Issued:
2019-04-09
Updated:
2019-04-09

RHBA-2019:0619 - OpenShift Container Platform 3.9 bug fix update

Synopsis

OpenShift Container Platform 3.9 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 3.9.74 is now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.74. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2019:0618

This update fixes the following bugs:

  • Passing the --incremental argument when running a non-docker strategy build was not checked for validity. As a result, a null pointer error can occur attempting to process the invalid argument. Now, the arguments are checked to ensure they are applicable. An error is now returned to the user instead of a null pointer condition. (BZ#1541911)

  • The SSL and TLS service uses Diffie-Hellman groups with insufficient strength (a key size less than 2048 bytes). As a result, the keys are more vulnerable. Now, the key strength has been increased and certificates are more secure. (BZ#1679841)

  • The files that implemented log rotation functionality were not copied to the correct fluentd directory. As a result, logs were not rotated. Now, the container build inspects the fluentd gem to find out where to install the files. The files that implement log rotation are copied to the correct directory for fluentd usage. (BZ#1684048)

  • When a cluster was installed, the user name in the loopback kubeconfig is the same as the host name of the master. Now, the variable in the playbook is changed to a different value. (BZ#1686587)

  • Using MERGE_JSON_LOG=true would create fields in the record that would cause syntax violations or create too many fields in Elasticsearch, causing severe performance problems. Now, users who experience these problems can tune fluentd to accommodate their log record fields without errors or Elasticsearch performance degradation. (BZ#1686947)

All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages.

Solution

Before applying this update, ensure all previously released errata relevant to your system are applied.

See the following documentation, which will be updated shortly for release 3.9.74, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/articles/11258.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.9x86_64

Updated Packages

  • openshift-ansible-roles-3.9.74-1.git.0.70a0a63.el7.noarch.rpm
  • ansible-service-broker-1.1.20-1.el7.x86_64.rpm
  • atomic-openshift-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • openshift-ansible-3.9.74-1.git.0.70a0a63.el7.noarch.rpm
  • atomic-openshift-clients-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-cluster-capacity-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-3.9.74-1.git.0.78e56ea.el7.src.rpm
  • golang-github-prometheus-node_exporter-3.9.74-1.git.0.2ab615c.el7.src.rpm
  • ansible-service-broker-1.1.20-1.el7.src.rpm
  • atomic-openshift-utils-3.9.74-1.git.0.70a0a63.el7.noarch.rpm
  • atomic-openshift-tests-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • openshift-ansible-docs-3.9.74-1.git.0.70a0a63.el7.noarch.rpm
  • atomic-openshift-template-service-broker-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • cri-o-1.9.16-1.git78b2041.el7.src.rpm
  • atomic-openshift-pod-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • prometheus-node-exporter-3.9.74-1.git.0.2ab615c.el7.x86_64.rpm
  • ansible-service-broker-selinux-1.1.20-1.el7.noarch.rpm
  • cri-o-1.9.16-1.git78b2041.el7.x86_64.rpm
  • openshift-ansible-3.9.74-1.git.0.70a0a63.el7.src.rpm
  • cri-o-debuginfo-1.9.16-1.git78b2041.el7.x86_64.rpm
  • atomic-openshift-clients-redistributable-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-excluder-3.9.74-1.git.0.78e56ea.el7.noarch.rpm
  • atomic-openshift-web-console-3.9.74-1.git.50.93129da.el7.src.rpm
  • atomic-openshift-docker-excluder-3.9.74-1.git.0.78e56ea.el7.noarch.rpm
  • atomic-openshift-federation-services-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-node-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-master-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • atomic-openshift-service-catalog-3.9.74-1.git.0.78e56ea.el7.x86_64.rpm
  • ansible-service-broker-container-scripts-1.1.20-1.el7.noarch.rpm
  • atomic-openshift-web-console-3.9.74-1.git.50.93129da.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.9.74-1.git.0.b102e93.el7.x86_64.rpm
  • openshift-ansible-playbooks-3.9.74-1.git.0.70a0a63.el7.noarch.rpm

Fixes

CVEs

References

(none)

Additional information