le.rpm | SHA-256: a764cbf0f2ecc0928232f150a44b3be09921052dde81438038ab0f53f1db64a1 |
| atomic-openshift-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 06f104a2af724df774f48c5fb22a3db32b7e4f510b84618014f3bebcb89023a7 |
| atomic-openshift-hyperkube-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: a329eed8ac227484a22a1807158f2a51cd54e403fb8e1600f7d15bd804f91ba6 |
| atomic-openshift-hypershift-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 0ee2db299aefe08c39887dd31129c92e04fe674f57536538c5e2ccf3c2eb1dfc |
| atomic-openshift-master-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 99d23d0b896014dca8eb36853e142112ef45428d8c4885b157491cbd86cdbc48 |
| atomic-openshift-node-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 4814d04bc219fa0a95efe60a87f395535dc11671c29927da912ee0910deaf345 |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.ppc64le.rpm | SHA-256: 64285c55049df41059bfa42958052b7520cd60cab544a45bede8c2076e04ec4d |
| atomic-openshift-pod-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 825c53b92b52d4fb39be5a02b76fc51bd14224164f69a9578c1ded604caf7d13 |
| atomic-openshift-sdn-ovs-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 636b39bce9f287f5b6aeff6292cc8a791f4d8f78f6de18288ba66614a318e9b4 |
| atomic-openshift-template-service-broker-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 31b9d170b2b4e13d447f96ff6082ef36beeae10698cb0dea3731445594366931 |
| atomic-openshift-tests-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 44dfe904c2cbaa049565bf6693b2d44cc0996243b3b03666dda3b89507f8643d |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.ppc64le.rpm | SHA-256: efc8ac6139d9caa524cdb8376c066c285d05bf05c091218880c17dcebfbd2227 |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 91b300d40b8b35925c81ed41d6ac5070acc2fb71aacc019235ced0495f211a1b |
| openshift-ansible-docs-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 1c260326f91f5dd7bd081937d93b9bfe4848b57013d9169242bc1fd491ced35d |
| openshift-ansible-playbooks-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: b996f8a758afe731d4585a77cc440b15d31099e25faac5fca7b31bee77aeebb5 |
| openshift-ansible-roles-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 55218180bbb0908b9dde27c0bfe766911b2831e16e4ecf54b53e274d4bee71c3 |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.ppc64le.rpm | SHA-256: f302023314bc66896517cf1cc1557e275f9699d3244d1531721059d81ebaaa1b |
| prometheus-node-exporter-3.10.127-1.git.0.8ebe819.el7.ppc64le.rpm | SHA-256: b811549623448e349cdfa04e0424beaf24baf7f0863fbfba8c918b711b4c285a |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
