- Issued:
- 2019-04-09
- Updated:
- 2019-04-09
RHBA-2019:0620 - Bug Fix Advisory
Synopsis
OpenShift Container Platform 3.10 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat OpenShift Container Platform release 3.10.127 is now available with
updates to packages and images that fix several bugs.
Description
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.10.127. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:0621
This update fixes the following bugs:
- Playbooks that redeployed master certificates did not update `webconsole` secrets, causing failure to start the `webconsole` after redeployment. Now, `webconsole` secrets are re-created when master certificate playbooks are used and the `webconsole`now works properly. (BZ#1667981)
- The files that implemented log rotation functionality were not copied to the correct `fluentd` directory. As a result, logs were not rotated. Now, the container build inspects the `fluentd` gem to find out where to install the files. The files that implement log rotation are copied to the correct directory for `fluentd` usage. (BZ#1684210)
- The SSL and TLS service uses Diffie-Hellman groups with insufficient strength (a key size less than 2048 bytes). As a result, the keys are more vulnerable. Now, the key strength has been increased and certificates are more secure. (BZ#1686135)
- When a cluster was installed, the user name in the loopback kubeconfig is the same as the host name of the master. Now, the variable in the playbook is changed to a different value. (BZ#1686585)
- Using `MERGE_JSON_LOG=true` would create fields in the record that would cause syntax violations or create too many fields in `Elasticsearch`, causing severe performance problems. Now, users who experience these problems can tune `fluentd` to accommodate their log record fields without errors or `Elasticsearch` performance degradation. (BZ#1686946)
- If an override host name had been set, the sync script generated an error in the sync logs. This has now been resolved and is no longer present in situations where `/etc/sysconfig/KUBELET_HOSTNAME_OVERRIDE` is not present. (BZ#1687803)
- Upgrade playbooks ran several `oc` commands that used resource aliases that may not be immediately available after a restart or other reasons. Now, the `oc` suite of commands uses the fully qualified resource name to avoid potential failure. (BZ#1688452)
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages.
Solution
Before applying this update, ensure all previously released errata relevant to your system are applied.
See the following documentation, which will be updated shortly for release 3.10.127, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.10 x86_64
- Red Hat OpenShift Container Platform for Power 3.10 ppc64le
Fixes
- BZ - 1538488 - When token expired and command uses short name type, it prompts server doesn't have a resource type
- BZ - 1554624 - should not hard code scalable objects in 'oc status'
- BZ - 1572493 - openshift_logging_namespace default value should be openshift-logging in openshift_health_checker/openshift_checks/logging/logging.py
- BZ - 1579515 - Unexpected error when sort-by and -o yaml provided
- BZ - 1591118 - [crio] Event process failure error appears in atomic-openshift-node log
- BZ - 1624197 - [3.10] Binary builds hang the openshift api server in cluster up
- BZ - 1667981 - [3.10] After running redeploy-certificates.yml playbook in OCP 3.10 webconsole stop working.
- BZ - 1684210 - Newly introduced log-rotation in fluentd not working
- BZ - 1686135 - logging-es using cryptographically weak hashing algorithm.
- BZ - 1686140 - Diffie-Hellman keysize < 2048 in logging-es
- BZ - 1686585 - Task set_loopback_context.yml sets context.user to the wrong name for openshift-master.kubeconfig
- BZ - 1686946 - Allow MERGE_JSON_LOG=true for indexing of JSON payload fields
- BZ - 1687803 - [3.10] sync-pod tried to override the hostname
- BZ - 1688452 - [3.10] Upgrade from Openshift 3.9 to 3.10 fails at Remove Image Stream Tag if no Image Stream Tag is present.
