RHBA-2020:4325 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.5.17 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.5.17. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:4326

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

This update fixes the following bugs among others:

• Previously, NICs that had the same NIC profile could not be imported successfully, or the wrong network was chosen. The UI now forces users to select the same network, which is not the pod network, for such NICs. (BZ#1852530)
• Previously, when importing a VMware VM from a cluster whose name included spaces or special characters, the VM import would fail. Clusters with spaces or special characters included in their name now successfully import VMware VMs. (BZ#1879973)
• Previously, the node file system calculations for Used and Total were incorrect due to an incorrect query. Now, the query is updated and calculates the data correctly. (BZ#1883177)
• Registry Operator type assertions were made twice for a variable and the second time the result was not checked. This caused false assertions and created panic conditions. Now, checked type assertions are used and the Operator does not panic. (BZ#1886603)
• Previously, using a PingSource always failed, which was caused by an outdated API version used in the EventSource CRD. The latest version of the EventSource CRD is now used, allowing users to create all event sources from the web console. (BZ#1889982)
• Because the HAProxy is reloaded when the router changes the configuration file, the Prometheus counter metrics were decreasing across reloads, which explicitly violates the definition of a counter metric.

The router code was fixed to note the time of the last metrics scrape. This prevents scraping beyond the preserved counter values during a reload. As a result the counter metrics do not show a sudden increase followed by a decrease when the router is reloading. (BZ#1890534)

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.5.17-x86_64

The image digest is sha256:6dde1b3ad6bec35364b2b89172cfea0459df75c99a4031f6f7b2a94eb9b166cf

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.5.17-s390x

The image digest is sha256:f90de4ad0c87b7099e731e9032223b140348deeeae9ddf0941a35ffec5a1c209

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.5.17-ppc64le

The image digest is sha256:21d8bc79b653c104f42e04af3f3138dec060c2a4bffd2aeb00fb48aa6f310d72

All OpenShift Container Platform 4.5 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x

Fixes

• BZ - 1852530 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod.
• BZ - 1857268 - oc get events fails when sorting by lastTimestamp
• BZ - 1874373 - [v2v][ui] VM import RHV to CNV: RHV URL pass validation though it is missing 'https://'
• BZ - 1874599 - Unable to delete machine and baremetalhost objects (stuck in "deleting")
• BZ - 1874815 - Too many CA certs in additionalTrustBundles of install-config.yaml causes installation to fail
• BZ - 1874910 - azure provider: make generate script broken
• BZ - 1877278 - [v2v] missing early warning in VMImport wizard when VMImport cannot be started
• BZ - 1877561 - [OCP 4.5] Network Policies stale entries exists indefinitely under NB db
• BZ - 1878297 - There are 2 duplicated running pods for certified-operators/community-operators/redhat-marketplace/redhat-operators in the project openshift-marketplace
• BZ - 1878307 - Catalog polling intervals only occur every OLM sync cycle
• BZ - 1879192 - External Storage [Driver: ebs.csi.aws.com] [Testpattern: Dynamic PV (default fs)(allowExpansion)] volume-expand Verify if offline PVC expansion works
• BZ - 1879973 - [v2v] The vpx:// URL is not encoded and white spaces make the import fail
• BZ - 1881380 - [RFE] [Independent] The Independent mode deployment option should not be listed for unsupported platforms, like cloud
• BZ - 1882196 - Add resource badges in the add trigger form dropdown
• BZ - 1882444 - remove update check from previous polling implementation
• BZ - 1883177 - [4.5.z] Node filesystem used and total are calculations are wrong
• BZ - 1883345 - Re-enable skipped conformance tests for IBM Cloud
• BZ - 1883881 - Streamed pipelinerun logs are truncated
• BZ - 1883967 - Pipeline builder / visualization task position issue in Safari (only)
• BZ - 1884574 - che editor link missing branch in URL
• BZ - 1884580 - Normal user can't create job from exist cronjob
• BZ - 1885515 - [release 4.5] Fixes ldflags in make build
• BZ - 1885688 - Switch to periodic process reaper for collecting zombie processes
• BZ - 1886603 - registry operator panics: interface conversion: cache.DeletedFinalStateUnknown is not v1.Object: missing method GetAnnotations
• BZ - 1887373 - Libvirt provider missing "leader-election" option for 4.5
• BZ - 1887446 - Backport `gather_core_dumps` to OCP 4.5
• BZ - 1888002 - Image stream test suites in CI for Power and Z [4.5]
• BZ - 1888352 - Baremetal IPI CI is failing to bootstrap on 4.5
• BZ - 1889783 - Dev Console does not work with Service Binding Operator v0.2.0+ (4.5)
• BZ - 1889982 - Dynamic Sources/channels should use latest version available
• BZ - 1890466 - 4.5.5 node-exporter pods show "failed to parse mountstats: invalid NFS per-operations stats"
• BZ - 1890534 - Counter metrics are decreasing which should not be allowed

CVEs

• CVE-2015-7501
• CVE-2020-12351
• CVE-2020-12352
• CVE-2020-14779
• CVE-2020-14781
• CVE-2020-14782
• CVE-2020-14792
• CVE-2020-14796
• CVE-2020-14797
• CVE-2020-14803
• CVE-2020-25649

References

(none)