- Issued:
- 2019-06-27
- Updated:
- 2019-06-27
RHBA-2019:1607 - Bug Fix Advisory
Synopsis
OpenShift Container Platform 3.10 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat OpenShift Container Platform release 3.10.149 is now available with
updates to packages and images that fix several bugs.
Description
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.10.149. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:1608
This update includes the following bugs:
- The openssh-clients package was missing from the ose-f5-router images. The correct RPM has been added to the latest release. (BZ#1645755)
- Slow build progression through a build's init container steps could result in builds marked as `Running`, and the build controller would attempt to set the build back to `Pending`. As a result, excessive warning messages were presented to the user. Now, the build controller prevents the erroneous transitions and logs more useful diagnostic data. (BZ#1685322)
- A task was inserted early in the upgrade playbooks to install client packages, but the task does not specify explicit versions for all dependencies. As a result, circular dependencies within the packages would cause all packages to be updated to the latest version. Now, the problematic client install task has been removed and the task is completed in another fashion. Install now completes with packages installed to the specified version. (BZ#1692730)
- Non-master `etcd` nodes were previously excluded from upgrades. This has now been changed to exclude only non-master non-node etcd instances. Now non-master `etcd` nodes are upgraded successfully. (BZ#1693524)
- The `openshift_set_node_ip` variable was deprecated, but still included in inventory example files. This has now been removed from example files and code for the `openshift_set_node_ip` variable has been cleaned up. (BZ#1694814)
- Undesired DNS IP addresses were selected by the OpenShift service if multiple network cards were present. As a result, DNS requests failed to work from pods. Now, there are sane defaults present for DNS and it follows a similar pattern used by kubelet to fetch routable node IP addresses. (BZ#1696394)
- Long running Jenkins agent and slave pods would experience defunct process errors, causing a high number of processes to appear in process listings until the pod is terminated. Now, `dumb-init` is deployed to clean up these defunct processes. (BZ#1707447)
- The environment variable JOURNAL_READ_FROM_HEAD was set to an empty string. This caused the default value of `read_from_head` for the journald input to be true. When Fluentd starts up for the first time on a node, it reads in the entire journal. This could result in hours of delays for system messages to show up in ElasticSearch and Kibana. Now, Fluentd will check if the value is set and is not empty, or will use the default value of false. Fluentd will read from the tail of the journal when it starts on a new node. (BZ#1707556)
- There was a missing `@` for an instance variable in the Fluentd remote syslog plugin code. In some cases, systemd-journald logged errant values. This resulted in rsyslog forwarding failures. Now, the variable has been corrected remote logging completes successfully. (BZ#1707899)
- The script 99-origin-dns.sh had a debug flag set to enabled, which would log debug level messages by default. This has been resolved and debug is now set to false. (BZ#1708393)
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages and images.
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
For OpenShift Container Platform 3.10 see the following documentation,
which will be updated shortly for release 3.10.149, for important
instructions on how to upgrade your cluster and fully apply this
