Issued:
2018-08-29
Updated:
2018-08-29

RHBA-2018:2549 - OpenShift Container Platform 3.9 bug fix update

Synopsis

OpenShift Container Platform 3.9 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 3.9.41 is now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud ddeployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.41. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2018:2548

This update fixes the following bugs:

  • This bug fix adds tasks to the upgrade playbooks to correctly upgrade the CRI-O RPMS. (BZ#1553213)

  • Previously, groups associated with a user were not checked when performing access checks to look up the readiness of objects created by the templates. This resulted in a readiness failure at the template instance level. This bug fix passes the user's groups when performing the readiness check operation, not just when performing the object creation. (BZ#1562527)

  • If CRI-O was enabled and /var/lib/docker was a mount point rather than a directory, the installation would fail with the error Device or resource busy: '/var/lib/docker'. The installation playbooks have been fixed to account for /var/lib/docker as a mount point. (BZ#1574887)

  • If the Prometheus service account did not have the required permissions to access the metrics endpoint of the router, then Prometheus failed to scrape the router's metrics. This bug fix grants an additional role with permissions to access the metrics endpoint to the Prometheus service account. (BZ#1588010)

  • Previously, the Ansible template did not quote the value in the selector. This created an invalid JSON file. This bug fix quotes the selector value, which allows the PVC with the selector to be created. (BZ#1601605)

  • The 9100 port was previously blocked on all nodes by default. Prometheus could not scrape the node_exporter service running on the other nodes, which listen on port 9100. This bug fix modifies the firewall configurations to allow incoming TCP traffic for the 9000 - 1000 port range. (BZ#1603144)

  • Previously, the underlying library that Fluentd used for reading in journal files did not correctly handle rolled over files. When a journal file was rolled over, Fluentd would hold these files even after it was done reading from them. This bug fix updated the code in the underlying fluent-plugin-systemd plugin and updated the version in the Fluentd Dockerfile. (BZ#1610678)

  • This bug fix removed the openshift_crio_use_rpm variable and updated the installer tasks to only install CRI-O using RPMS. (BZ1614916)

  • Previously, older versions of dnsmasq used privileged, lower-numbered source ports for outbound DNS queries. This caused outbound DNS queries to potentially be dropped. This bug fix configures dnsmasq using its min-port setting to set the minimum port number for outbound queries to 1024. (BZ#1614983)

All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See the following documentation, which will be updated shortly for release 3.9.41, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.9x86_64