CVEs
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat OpenShift Container Platform 3.10
| SRPM | |
|---|---|
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.src.rpm | SHA-256: 04aa354af849c61841dcc2ad55e67d77391f8568e094e8e28b1f219fc9d48360 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.src.rpm | SHA-256: dd73c20dd7c7678a6520ea1baa27d84c54d3f6ff4b3db04822d428384ac12bcb |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.src.rpm | SHA-256: 7f3158b2a2454db325b1d06d59fecf6dc01644eb0605a4243206f9a766d4cc23 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.src.rpm | SHA-256: edc5367d7b4c62c05ab1d04d16ecf5994c4dab3613ac5cff8c491b0adc1876f9 |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.src.rpm | SHA-256: 557e28d9ab14f2033a5c6534c30f7febb4d2989259b0e3395eef79d167bcfd86 |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.src.rpm | SHA-256: 26b55d957e90ce2385d04df51123b5e94298e8e6fa8d803126258f853299cc57 |
| golang-github-prometheus-node_exporter-3.10.127-1.git.0.8ebe819.el7.src.rpm | SHA-256: 42e641c368b3cfe75d9c081abf0ad9ede9855ce2fe7f22d91de7df44e6694e84 |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.src.rpm | SHA-256: c45d282840cfb5a2e585a902a312a28be8d3bc8e790c92604ca195d43a436bbc |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.src.rpm | SHA-256: 63be87feb5fa7200adacdc59a2911b1e2cedda1490dcebb0aed17d9c6b892b25 |
| python-libcloud-2.2.1-20180102gitd701bf9.el7.src.rpm | SHA-256: 0b0ab6d7d48492b23f94dd23ea600937159a32ade7ebf5a43ca4b2bc3a8ced15 |
| rubygem-fluent-plugin-viaq_data_model-0.0.18-1.el7.src.rpm | SHA-256: 0eb5a6c0d8405b29de25557f4a6794e19110ddba0b519b0072d9182a309ba595 |
| x86_64 | |
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.x86_64.rpm | SHA-256: 192521684e108195f6c0ff02abed22328af516ef0397741466b625aaf46a620d |
| atomic-enterprise-service-catalog-svcat-3.10.127-1.git.55.b54f8c7.el7.x86_64.rpm | SHA-256: 1ba78575bc18540473b396c6c6cb24206517448a45e4c29e26deea4c437ce825 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: a7dfa54d5a14470939028037b8f5ea745beb1ce5dd8721df062c9f19506885c5 |
| atomic-openshift-clients-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: e06582f60b222aa100d12807d5696b30101bcc2601a1d1bdf84f35e06b789a90 |
| atomic-openshift-clients-redistributable-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: b1ee1a06fe590360356c632a84331f1ee34d0a12c781d4a0a077ef02b3e8fd56 |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.x86_64.rpm | SHA-256: 55e8c81c8f87dbb118ff9b51ddf2c7ec6073ffb0f8d1537bf1b7dc3db6aa9eab |
| atomic-openshift-docker-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 6358a0f0a9778046012fbcb1e7b4972bc5ad31d792c46184b8850dcc037f6f51 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.x86_64.rpm | SHA-256: 4da7e9f7f60ac23663ff47b12669c404622b5dd2c08b1a6187bcbba1d1911f4c |
| atomic-openshift-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 06f104a2af724df774f48c5fb22a3db32b7e4f510b84618014f3bebcb89023a7 |
| atomic-openshift-hyperkube-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 6bb7f03d03990444aa876c8d7183c4bddfa20d6948f607ffaec09cadf820109d |
| atomic-openshift-hypershift-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 08d82f216a85fa5270f8e66ee50b32c7059625e0794aec1e94d6cac33efd5f4d |
| atomic-openshift-master-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 8137e20a8b7ba63ae0454ddd65ccabba51bd86fd6f7e713f4dec7849a7775ad7 |
| atomic-openshift-node-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 614a0c7300818f1adcd6217e8f3db8783d6fbf39fc3f5a66dd5fa0a971cfd3de |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.x86_64.rpm | SHA-256: dd2256cf5c36a1e6ebf2d97709687a3b80e3a9aff8a1e31fff7945167f81e4e4 |