asynchronous errata update:
https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
Affected Products
- Red Hat OpenShift Container Platform 3.10 x86_64
- Red Hat OpenShift Container Platform for Power 3.10 ppc64le
Fixes
- BZ - 1645755 - openssh-clients package missing from ose-f5-router:v3.10 images
- BZ - 1685322 - Builds delayed with multiple occurrences of the error "build_controller.go:1289] Giving up retrying <build name>: invalid phase transition <build name> (Running) -> Pending"
- BZ - 1690200 - logging fluentd daemonset should tolerate all taints (3.10)
- BZ - 1692730 - Fail to upgrade ocp to non latest version
- BZ - 1693524 - Packages in dedicated ETCD nodes are not upgraded
- BZ - 1694814 - Variable openshift_set_node_ip is deprecated in v3.10+ but this is not mentioned in inventory examples
- BZ - 1696394 - [3.10] Pod /etc/resolv.conf populated with incorrect nameserver possibly with an IP read from the wrong interface
- BZ - 1707447 - jenkins-slave produce process defunct [ Jenkins "SLAVE" ]
- BZ - 1707556 - JOURNAL_READ_FROM_HEAD defaults to true
- BZ - 1707899 - [release-3.10] Fix typo of random_string that prevents forwarding to SYSLOG via UDP to fail
- BZ - 1708393 - the script 99-origin-dns.sh has the debug flag '-x' set to on
- BZ - 1709422 - sdn daemonset should tolerate taints (3.10)
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 3.10
SRPM | |
---|---|
atomic-enterprise-service-catalog-3.10.149-1.git.1.d18a7be.el7.src.rpm | SHA-256: 6c918fea4a37a4da6ee2267d15b720f244deec29c6bd5946e62b480cca69c9fe |
atomic-openshift-descheduler-3.10.149-1.git.1.cd10a12.el7.src.rpm | SHA-256: 3784e24e62daa4e1f5093ce6c6014f7b1790a6a526508d9b93f77b45b708525d |
atomic-openshift-dockerregistry-3.10.149-1.git.1.5474c2d.el7.src.rpm | SHA-256: 8716754970ff34a4b3e2f67b59ab520d93375aa6ebe62b3c7f8e08d3ab44a553 |
atomic-openshift-node-problem-detector-3.10.149-1.git.1.ea58d59.el7.src.rpm | SHA-256: 2493372da649eb602fa3e3e303bde600530422b3c15a94a80b7d92bfef49539c |
atomic-openshift-web-console-3.10.149-1.git.1.183babf.el7.src.rpm | SHA-256: 05f08f16169347739764b5dd4953a81e2ffdd189a8e0db9860ec3c0fc27fc304 |
golang-github-prometheus-node_exporter-3.10.149-1.git.1.a4888f1.el7.src.rpm | SHA-256: 5d10c62228613f6419b0bdf370e6590d494bce6bb99c342ca7267ac22c551d0e |
openshift-ansible-3.10.149-1.git.0.eb0262c.el7.src.rpm | SHA-256: 2ed0df33c688d87018677c5f02ba5e75684ea9cb21c5b5cd0fdf4188525860a4 |
openshift-enterprise-cluster-capacity-3.10.149-1.git.1.85b7518.el7.src.rpm | SHA-256: 4565ac0596a5360a34cedae47e1a250b9c3763589ab46dc84653f134f3968560 |
x86_64 | |
atomic-enterprise-service-catalog-3.10.149-1.git.1.d18a7be.el7.x86_64.rpm | SHA-256: 824e1e2fb5889c8990e689e24569ac71380577180f4f310d99495fbdf7b75ef9 |
atomic-enterprise-service-catalog-svcat-3.10.149-1.git.1.d18a7be.el7.x86_64.rpm | SHA-256: cffaceac43b0641a905536b0760a968461db33c467ff6f5ed6702b8ac5b79d9e |
atomic-openshift-descheduler-3.10.149-1.git.1.cd10a12.el7.x86_64.rpm | SHA-256: fab7dc77274655fb0baf871398e5aa74fa808610d553745ca6e184601f571d41 |
atomic-openshift-dockerregistry-3.10.149-1.git.1.5474c2d.el7.x86_64.rpm | SHA-256: bb142564290505e9bdc1ffdd21ead204be52f4ca3ecf7ba4237a1a5a16b59616 |
atomic-openshift-node-problem-detector-3.10.149-1.git.1.ea58d59.el7.x86_64.rpm | SHA-256: fc54d81b517ae8cbedb16adce55fb764f6dd98f976fb05cb61f141e4fa3442ec |
atomic-openshift-web-console-3.10.149-1.git.1.183babf.el7.x86_64.rpm | SHA-256: 1d667416aa49caa58ce525013f5ea0ed1542eb284db0a19f0a54fc3ab125da42 |
openshift-ansible-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 6bbea25653dd5b895b8c23568a3f6e9a990cf8f61d3ce0730fc5138196909c34 |
openshift-ansible-docs-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 238afa8062ac04f5ada15ce7744544a84eb01578cbe63a9d1019189e558451b9 |