Updated Packages

  • atomic-openshift-3.9.41-1.git.0.67432b0.el7.src.rpm
  • rubygem-domain_name-doc-0.5.20180417-1.el7.noarch.rpm
  • rubygem-systemd-journal-1.3.3-2.el7.src.rpm
  • rubygem-yajl-ruby-1.4.1-1.el7.src.rpm
  • atomic-openshift-pod-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • rubygem-faraday-0.15.2-1.el7.noarch.rpm
  • rubygem-mime-types-data-3.2018.0812-2.el7.noarch.rpm
  • rubygem-ffi-1.9.25-2.el7.x86_64.rpm
  • rubygem-faraday-doc-0.15.2-1.el7.noarch.rpm
  • rubygem-yajl-ruby-doc-1.4.1-1.el7.noarch.rpm
  • atomic-openshift-service-catalog-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • atomic-openshift-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • fluentd-debuginfo-0.12.43-2.el7.x86_64.rpm
  • atomic-openshift-docker-excluder-3.9.41-1.git.0.67432b0.el7.noarch.rpm
  • rubygem-excon-doc-0.62.0-1.el7.noarch.rpm
  • rubygem-systemd-journal-1.3.3-2.el7.noarch.rpm
  • rubygem-domain_name-0.5.20180417-1.el7.src.rpm
  • openshift-ansible-3.9.41-1.git.0.4c55974.el7.noarch.rpm
  • atomic-openshift-sdn-ovs-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • atomic-openshift-master-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • fluentd-0.12.43-2.el7.x86_64.rpm
  • atomic-openshift-web-console-3.9.41-1.git.256.9e431bd.el7.src.rpm
  • atomic-openshift-excluder-3.9.41-1.git.0.67432b0.el7.noarch.rpm
  • atomic-openshift-template-service-broker-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • rubygem-ffi-1.9.25-2.el7.src.rpm
  • rubygem-ffi-debuginfo-1.9.25-2.el7.x86_64.rpm
  • rubygem-excon-0.62.0-1.el7.src.rpm
  • atomic-openshift-clients-redistributable-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • rubygem-fluent-plugin-systemd-0.0.11-1.el7.src.rpm
  • rubygem-fluent-plugin-systemd-doc-0.0.11-1.el7.noarch.rpm
  • rubygem-yajl-ruby-1.4.1-1.el7.x86_64.rpm
  • rubygem-mime-types-data-doc-3.2018.0812-2.el7.noarch.rpm
  • atomic-openshift-node-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • python-requests-2.14.2-1.el7ost.src.rpm
  • openshift-ansible-roles-3.9.41-1.git.0.4c55974.el7.noarch.rpm
  • rubygem-fluent-plugin-elasticsearch-1.17.2-1.el7.noarch.rpm
  • rubygem-mime-types-doc-3.2.2-2.el7.noarch.rpm
  • prometheus-node-exporter-3.9.41-1.git.1054.156de1a.el7.x86_64.rpm
  • atomic-openshift-utils-3.9.41-1.git.0.4c55974.el7.noarch.rpm
  • fluentd-0.12.43-2.el7.src.rpm
  • rubygem-mime-types-3.2.2-2.el7.src.rpm
  • mariadb-apb-role-1.1.11-1.el7.src.rpm
  • atomic-openshift-web-console-3.9.41-1.git.256.9e431bd.el7.x86_64.rpm
  • rubygem-fluent-plugin-elasticsearch-doc-1.17.2-1.el7.noarch.rpm
  • openshift-ansible-3.9.41-1.git.0.4c55974.el7.src.rpm
  • atomic-openshift-federation-services-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • golang-github-prometheus-node_exporter-3.9.41-1.git.1054.156de1a.el7.src.rpm
  • openshift-ansible-docs-3.9.41-1.git.0.4c55974.el7.noarch.rpm
  • rubygem-mime-types-3.2.2-2.el7.noarch.rpm
  • atomic-openshift-clients-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • rubygem-fluent-plugin-elasticsearch-1.17.2-1.el7.src.rpm
  • python2-requests-2.14.2-1.el7ost.noarch.rpm
  • rubygem-mime-types-data-3.2018.0812-2.el7.src.rpm
  • rubygem-domain_name-0.5.20180417-1.el7.noarch.rpm
  • rubygem-yajl-ruby-debuginfo-1.4.1-1.el7.x86_64.rpm
  • mariadb-apb-role-1.1.11-1.el7.noarch.rpm
  • rubygem-fluent-plugin-systemd-0.0.11-1.el7.noarch.rpm
  • atomic-openshift-cluster-capacity-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • openshift-ansible-playbooks-3.9.41-1.git.0.4c55974.el7.noarch.rpm
  • atomic-openshift-dockerregistry-3.9.41-1.git.351.84a91c0.el7.x86_64.rpm
  • rubygem-faraday-0.15.2-1.el7.src.rpm
  • fluentd-doc-0.12.43-2.el7.noarch.rpm
  • atomic-openshift-tests-3.9.41-1.git.0.67432b0.el7.x86_64.rpm
  • rubygem-excon-0.62.0-1.el7.noarch.rpm
  • rubygem-systemd-journal-doc-1.3.3-2.el7.noarch.rpm

Fixes

CVEs

(none)

References

(none)

Additional information