- Issued:
- 2014-11-25
- Updated:
- 2014-11-25
RHBA-2014:1903 - Red Hat OpenShift Enterprise 2.2.1 bug fix and enhancement update
Synopsis
Red Hat OpenShift Enterprise 2.2.1 bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Red Hat OpenShift Enterprise release 2.2.1 is now available with updates to packages that fix several bugs and introduce a feature enhancement.
Description
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This update fixes the following bugs:
-
During application or gear restarts, the MongoDB cartridge did not ensure that users could authenticate to MongoDB prior to reporting a successful connection. As a result, applications that made use of MongoDB could attempt to connect to MongoDB before it was finished initializing, causing a "command denied" error. This bug fix updates the MongoDB cartridge, and now applications that make use of MongoDB wait until MongoDB is fully initialized before attempting to connect. After applying this fix, a cartridge upgrade is required. (BZ#1156106)
-
Previously, the jenkins-plugin-openshift package did not require the wget package. When the jenkins-plugin-openshift package was installed using a method that did not require wget, such as Puppet, this caused the Jenkins plug-in to fail to retrieve remote resources due to the missing wget package, and Jenkins builds failed as a result. This bug fix updates the jenkins-plugin-openshift package to add the wget package as a dependency, and Jenkins builds now trigger properly regardless of the installation method. (BZ#1161372)
-
When Red Hat Enterprise Linux (RHEL) Server 6.6 was released, the ose-upgrade tool required an update for compatibility with the latest subscription-manager RPM package. Because the ose-upgrade tool ships with the openshift-enterprise-release package, adding the dependency in that package causes problems for administrators that maintain their own stream of RHEL 6. This bug fix updates the openshift-enterprise-release package to remove the explicit dependency on the subscription-manager package. As a result, the ose-upgrade tool now works with all RHEL 6 versions of the subscription-manager package. (BZ#1163500)
-
A race condition existed between destroy-app and configure actions for the same application. When the configure action timed out in MCollective and the broker tried to destroy the application, it was possible for artifacts to be left behind in apache-vhost configuration files. As a result, applications could become unreachable. This bug fix updates the apache-vhost front-end server plug-in to verify whether the directory exists before configuring apache-vhost configuration files, and the artifacts are no longer left behind. (BZ#1157643)
This update also adds the following enhancement:
- Previously in the apache-vhost front-end server plug-in, the SSLCertificateChainFile setting in the frontend-vhost-https-template.erb file was set to the same value as the SSLCertificateFile setting. This enhancement updates the plug-in so that SSLCertificateChainFile is a configurable setting. As part of this enhancement, the following new configuration parameters have been added to the /etc/openshift/node.conf file on node hosts, which use the following default values when undefined:
OPENSHIFT_DEFAULT_SSL_KEY_PATH="/etc/pki/tls/private/localhost.key" OPENSHIFT_DEFAULT_SSL_CRT_PATH="/etc/pki/tls/certs/localhost.crt" OPENSHIFT_DEFAULT_SSL_CRT_CHAIN_PATH="/etc/pki/tls/certs/localhost.crt"
(BZ#1160300)
All OpenShift Enterprise users are advised to upgrade to these updated packages.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be updated shortly for release 2.2.1, for important instructions on how to fully apply this asynchronous errata update:
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/articles/11258.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift Enterprise Infrastructure | 2.2 | x86_64 |
| Red Hat OpenShift Enterprise Application Node | 2.2 | x86_64 |
Updated Packages
- openshift-enterprise-release-2.2.1-1.el6op.noarch.rpm
- openshift-origin-cartridge-mongodb-1.23.2.2-1.el6op.src.rpm
- jenkins-plugin-openshift-0.6.40.2-0.el6op.x86_64.rpm
- rubygem-openshift-origin-node-1.31.3.7-1.el6op.src.rpm
- rubygem-openshift-origin-frontend-apache-vhost-0.10.1.4-1.el6op.src.rpm
- openshift-enterprise-upgrade-broker-2.2.1-1.el6op.noarch.rpm
- openshift-enterprise-yum-validator-2.2.1-1.el6op.noarch.rpm
- openshift-enterprise-upgrade-node-2.2.1-1.el6op.noarch.rpm
- openshift-origin-cartridge-mongodb-1.23.2.2-1.el6op.noarch.rpm
- openshift-enterprise-upgrade-2.2.1-1.el6op.src.rpm
- jenkins-plugin-openshift-0.6.40.2-0.el6op.src.rpm
- rubygem-openshift-origin-frontend-apache-vhost-0.10.1.4-1.el6op.noarch.rpm
- rubygem-openshift-origin-node-1.31.3.7-1.el6op.noarch.rpm
Fixes
- This content is not included.BZ - 1156106
- This content is not included.BZ - 1157643
- This content is not included.BZ - 1160300
- This content is not included.BZ - 1161372
- This content is not included.BZ - 1163500
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.