- Issued:
- 2019-07-04
- Updated:
- 2019-07-04
RHBA-2019:1634 - Bug Fix Advisory
Synopsis
OpenShift Container Platform 4.1 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat OpenShift Container Platform release 4.1.4 is now available with
updates to packages and images that fix several bugs.
Description
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat
OpenShift Container Platform 4.1.4. See the following advisory for the
container images for this release:
https://access.redhat.com/errata/RHBA-2019:1635
This update fixes the following bugs:
- Image pruning was taking too long to complete because all images were processed as a single request. Now, `pager` is used to complete the process successfully without timing out. (#BZ1710561)
- The Jenkins Sync plugin confused `ImageStreams` and `ConfigMaps` with the same name when processing them for Jenkins k8s plugin `PodTemplates`, causing conflict with the api object types. Now, the Jenkins Sync plugin has been modified to keep track of which api object type created the pod template of a given name. (BZ#1711334)
- `OAuth` was unable to authenticate to OpenShift Jenkins instances. The Jenkins login plugin has been updated to attempt TLS connections with default certifications. Users are now able to log into the Jenkins console using `OAuth`. (BZ#1712240)
- Cluster Operators did not provide enough `node-tuning` related resources, making the `must-gather` tool unable to collect sufficient information for `node-tuning` resources. Now, more resources have been added to `node-tuning` and the `must-gather` tool is now able to collect sufficient information about `node-tuning` related resources. (BZ#1717739)
- Networking outages were occurring with `EgressIP` because monitoring code was mistakenly interpreting `Not responding` inputs. As a result, egress IP addresses may switch from one node to another. The monitoring code now distinguishes a node that's not responding from a final destination that is not responding. Egress IP addresses will not be switched between nodes unnecessarily. (BZ#1718541)
- The `node-tuning-operator` in OpenShift Container Platform 4.1.0 unnecessarily updated `tuned` service accounts, causing extraneous secrets in the `openshift-cluster-node-tuning-operator` namespace. This was resolved in the OpenShift Container Platform 4.1.1 release, but this did not clean up the extraneous secrets. Now those secrets are cleaned up. (BZ#1718842)
- ElasticSearch `curl` commands would bloat the dentry cache, causing the node to become unresponsive. Now, the `NSS_SDB_USE_CACHE=no` option may be set in the readiness probe to work around the NSS behavior that bloated the dentry cache. (BZ#1720656)
- A race condition existed when updating conditions on the `openshift-cluster-samples-operator`, causing duplicate conditions or upgrades to fail. The Samples Operator would incorrectly show a `Degraded` statge. Now, proper synchronization has been added so that the duplication of conditions does not occur and the `Degraded` state is not reported. (BZ#1722183)
- `Fluentd` was unable to correctly parse the `CONTAINER_NAME` field for Kubernetes metadata, causing records to go to the `.orphaned` index. Now, `fluentd` checks the record tag and record data for Kubernetes metadata. (BZ#1722898)
- The permissions set on previous version of ElasticSearch were restrictive so that non-administrative users were unable to access the `root` endpoints, and non-administrative useres were unable to determine the ElasticSearch version information. Permissions have now been changed to accomodate all users able to see the version of ElasticSearch.(BZ#1724341)
All OpenShift Container Platform 4.1 users are advised to upgrade to these
updated packages and images.
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
For OpenShift Container Platform 4.1 see the following documentation, which
will be updated shortly for release 4.1.4, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.1/updating/updating-cluster-cli.html.
Affected Products
- Red Hat OpenShift Container Platform 4.1 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.1 for RHEL 7 x86_64
Fixes
- BZ - 1723185 - Placeholder for 4.1.4 RPM release
CVEs
(none)
References
(none)
Red Hat OpenShift Container Platform 4.1 for RHEL 8
| SRPM | |
|---|---|
| openshift-4.1.4-201906261555.git.0.c9e4f28.el8.src.rpm | SHA-256: 1e04fa1be2cbf95c3679d46fdb2605faec760c8f904aab5ac17a4b70d8afeb63 |
| x86_64 | |
| openshift-clients-4.1.4-201906261555.git.0.c9e4f28.el8.x86_64.rpm | SHA-256: ff7865ad281cdea71977c1da6a49b95cde4ff3ac78a1684083e4a3b16109a736 |
| openshift-clients-redistributable-4.1.4-201906261555.git.0.c9e4f28.el8.x86_64.rpm | SHA-256: 48f23f428b628b32e63494899299bc51ac02d0d3fd8887ff8d2f71f33d876d92 |
| openshift-hyperkube-4.1.4-201906261555.git.0.c9e4f28.el8.x86_64.rpm | SHA-256: d939a2f1c7d27edccd1cb3fa002afbc63f9becdcbbf3e531ca90c6de454bdae0 |
Red Hat OpenShift Container Platform 4.1 for RHEL 7
| SRPM | |
|---|---|
| atomic-enterprise-service-catalog-4.1.4-201906261555.git.1.9d82c80.el7.src.rpm | SHA-256: 3633f311dec691cdfc5fa600d73ab77f6f67a2ab1b1c0711b820a64f5311aea6 |
| openshift-4.1.4-201906261555.git.0.c9e4f28.el7.src.rpm | SHA-256: 39c64654145a59ebbe958dc632aee877ba16049f546bcd927de511452da67c24 |
| x86_64 | |
| atomic-enterprise-service-catalog-4.1.4-201906261555.git.1.9d82c80.el7.x86_64.rpm | SHA-256: 34681d4cda139489012d1888f6991562739a29003856db3575469b7c0199e8d0 |
| atomic-enterprise-service-catalog-svcat-4.1.4-201906261555.git.1.9d82c80.el7.x86_64.rpm | SHA-256: ad0116ffb0d3c91f2bc12868161fa269b7ac786cf1d382c773d81f0ddb77e2b9 |
| openshift-clients-4.1.4-201906261555.git.0.c9e4f28.el7.x86_64.rpm | SHA-256: 9f2342a0ae5ea413d2779c9671ea545afdf63b16ec2682cdb243d727623e9b0e |
| openshift-clients-redistributable-4.1.4-201906261555.git.0.c9e4f28.el7.x86_64.rpm | SHA-256: 529981a5b101de2ceb605f886901dcb04f10cf9a244be4073258c7043bb85a64 |
| openshift-hyperkube-4.1.4-201906261555.git.0.c9e4f28.el7.x86_64.rpm | SHA-256: 462d99431225dc2e3e24405e5e062875c86b6b6482d18d20369b3ba89fd8690b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.