| atomic-openshift-pod-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: b734c187f70b884b079cc20daf435ddb7c3d10b72c1121594d8b62171a2cac4a |
| atomic-openshift-sdn-ovs-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: a2b1d002098bd7e2a10bd9eef27a2456d659be487cae8f106cabab632e97f449 |
| atomic-openshift-template-service-broker-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: 3df10f04a8de7930253240c6ceab32b448674e91363f5f6032b7aec621dc6699 |
| atomic-openshift-tests-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm | SHA-256: f8637dd9ab463fcda40a2572703d8a38d57cd35a08f25e3f49a0d3cbcb424428 |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.x86_64.rpm | SHA-256: 568ad32d1055feab10103290ee748bb8462a6aac3e82b371e4eb3f9a2cb2d60a |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 91b300d40b8b35925c81ed41d6ac5070acc2fb71aacc019235ced0495f211a1b |
| openshift-ansible-docs-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 1c260326f91f5dd7bd081937d93b9bfe4848b57013d9169242bc1fd491ced35d |
| openshift-ansible-playbooks-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: b996f8a758afe731d4585a77cc440b15d31099e25faac5fca7b31bee77aeebb5 |
| openshift-ansible-roles-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 55218180bbb0908b9dde27c0bfe766911b2831e16e4ecf54b53e274d4bee71c3 |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.x86_64.rpm | SHA-256: f1f3adcf600c2b5c6cfbb80ebeb108afee5eb5bfbf3b4e1e32eb8552d33cc08c |
| prometheus-node-exporter-3.10.127-1.git.0.8ebe819.el7.x86_64.rpm | SHA-256: 5514d74d248ebb869d609e18accdb737c1005332154e6464c530b497bc0bdead |
| python-libcloud-2.2.1-20180102gitd701bf9.el7.noarch.rpm | SHA-256: e18a4877a00a271ecae0778fa521ee4d1e8dc090bc2744f004b5cff4a5cbad2e |
| rubygem-fluent-plugin-viaq_data_model-0.0.18-1.el7.noarch.rpm | SHA-256: daf98074112acdc44769b6c351b2cb832a15c5e2540f03a7b02ffe0952c378c9 |
| rubygem-fluent-plugin-viaq_data_model-doc-0.0.18-1.el7.noarch.rpm | SHA-256: b73a26a7727907e551a4ac049c0337d2844bca1a082cc3de8d85fbba641b7049 |
Red Hat OpenShift Container Platform for Power 3.10
| SRPM | |
|---|---|
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.src.rpm | SHA-256: 04aa354af849c61841dcc2ad55e67d77391f8568e094e8e28b1f219fc9d48360 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.src.rpm | SHA-256: dd73c20dd7c7678a6520ea1baa27d84c54d3f6ff4b3db04822d428384ac12bcb |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.src.rpm | SHA-256: 7f3158b2a2454db325b1d06d59fecf6dc01644eb0605a4243206f9a766d4cc23 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.src.rpm | SHA-256: edc5367d7b4c62c05ab1d04d16ecf5994c4dab3613ac5cff8c491b0adc1876f9 |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.src.rpm | SHA-256: 557e28d9ab14f2033a5c6534c30f7febb4d2989259b0e3395eef79d167bcfd86 |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.src.rpm | SHA-256: 26b55d957e90ce2385d04df51123b5e94298e8e6fa8d803126258f853299cc57 |
| golang-github-prometheus-node_exporter-3.10.127-1.git.0.8ebe819.el7.src.rpm | SHA-256: 42e641c368b3cfe75d9c081abf0ad9ede9855ce2fe7f22d91de7df44e6694e84 |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.src.rpm | SHA-256: c45d282840cfb5a2e585a902a312a28be8d3bc8e790c92604ca195d43a436bbc |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.src.rpm | SHA-256: 63be87feb5fa7200adacdc59a2911b1e2cedda1490dcebb0aed17d9c6b892b25 |
| ppc64le | |
| atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.ppc64le.rpm | SHA-256: e657c2caee6df554b726572b2345b38ad7ae798629c82c2e3d698126d29a024d |
| atomic-enterprise-service-catalog-svcat-3.10.127-1.git.55.b54f8c7.el7.ppc64le.rpm | SHA-256: 32b56e0d22f1b081987c64f31d68239b06d0a37ac033ff9f907f80f8df6b0de0 |
| atomic-openshift-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: c582ab6e550f4e93bd772a86d2b6d4136970e2d3f678f0ad4e40008660b6a4c8 |
| atomic-openshift-clients-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: c862d0df577c336c225c1667811645d91f9fbe81aa8e1ab8eb38c37e00cb87e6 |
| atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.ppc64le.rpm | SHA-256: e7857015ed4e3aa710f17f97d4d54768522c0aba7b33e2fc4227b2034922e8bc |
| atomic-openshift-docker-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 6358a0f0a9778046012fbcb1e7b4972bc5ad31d792c46184b8850dcc037f6f51 |
| atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.ppc64le.rpm | SHA-256: a764cbf0f2ecc0928232f150a44b3be09921052dde81438038ab0f53f1db64a1 |
| atomic-openshift-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm | SHA-256: 06f104a2af724df774f48c5fb22a3db32b7e4f510b84618014f3bebcb89023a7 |
| atomic-openshift-hyperkube-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: a329eed8ac227484a22a1807158f2a51cd54e403fb8e1600f7d15bd804f91ba6 |
| atomic-openshift-hypershift-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 0ee2db299aefe08c39887dd31129c92e04fe674f57536538c5e2ccf3c2eb1dfc |
| atomic-openshift-master-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 99d23d0b896014dca8eb36853e142112ef45428d8c4885b157491cbd86cdbc48 |
| atomic-openshift-node-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 4814d04bc219fa0a95efe60a87f395535dc11671c29927da912ee0910deaf345 |
| atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.ppc64le.rpm | SHA-256: 64285c55049df41059bfa42958052b7520cd60cab544a45bede8c2076e04ec4d |
| atomic-openshift-pod-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 825c53b92b52d4fb39be5a02b76fc51bd14224164f69a9578c1ded604caf7d13 |
| atomic-openshift-sdn-ovs-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 636b39bce9f287f5b6aeff6292cc8a791f4d8f78f6de18288ba66614a318e9b4 |
| atomic-openshift-template-service-broker-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 31b9d170b2b4e13d447f96ff6082ef36beeae10698cb0dea3731445594366931 |
| atomic-openshift-tests-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm | SHA-256: 44dfe904c2cbaa049565bf6693b2d44cc0996243b3b03666dda3b89507f8643d |
| atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.ppc64le.rpm | SHA-256: efc8ac6139d9caa524cdb8376c066c285d05bf05c091218880c17dcebfbd2227 |
| openshift-ansible-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 91b300d40b8b35925c81ed41d6ac5070acc2fb71aacc019235ced0495f211a1b |
| openshift-ansible-docs-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 1c260326f91f5dd7bd081937d93b9bfe4848b57013d9169242bc1fd491ced35d |
| openshift-ansible-playbooks-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: b996f8a758afe731d4585a77cc440b15d31099e25faac5fca7b31bee77aeebb5 |
| openshift-ansible-roles-3.10.127-1.git.0.131da09.el7.noarch.rpm | SHA-256: 55218180bbb0908b9dde27c0bfe766911b2831e16e4ecf54b53e274d4bee71c3 |
| openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.ppc64le.rpm | SHA-256: f302023314bc66896517cf1cc1557e275f9699d3244d1531721059d81ebaaa1b |
| prometheus-node-exporter-3.10.127-1.git.0.8ebe819.el7.ppc64le.rpm | SHA-256: b811549623448e349cdfa04e0424beaf24baf7f0863fbfba8c918b711b4c285a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.