Issued:
2017-07-27
Updated:
2017-07-27

RHBA-2017:1810 - OpenShift Container Platform atomic-openshift-utils bug fix and enhancement

Synopsis

OpenShift Container Platform atomic-openshift-utils bug fix and enhancement

Type/Severity

Bug Fix Advisory None

Topic

Updated atomic-openshift-utils and openshift-ansible packages that fix several bugs and add enhancements are now available for OpenShift Container Platform 3.5, 3.4, and 3.3.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

The atomic-openshift-utils and openshift-ansible packages contain the installation utility and Ansible requirements for installing and upgrading OpenShift Container Platform 3.

This update fixes the following bugs:

  • Due to a YAML library wrapping long lines, LDAP configuration parameters were parsed incorrectly. This bug fix configure YAML library dumper with a longer line length. As a result, LDAP configuration parameters are written without line wraps and can be parsed correctly. (BZ#1450007)

  • When openshift_image_tag was specified in an inventory in the format 3.x instead of a full tag of 3.x.x.x, the evaluation of openshift_image_tag >= LooseVersion('3.x.0.0') would result in "False". This caused the condition to be improperly applied to logic elsewhere in the code, resulting in invalid evaluation of version specific facts. This bug fix updates the version comparisons to compare against the terse minimum version of 3.x. (BZ#1443416, BZ#1466770)

  • A property was missing from a logging configuration file, causing Elasticsearch to fail to start, generating a large stack trace. This bug fix modifies the installer to create the configuration with the required property. As a result, Elasticsearch now starts as expected. (BZ#1466626)

  • Previously, the upgrade playbooks used the default kubeconfig file, which may have been modified since creation to use a non-administrator user. With this bug fix, the upgrade playbooks use the system:admin user's kubeconfig, which avoids this problem. (BZ#1470338)

  • The fact etcd_is_atomic was detected incorrectly due to the role ordering of some fact-setting operations. RHEL Atomic Host systems do not support yum, repoquery, or rpm commands, but they would attempt to run commands specific to managing and inspecting repositories and packages when they should not. This bug fix changes the ordering of role calls and fact updates and wraps them in a meta-role to ensure they stay in the correct order. As a result, these systems no longer attempt to run these unsupported commands because the etcd_is_atomic fact is correctly detected. (BZ#1442009, BZ#1442010)

  • In some mixed-node environments, it was possible that host facts were not collected for containerized hosts, causing a conditional to fail. This bug fix adds a conditional to allow the check to complete correctly. (BZ#1466501)

In addition, this update adds the following enhancements:

  • Containerized masters now mount /etc/pki from the host, enabling the master process to make use of the host's CA trust store and certificates. (BZ#1465120, BZ#1465121)

  • The CloudForms Management Engine (CFME) templates have been updated to support CFME 4.5. (BZ#1468502)

All OpenShift Container Platform users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To apply this update, run the following on all hosts where you intend to initiate Ansible-based installation or upgrade procedures:

yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at:

https://access.redhat.com/articles/11258

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.5x86_64
Red Hat OpenShift Container Platform3.4x86_64
Red Hat OpenShift Container Platform3.3x86_64

Updated Packages

  • openshift-ansible-filter-plugins-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • openshift-ansible-playbooks-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • openshift-ansible-3.4.119-1.git.0.2b36c8a.el7.src.rpm
  • openshift-ansible-roles-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • openshift-ansible-docs-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-docs-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • openshift-ansible-playbooks-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • openshift-ansible-filter-plugins-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • atomic-openshift-utils-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • atomic-openshift-utils-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • atomic-openshift-utils-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-callback-plugins-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • openshift-ansible-docs-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • openshift-ansible-roles-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm
  • openshift-ansible-playbooks-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-callback-plugins-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • openshift-ansible-3.5.101-1.git.0.0107544.el7.src.rpm
  • openshift-ansible-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • openshift-ansible-lookup-plugins-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • openshift-ansible-roles-3.5.101-1.git.0.0107544.el7.noarch.rpm
  • openshift-ansible-callback-plugins-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-3.3.106-1.git.0.7291555.el7.src.rpm
  • openshift-ansible-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-filter-plugins-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-lookup-plugins-3.3.106-1.git.0.7291555.el7.noarch.rpm
  • openshift-ansible-lookup-plugins-3.4.119-1.git.0.2b36c8a.el7.noarch.rpm

Fixes

CVEs

(none)

References

(none)

Additional information