- Issued:
- 2021-04-12
- Updated:
- 2021-04-12
RHBA-2021:1167 - Bug Fix Advisory
Synopsis
Openshift Logging Bug Fix Release (5.0.2)
Type/Severity
Bug Fix Advisory
Topic
Openshift Logging Bug Fix Release (5.0.2)
Description
Openshift Logging Bug Fix Release (5.0.2)
You use the Red Hat OpenShift Logging product to forward, store, and
visualize log data from your cluster.
Changes to the Red Hat OpenShift Logging product:
- If you did not set `.proxy` in the cluster installation configuration, and then configured a global proxy on the installed cluster, a bug prevented Fluentd from forwarding logs to Elasticsearch. To work around this issue, in the proxy/cluster configuration, set `no_proxy` to `.svc.cluster.local` so it skips internal traffic. The current release fixes the proxy configuration issue. Now, if you configure the global proxy after installing an OpenShift cluster, Fluentd forwards logs to Elasticsearch. (*LOG-1187*, *BZ#1915448*)
- Previously, forwarding logs to Kafka using chained certificates failed with error "state=error: certificate verify failed (unable to get local issuer certificate)." Logs could not be forwarded to a Kafka broker with a certificate signed by an intermediate CA. This happened because fluentd Kafka plugin could only handle a single CA certificate supplied in the ca-bundle.crt entry of the corresponding secret. The current release fixes this issue. It enables the fluentd Kafka plugin to handle multiple CA certificates supplied in the ca-bundle.crt entry of the corresponding secret. Now, logs can be forwarded to a Kafka broker with a certificate signed by an intermediate CA. (*LOG-1216*, *LOG-1218*, *BZ#1904380*)
- Previously, an update in the cluster service version (CSV) accidentally introduced resource/limits for the OpenShift Elasticsearch operator container. Under specific conditions, this issue prevented the operator from being scheduled. The current release fixes this issue by removing the CSV resource/limits for the operator container. Now, the operator gets scheduled without issues. (*LOG-1254*, *BZ#1944048*)
Solution
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html
For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
Affected Products
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
Fixes
(none)CVEs
References
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.