openshift-ansible-playbooks-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 401d52fcb8c3b484585e82f219d19eda112f0e10dd50cbcc4e71330e8c594894 |
openshift-ansible-roles-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 5771cf8e1a05e6d5065efc6a96f48d1826fc1a5a1b018d0e1245a225864071b5 |
openshift-enterprise-cluster-capacity-3.10.149-1.git.1.85b7518.el7.x86_64.rpm | SHA-256: d14dda7a68d671ae3314feb055b305bc7f07d17722072f0ca802669e5bf417b4 |
prometheus-node-exporter-3.10.149-1.git.1.a4888f1.el7.x86_64.rpm | SHA-256: df6caf2fd8df471ac5aa1ccbf4569254459f221ebae7aae065d0404db4aebfc8 |
Red Hat OpenShift Container Platform for Power 3.10
SRPM | |
---|---|
atomic-enterprise-service-catalog-3.10.149-1.git.1.d18a7be.el7.src.rpm | SHA-256: 6c918fea4a37a4da6ee2267d15b720f244deec29c6bd5946e62b480cca69c9fe |
atomic-openshift-descheduler-3.10.149-1.git.1.cd10a12.el7.src.rpm | SHA-256: 3784e24e62daa4e1f5093ce6c6014f7b1790a6a526508d9b93f77b45b708525d |
atomic-openshift-dockerregistry-3.10.149-1.git.1.5474c2d.el7.src.rpm | SHA-256: 8716754970ff34a4b3e2f67b59ab520d93375aa6ebe62b3c7f8e08d3ab44a553 |
atomic-openshift-node-problem-detector-3.10.149-1.git.1.ea58d59.el7.src.rpm | SHA-256: 2493372da649eb602fa3e3e303bde600530422b3c15a94a80b7d92bfef49539c |
atomic-openshift-web-console-3.10.149-1.git.1.183babf.el7.src.rpm | SHA-256: 05f08f16169347739764b5dd4953a81e2ffdd189a8e0db9860ec3c0fc27fc304 |
golang-github-prometheus-node_exporter-3.10.149-1.git.1.a4888f1.el7.src.rpm | SHA-256: 5d10c62228613f6419b0bdf370e6590d494bce6bb99c342ca7267ac22c551d0e |
openshift-ansible-3.10.149-1.git.0.eb0262c.el7.src.rpm | SHA-256: 2ed0df33c688d87018677c5f02ba5e75684ea9cb21c5b5cd0fdf4188525860a4 |
openshift-enterprise-cluster-capacity-3.10.149-1.git.1.85b7518.el7.src.rpm | SHA-256: 4565ac0596a5360a34cedae47e1a250b9c3763589ab46dc84653f134f3968560 |
ppc64le | |
atomic-enterprise-service-catalog-3.10.149-1.git.1.d18a7be.el7.ppc64le.rpm | SHA-256: 9dd016f41e9b29bcb5c47661c66d2a01b05282c1e07c5aa3087c571d7d963ebb |
atomic-enterprise-service-catalog-svcat-3.10.149-1.git.1.d18a7be.el7.ppc64le.rpm | SHA-256: 88c116870f78fd0a30864d024fe565ee77bf32aa89c1cc4fb3c7cb881b5fb622 |
atomic-openshift-descheduler-3.10.149-1.git.1.cd10a12.el7.ppc64le.rpm | SHA-256: 66d684c2e2fa761fd14b4e0fe0e14fe3a8a1c5821f8f12bcfcba41c2fc92b329 |
atomic-openshift-dockerregistry-3.10.149-1.git.1.5474c2d.el7.ppc64le.rpm | SHA-256: 4c5f4de44170f684e81fecbdc40ac8616dd94c27f8fe70e067703d785edb2736 |
atomic-openshift-node-problem-detector-3.10.149-1.git.1.ea58d59.el7.ppc64le.rpm | SHA-256: 6dfa1ef46ba8e952debbffa4c764294203f24d80c20436e40c0e0952deb8b715 |
atomic-openshift-web-console-3.10.149-1.git.1.183babf.el7.ppc64le.rpm | SHA-256: 298d4a8e3d596ab1b6065a9eea2f9b5aa9a11c9092e955c4925ee5dc25d244e4 |
openshift-ansible-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 6bbea25653dd5b895b8c23568a3f6e9a990cf8f61d3ce0730fc5138196909c34 |
openshift-ansible-docs-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 238afa8062ac04f5ada15ce7744544a84eb01578cbe63a9d1019189e558451b9 |
openshift-ansible-playbooks-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 401d52fcb8c3b484585e82f219d19eda112f0e10dd50cbcc4e71330e8c594894 |
openshift-ansible-roles-3.10.149-1.git.0.eb0262c.el7.noarch.rpm | SHA-256: 5771cf8e1a05e6d5065efc6a96f48d1826fc1a5a1b018d0e1245a225864071b5 |
openshift-enterprise-cluster-capacity-3.10.149-1.git.1.85b7518.el7.ppc64le.rpm | SHA-256: 7fd496e4d6e4698900d28be69ce03f29806adb14ddfa29e8061bc29a07da9c13 |
prometheus-node-exporter-3.10.149-1.git.1.a4888f1.el7.ppc64le.rpm | SHA-256: 85c056ca9153fd04ab6fe18ffa20700ca91d6b94fe4fcf4a551ab6d2cdd149a8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.