Issued:
2019-04-09
Updated:
2019-04-09

RHBA-2019:0620 - OpenShift Container Platform 3.10 bug fix update

Synopsis

OpenShift Container Platform 3.10 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 3.10.127 is now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.10.127. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2019:0621

This update fixes the following bugs:

  • Playbooks that redeployed master certificates did not update webconsole secrets, causing failure to start the webconsole after redeployment. Now, webconsole secrets are re-created when master certificate playbooks are used and the webconsolenow works properly. (BZ#1667981)

  • The files that implemented log rotation functionality were not copied to the correct fluentd directory. As a result, logs were not rotated. Now, the container build inspects the fluentd gem to find out where to install the files. The files that implement log rotation are copied to the correct directory for fluentd usage. (BZ#1684210)

  • The SSL and TLS service uses Diffie-Hellman groups with insufficient strength (a key size less than 2048 bytes). As a result, the keys are more vulnerable. Now, the key strength has been increased and certificates are more secure. (BZ#1686135)

  • When a cluster was installed, the user name in the loopback kubeconfig is the same as the host name of the master. Now, the variable in the playbook is changed to a different value. (BZ#1686585)

  • Using MERGE_JSON_LOG=true would create fields in the record that would cause syntax violations or create too many fields in Elasticsearch, causing severe performance problems. Now, users who experience these problems can tune fluentd to accommodate their log record fields without errors or Elasticsearch performance degradation. (BZ#1686946)

  • If an override host name had been set, the sync script generated an error in the sync logs. This has now been resolved and is no longer present in situations where /etc/sysconfig/KUBELET_HOSTNAME_OVERRIDE is not present. (BZ#1687803)

  • Upgrade playbooks ran several oc commands that used resource aliases that may not be immediately available after a restart or other reasons. Now, the oc suite of commands uses the fully qualified resource name to avoid potential failure. (BZ#1688452)

All OpenShift Container Platform 3.10 users are advised to upgrade to these updated packages.

Solution

Before applying this update, ensure all previously released errata relevant to your system are applied.

See the following documentation, which will be updated shortly for release 3.10.127, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/articles/11258.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.10x86_64
Red Hat OpenShift Container Platform for Power3.10ppc64le

Updated Packages

  • atomic-openshift-template-service-broker-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.x86_64.rpm
  • python-libcloud-2.2.1-20180102gitd701bf9.el7.src.rpm
  • atomic-enterprise-service-catalog-svcat-3.10.127-1.git.55.b54f8c7.el7.ppc64le.rpm
  • atomic-openshift-sdn-ovs-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.x86_64.rpm
  • atomic-openshift-hypershift-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • atomic-openshift-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.x86_64.rpm
  • atomic-openshift-clients-redistributable-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-node-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-pod-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.src.rpm
  • atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.ppc64le.rpm
  • python-libcloud-2.2.1-20180102gitd701bf9.el7.noarch.rpm
  • atomic-openshift-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • prometheus-node-exporter-3.10.127-1.git.0.8ebe819.el7.ppc64le.rpm
  • atomic-openshift-clients-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • atomic-enterprise-service-catalog-svcat-3.10.127-1.git.55.b54f8c7.el7.x86_64.rpm
  • atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.x86_64.rpm
  • atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.src.rpm
  • atomic-openshift-docker-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm
  • openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.ppc64le.rpm
  • atomic-openshift-dockerregistry-3.10.127-1.git.0.f8aa6dd.el7.ppc64le.rpm
  • atomic-openshift-master-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • atomic-openshift-tests-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • atomic-openshift-hyperkube-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • rubygem-fluent-plugin-viaq_data_model-0.0.18-1.el7.src.rpm
  • atomic-openshift-hyperkube-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.ppc64le.rpm
  • atomic-openshift-clients-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • openshift-ansible-3.10.127-1.git.0.131da09.el7.noarch.rpm
  • openshift-ansible-playbooks-3.10.127-1.git.0.131da09.el7.noarch.rpm
  • rubygem-fluent-plugin-viaq_data_model-doc-0.0.18-1.el7.noarch.rpm
  • atomic-openshift-pod-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.src.rpm
  • openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.src.rpm
  • atomic-openshift-hypershift-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-excluder-3.10.127-1.git.0.dab74c6.el7.noarch.rpm
  • atomic-openshift-tests-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-3.10.127-1.git.0.dab74c6.el7.src.rpm
  • atomic-enterprise-service-catalog-3.10.127-1.git.55.b54f8c7.el7.ppc64le.rpm
  • atomic-openshift-node-problem-detector-3.10.127-1.git.0.4f5519b.el7.x86_64.rpm
  • atomic-openshift-node-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • openshift-enterprise-cluster-capacity-3.10.127-1.git.0.44580c6.el7.x86_64.rpm
  • openshift-ansible-docs-3.10.127-1.git.0.131da09.el7.noarch.rpm
  • atomic-openshift-master-3.10.127-1.git.0.dab74c6.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.ppc64le.rpm
  • atomic-openshift-web-console-3.10.127-1.git.50.eab7949.el7.src.rpm
  • openshift-ansible-roles-3.10.127-1.git.0.131da09.el7.noarch.rpm
  • atomic-openshift-descheduler-3.10.127-1.git.153.bc1eddd.el7.src.rpm
  • openshift-ansible-3.10.127-1.git.0.131da09.el7.src.rpm
  • rubygem-fluent-plugin-viaq_data_model-0.0.18-1.el7.noarch.rpm
  • prometheus-node-exporter-3.10.127-1.git.0.8ebe819.el7.x86_64.rpm
  • atomic-openshift-template-service-broker-3.10.127-1.git.0.dab74c6.el7.ppc64le.rpm
  • golang-github-prometheus-node_exporter-3.10.127-1.git.0.8ebe819.el7.src.rpm

Fixes

CVEs

References

(none)

Additional information