Issued:
2018-06-06
Updated:
2018-06-06

RHBA-2018:1796 - OpenShift Container Platform 3.9 bug fix and enhancement update

Synopsis

OpenShift Container Platform 3.9 bug fix and enhancement update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 3.9.30 is now available with updates to packages and images that fix several bugs and add enhancements.

Description

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.30. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:1797

This update fixes the following bugs:

  • Jenkins no_proxy processing could not handle suffixes like ".svc". As a result, communication between a Jenkins k8s agent pod and the Jenkins master would attempt to go through a configured http_proxy and fail. With this bug fix, the OpenShift Container Platform jenkins agent images are updated to automatically include the jenkins master and jnlp hosts in the no_proxy list. The Jenkins limitation for no_proxy processing is now circumvented.(BZ#1578989)

  • When creating the Elasticsearch server certificate, the external Elasticsearch host names were unconditionally added to the subjectAltName. Installation would fail because only host name components beginning with a letter are allowed in the subjectAltName, so hostnames like es.0xdeadbeef.com were disallowed and would cause an error. A warning is now issued if the Elasticsearch host name contains a component which does not begin with a letter, and it is not added to the subjectAltName. Logging installation now completes successfully. (BZ#1567767)

  • The plug-in only caught the KubeException, but not more general exceptions. Therefore, consumers were stuck cycling until the API server could be contacted. Metadata fetch is now more relaxed and gracefully catches the exception, returning no metadata, and subsequently the record is orphaned. (BZ#1560170)

  • logging-elasticsearch-ops was missing in the delete configmaps list in the openshift-ansible delete_logging role. The logging-elasticsearch-ops configmap still exists after running uninstall ansible playbook for logging. logging-elasticsearch-ops is added to the delete configmaps list. All of the logging configmaps including logging-elasticsearch-ops are now uninstalled by running the uninstall ansible playbook for logging. (BZ#1549220)

  • The Create Project button was incorrectly displayed to users when they had no projects and self-provisioning had been disabled on the projects list page of the web console. The action would always fail, so the button should have been hidden. The bug is now fixed, and Create Project is now correctly hidden in the console when self-provisioning is disabled. (BZ#1577359)

  • This bug fix addresses an issue pulling images from a private docker hub registry. (BZ#1578088)

  • This bug fix addresseswhere cfs_quota might still be set on a pod even when cpu-cfs-quota is set to false on the node. (BZ#1581860)

This update includes the following enhancement:

  • Users are now allowed to disable JSON payload parsing. Parsing each log message into JSON and attaching it to the final payload is an expensive operation. Fluentd can now be configured to disable parsing of message payloads. This is the initial configuration change to deprecating the feature from the fluent-plugin-kubernetes_metadata_filter. (BZ#1569825)

All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.30, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.9x86_64

Updated Packages

  • atomic-openshift-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • atomic-openshift-excluder-3.9.30-1.git.0.dec1ba7.el7.noarch.rpm
  • atomic-openshift-federation-services-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.3-1.el7.src.rpm
  • atomic-openshift-dockerregistry-3.9.30-1.git.349.8b7912c.el7.x86_64.rpm
  • cri-tools-debuginfo-1.0.0-5.rhaos3.9.git8e6013a.el7.x86_64.rpm
  • openshift-ansible-3.9.30-1.git.7.46f8678.el7.noarch.rpm
  • atomic-openshift-master-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • cri-tools-1.0.0-5.rhaos3.9.git8e6013a.el7.src.rpm
  • atomic-openshift-pod-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • cri-o-1.9.12-1.gitfa11beb.el7.x86_64.rpm
  • atomic-openshift-docker-excluder-3.9.30-1.git.0.dec1ba7.el7.noarch.rpm
  • prometheus-node-exporter-3.9.30-1.git.890.7ea5173.el7.x86_64.rpm
  • atomic-openshift-tests-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • cri-o-debuginfo-1.9.12-1.gitfa11beb.el7.x86_64.rpm
  • atomic-openshift-service-catalog-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • cri-o-1.9.12-1.gitfa11beb.el7.src.rpm
  • atomic-openshift-web-console-3.9.30-1.git.245.4a3aade.el7.src.rpm
  • rubygem-fluent-plugin-elasticsearch-1.16.1-1.el7.noarch.rpm
  • atomic-openshift-node-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • cri-tools-1.0.0-5.rhaos3.9.git8e6013a.el7.x86_64.rpm
  • rubygem-fluent-plugin-elasticsearch-doc-1.16.1-1.el7.noarch.rpm
  • rubygem-fluent-plugin-kubernetes_metadata_filter-doc-1.0.3-1.el7.noarch.rpm
  • atomic-openshift-clients-redistributable-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.3-1.el7.noarch.rpm
  • atomic-openshift-cluster-capacity-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • openshift-ansible-docs-3.9.30-1.git.7.46f8678.el7.noarch.rpm
  • atomic-openshift-web-console-3.9.30-1.git.245.4a3aade.el7.x86_64.rpm
  • openshift-ansible-playbooks-3.9.30-1.git.7.46f8678.el7.noarch.rpm
  • openshift-ansible-3.9.30-1.git.7.46f8678.el7.src.rpm
  • atomic-openshift-clients-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • atomic-openshift-utils-3.9.30-1.git.7.46f8678.el7.noarch.rpm
  • atomic-openshift-3.9.30-1.git.0.dec1ba7.el7.src.rpm
  • golang-github-prometheus-node_exporter-3.9.30-1.git.890.7ea5173.el7.src.rpm
  • atomic-openshift-sdn-ovs-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • atomic-openshift-template-service-broker-3.9.30-1.git.0.dec1ba7.el7.x86_64.rpm
  • openshift-ansible-roles-3.9.30-1.git.7.46f8678.el7.noarch.rpm
  • rubygem-fluent-plugin-elasticsearch-1.16.1-1.el7.src.rpm

Fixes

CVEs

References

(none)

Additional information