Issued:
2017-05-18
Updated:
2017-05-18

RHBA-2017:1235 - OpenShift Container Platform 3.5, 3.4, 3.3, and 3.1 bug fix update

Synopsis

OpenShift Container Platform 3.5, 3.4, 3.3, and 3.1 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform releases 3.5.5.15, 3.4.1.24, 3.3.1.25, and 3.1.1.11-2 are now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.5.5.15, 3.4.1.24, 3.3.1.25, and 3.1.1.11-2. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2017:1236

This update fixes the following bugs:

  • A library used in OpenShift Container Platform 3.1 contained an issue where some connections did not terminate cleanly. This issue lead to high memory usage. This bug fix properly terminates the connections, allowing the memory associated with the connection to be freed as expected. (BZ#1442802)

  • When upgrading the logging stack, the minimum master configuration value was set to use an environment value that was never set. This bug fix replaces the minimum master environment variable with node quorum, which has been available since logging inception. As a result, Elasticsearch starts without generating a missing variable exception. (BZ#1439356)

  • Template descriptions were not displayed in the web console catalog after clicking "Add to Project". Only the name was displayed. This bug fix ensures that template descriptions are correctly displayed in the tiles when browsing the catalog and in the page header when instantiating a template. (BZ#1444200)

  • The EgressNetworkPolicy code in OpenShift Container Platform 3.3 mistakenly required you to specify "0.0.0.0/32" rather than "0.0.0.0/0" if you wanted to match all IPs, but the code that validated service endpoint IPs against EgressNetworkPolicy rules did not have the same bug. It was possible to bypass a "deny 0.0.0.0/32" EgressNetworkPolicy by creating a service pointing to an external IP and then connecting to the service. This bug fix updates the endpoint validation code to now treat "0.0.0.0/32" the same way the EgressNetworkPolicy code does. In addition, the correct value of "0.0.0.0/0" is now accepted in EgressNetworkPolicy. As a result, policy is now implemented as intended. (BZ#1440886)

  • A panic could occur due to concurrent access shows in the logs. This bug fix adds the appropriate locking, and as a result the logs are clean and these panics no longer occur. (BZ#1445510)

  • The code to set up multicast was not run when only one node was in the cluster. This caused multicast traffic to be dropped when on a single-node cluster. This bug fix changes the rules so the multicast setup is performed for a single-node. As a result, multicast works for single-node clusters. (BZ#1445502)

  • The initialization order of the SDN plug-in set the event handler up too late. This caused early events to have no handler, so the SDN panicked. This bug fix re-orders the SDN initialization so the event handler is in place before it can ever be called. As a result, these panics no longer occur. (BZ#1445505)

  • Quickly and repeatedly adding and deleting a route with same name in a namespace caused the router pod to panic with the error "invalid state transition: Deleted -> ADDED". This bug fix adds the objects UID to the event queue key generation function. As a result, these panics no longer occur. (BZ#1435721)

  • Route matching logic changed, and trailing slashed inadvertently broke. This caused subpaths with trailing / characters to break. This bug fix corrects the matching code, and as a result the previous behavior is restored. (BZ#1448218)

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 3.5, see the following documentation, which will be updated shortly for release 3.5.5.15, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.5/release_notes/ocp_3_5_release_notes.html

For OpenShift Container Platform 3.4, see the following documentation, which will be updated shortly for release 3.4.1.24, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.4/release_notes/ocp_3_4_release_notes.html

For OpenShift Container Platform 3.3, see the following documentation, which will be updated shortly for release 3.3.1.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.3/release_notes/ocp_3_3_release_notes.html

For OpenShift Container Platform 3.1, see the following documentation, which will be updated shortly for release 3.1.1.11-2, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.5x86_64
Red Hat OpenShift Container Platform3.4x86_64
Red Hat OpenShift Container Platform3.3x86_64
Red Hat OpenShift Container Platform3.1x86_64

