Red Hat Product Errata RHBA-2020:2628 - Bug Fix Advisory
Issued:
2020-07-01
Updated:
2020-07-01

RHBA-2020:2628 - Bug Fix Advisory

Synopsis

OpenShift Container Platform 4.3.27 bug fix update

Type/Severity

Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.3.27 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.3.27. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:2627

This update fixes the following bugs among others:

  • Previously, Fluentd inserted an incorrect line separator (`\\'\\'`) for container log lines split across multiple lines in CRI-O logs. This bug fix configures the correct empty line separator for Fluentd so the logs display without the visible `\\'\\'` separator. (BZ#1816837)
  • When using a cluster installed on the Azure cloud platform, the `cifs-utils` package is required to create volume mounts for Pods. The `cifs-utils` package was not included in the list of packages installed for RHEL7 hosts when installing OpenShift Container Platform, causing Pod volume mounts to fail. The `cifs-utils` package is now included in the list of packages installed for RHEL7 hosts; therefore, Pod volume mounts are now created successfully when deploying to a cluster installed on the Azure cloud platform. (BZ#1845821)
  • SELinux permissions were blocking read/write access to mounted volumes on the Azure cloud platform. This bug fix updates the SELinux booleans to match RHCOS 8.x to allow proper access. (BZ#1845836)

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.27-x86_64

The image digest is sha256:a2bdd3b4516e05760d01e2589fc0866f7386c1c10c866b29fea137067e76f2ae

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.27-s390x

The image digest is sha256:611faa1e365f43dbc414e1637306f856f84ff8d6410031de2be7a5cf8d6d0a85

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.27-ppc64le

The image digest is sha256:70016e156c7c12fb69f73006b2d8983c4613faabad4f3d4bcf4bdff6d5d208ad

All OpenShift Container Platform 4.3 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.27, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.

Affected Products

  • Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.3 for RHEL 7 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 7 s390x

Fixes

  • BZ - 1775252 - [Enhancement] Missing degraded condition when the static pod installer is unable to create pods due to networking errors
  • BZ - 1816837 - Fluentd inserts \\'\\' into some log messages ingested from container logs
  • BZ - 1843488 - Manual procedure "Recovering from expired control plane certificates" results in "Unable to connect to the server: x509: certificate signed by unknown authority"
  • BZ - 1844135 - kube-proxy deployment does not include any memory/cpu requests
  • BZ - 1845821 - Azure-file mount fail on RHEL worker due to missing cifs-utils package
  • BZ - 1845836 - [azure-file] "Permission denied" when read/write to mounted directory on RHEL node.
  • BZ - 1846228 - [Kuryr] LB sg update not skipped when no endpoint is found
  • BZ - 1846259 - [Kuryr] LB resources not deleted when are transitioned to ERROR
  • BZ - 1848622 - API server crash loop on ARO
  • BZ - 1848976 - re-enable jenkins tests in e2e-gcp-builds

References

(none)

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.