Issued:

2019-02-20

Updated:

2019-02-20

RHBA-2019:0331 - OpenShift Container Platform 3.9 bug fix update

Synopsis

OpenShift Container Platform 3.9 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 3.9.68 is now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.68. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2019:0330

This update includes the following bugs:

• The openshift_management_project variable was not respected. As a result, the Cloud Forms Management Engine app has always been installed in hardcoded namespace. With this bug fix, CFME namespace is using the openshift_management_project variable. The CFME app is installed according to openshift_management_project settings. (BZ#159166)

• Certain tasks did not pass the --config option to the oc client. If the ansible_user's kubeconfig was modified, it could cause those tasks to fail. With this bug fix, all tasks now pass the --config option pointing at the proper admin kubeconfig, which should never be modified. Installation and upgrades in scenarios where the kubeconfig has been modified now work as expected. (BZ#1631353)

• The cluster role system:image-pruner was required for all DELETE requests to the registry. As a result, the regular client could not cancel its uploads, and the S3 multipart uploads were accumulating. Now, the cluster role system:image-pruner will accept DELETE requests for uploads from clients who are allowed to write into them. (BZ#1662132)

• The sysconfig files located in /etc/sysconfig contained a broken link to documentation. Those links are now updated. (BZ#1668210)

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages.

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.

See the following documentation, which will be updated shortly for release 3.9.68, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Affected Products

Updated Packages

• atomic-openshift-clients-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-utils-3.9.68-1.git.0.0c424ac.el7.noarch.rpm
• atomic-openshift-service-catalog-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• openshift-ansible-3.9.68-1.git.0.0c424ac.el7.noarch.rpm
• ansible-service-broker-1.1.19-1.el7.src.rpm
• atomic-openshift-docker-excluder-3.9.68-1.git.0.76fd86e.el7.noarch.rpm
• ansible-service-broker-1.1.19-1.el7.x86_64.rpm
• openshift-ansible-playbooks-3.9.68-1.git.0.0c424ac.el7.noarch.rpm
• atomic-openshift-template-service-broker-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-node-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-pod-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-clients-redistributable-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-federation-services-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-web-console-3.9.68-1.git.285.fefb1e9.el7.x86_64.rpm
• openshift-ansible-docs-3.9.68-1.git.0.0c424ac.el7.noarch.rpm
• atomic-openshift-master-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-dockerregistry-3.9.68-1.git.357.47ee9e2.el7.x86_64.rpm
• atomic-openshift-excluder-3.9.68-1.git.0.76fd86e.el7.noarch.rpm
• atomic-openshift-web-console-3.9.68-1.git.285.fefb1e9.el7.src.rpm
• openshift-ansible-3.9.68-1.git.0.0c424ac.el7.src.rpm
• ansible-service-broker-selinux-1.1.19-1.el7.noarch.rpm
• prometheus-node-exporter-3.9.68-1.git.1063.4ff2a03.el7.x86_64.rpm
• atomic-openshift-tests-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• openshift-ansible-roles-3.9.68-1.git.0.0c424ac.el7.noarch.rpm
• atomic-openshift-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• atomic-openshift-cluster-capacity-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• golang-github-prometheus-node_exporter-3.9.68-1.git.1063.4ff2a03.el7.src.rpm
• atomic-openshift-sdn-ovs-3.9.68-1.git.0.76fd86e.el7.x86_64.rpm
• ansible-service-broker-container-scripts-1.1.19-1.el7.noarch.rpm
• atomic-openshift-3.9.68-1.git.0.76fd86e.el7.src.rpm

Fixes

• This content is not included.BZ - 1554675
• This content is not included.BZ - 1559424
• This content is not included.BZ - 1623426
• This content is not included.BZ - 1631353
• This content is not included.BZ - 1634158
• This content is not included.BZ - 1640788
• This content is not included.BZ - 1662132
• This content is not included.BZ - 1667785
• This content is not included.BZ - 1668210
• This content is not included.BZ - 1668893
• This content is not included.BZ - 1671346

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.