Updated Packages

  • tuned-profiles-atomic-openshift-node-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • rubygem-docker-api-doc-1.22.4-2.el7.noarch.rpm
  • atomic-openshift-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-docker-excluder-3.3.1.25-1.git.0.708db09.el7.noarch.rpm
  • atomic-openshift-master-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • atomic-openshift-clients-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • jenkins-plugin-kubernetes-0.8-1.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • rubygem-multipart-post-doc-2.0.0-3.el7.noarch.rpm
  • python-click-4.1-3.el7.noarch.rpm
  • atomic-openshift-docker-excluder-3.1.1.11-2.git.9.44fe9ba.el7aos.noarch.rpm
  • atomic-openshift-node-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • atomic-openshift-3.3.1.25-1.git.0.708db09.el7.src.rpm
  • nodejs-lru-cache-4.0.2-1.el7.noarch.rpm
  • nodejs-pseudomap-1.0.2-2.el7.noarch.rpm
  • atomic-openshift-excluder-3.5.5.15-1.git.0.4b5f317.el7.noarch.rpm
  • nodejs-yallist-2.0.0-2.el7.src.rpm
  • nodejs-packaging-7-5.el7aos.noarch.rpm
  • nodejs-openshift-auth-proxy-0.0.23-2.el7.noarch.rpm
  • atomic-openshift-docker-excluder-3.4.1.24-1.git.0.3d4769e.el7.noarch.rpm
  • atomic-openshift-master-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • python-setuptools-17.1.1-4.el7.src.rpm
  • atomic-openshift-sdn-ovs-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • tuned-profiles-atomic-openshift-node-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • atomic-openshift-node-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • origin-kibana-0.6.0-1.el7aos.src.rpm
  • atomic-openshift-excluder-3.4.1.24-1.git.0.3d4769e.el7.noarch.rpm
  • nodejs-pseudomap-1.0.2-2.el7.src.rpm
  • jenkins-plugin-kubernetes-0.8-1.el7.src.rpm
  • python-setuptools-17.1.1-4.el7.noarch.rpm
  • atomic-openshift-3.1.1.11-2.git.9.44fe9ba.el7aos.src.rpm
  • atomic-openshift-3.5.5.15-1.git.0.4b5f317.el7.src.rpm
  • nodejs-lru-cache-4.0.2-1.el7.src.rpm
  • atomic-openshift-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • rubygem-fluent-plugin-docker_metadata_filter-0.1.1-2.el7.noarch.rpm
  • atomic-openshift-excluder-3.1.1.11-2.git.9.44fe9ba.el7aos.noarch.rpm
  • rubygem-fluent-plugin-docker_metadata_filter-0.1.1-2.el7.src.rpm
  • atomic-openshift-master-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • atomic-openshift-tests-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • atomic-openshift-pod-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • rubygem-multipart-post-2.0.0-3.el7.noarch.rpm
  • atomic-openshift-pod-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • python-click-4.1-3.el7.src.rpm
  • atomic-openshift-pod-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-clients-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-3.4.1.24-1.git.0.3d4769e.el7.src.rpm
  • rubygem-docker-api-1.22.4-2.el7.noarch.rpm
  • nodejs-openshift-auth-proxy-0.0.23-2.el7.src.rpm
  • atomic-openshift-tests-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • atomic-openshift-clients-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-master-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-clients-redistributable-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • tuned-profiles-atomic-openshift-node-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • openshift-elasticsearch-plugin-2.4.1.7__redhat_1-1.el7.src.rpm
  • atomic-openshift-node-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • nodejs-packaging-7-5.el7aos.src.rpm
  • atomic-openshift-excluder-3.3.1.25-1.git.0.708db09.el7.noarch.rpm
  • atomic-openshift-clients-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • nodejs-yallist-2.0.0-2.el7.noarch.rpm
  • atomic-openshift-clients-redistributable-3.5.5.15-1.git.0.4b5f317.el7.x86_64.rpm
  • atomic-openshift-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • rubygem-fluent-plugin-docker_metadata_filter-doc-0.1.1-2.el7.noarch.rpm
  • openshift-elasticsearch-plugin-2.4.1.7__redhat_1-1.el7.noarch.rpm
  • rubygem-multipart-post-2.0.0-3.el7.src.rpm
  • atomic-openshift-tests-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • atomic-openshift-clients-redistributable-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-recycle-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-dockerregistry-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • atomic-openshift-pod-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • origin-kibana-0.6.0-1.el7aos.noarch.rpm
  • rubygem-docker-api-1.22.4-2.el7.src.rpm
  • atomic-openshift-clients-redistributable-3.3.1.25-1.git.0.708db09.el7.x86_64.rpm
  • rubygem-lru_redux-1.1.0-2.el7.src.rpm
  • atomic-openshift-docker-excluder-3.5.5.15-1.git.0.4b5f317.el7.noarch.rpm
  • rubygem-lru_redux-1.1.0-2.el7.noarch.rpm
  • tuned-profiles-atomic-openshift-node-3.1.1.11-2.git.9.44fe9ba.el7aos.x86_64.rpm
  • atomic-openshift-node-3.4.1.24-1.git.0.3d4769e.el7.x86_64.rpm
  • rubygem-lru_redux-doc-1.1.0-2.el7.noarch.rpm

Fixes

CVEs

(none)

References

(none)

Additional information