Issued:
2019-06-11
Updated:
2019-06-11

RHBA-2019:0786 - OpenShift Container Platform 3.10 bug fix update

Synopsis

OpenShift Container Platform 3.10 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 3.10.139 is now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.10.139. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2019:0787

This update fixes the following bugs:

  • The node-config.yaml file was not being back up and was overwritten when upgrading from OpenShift Container Platform 3.9 to 3.10, and downgrading was not possible. Now, the node-config.yaml file and atomic-openshift systemd files are backed up correctly and downgrading from OpenShift Container Platform 3.10 to 3.9 is now possible. (BZ#1609191)

  • During the upgrade process, sanity checks were using inefficient code to validate variables. Sanity check time took several minutes on a large set of hosts. Now, hostvars are stored in the class, so they are not being copied on every check. As a result, the sanity checks take less time to complete and upgrades complete faster. (BZ#1685583)

  • When a node was tainted, the sync daemonset would not run a pod on it. This lead to installation failures. Now, the sync DS pods tolerate all taints and tainted nodes are able to be upgraded. (BZ#1685952)

  • The node system container did not properly mount /var/lib/iscsi as read/write. Now, the iscsi mounts correctly with read/write permissions. (BZ#1686336)

  • Upgrading from OpenShift Container Platform 3.9 to 3.10 would fail if variables were not used correctly or if custom API ports were used. Now, api_port and other API server-related variables are read during the upgrade process and complete successfully. (BZ#1689243)

  • oc cp commands were not checking links from tar files used to copy files between pods and user's workstations. The oc cp command could cause a directory traversal and replace or delete files on a user's workstation. Now, escaping links are not permitted. As a result, the oc cp command verifies files copied between pods and workstations without allowing escape from directories. (BZ#1693318)

  • During previous upgrades, the tuned package and profiles could have been removed. The tuned role was not being applied during an upgrade, but only during a fresh install. Now, the tuned role is applied during upgrades to ensure tuned profiles are applied appropriately. (BZ#1694130)

  • Director-deployed pods would stop in the CrashLoopBackOff state after a rolling reboot of a node. This was because the READY sequence would display a node before it had started. Now, the READY indicator allows components to come online before displaying as a ready state. (BZ#1698626)

All OpenShift Container Platform 3.10 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, ensure all previously released errata relevant to your system are applied.

See the following documentation, which will be updated shortly for release 3.10.139, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/articles/11258.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform3.10x86_64
Red Hat OpenShift Container Platform for Power3.10ppc64le

Updated Packages

  • atomic-openshift-clients-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-enterprise-service-catalog-3.10.139-1.git.1.ae2bce0.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.10.139-1.git.1.d548783.el7.src.rpm
  • atomic-openshift-excluder-3.10.139-1.git.0.aa29c47.el7.noarch.rpm
  • atomic-openshift-node-problem-detector-3.10.139-1.git.1.ec81bb7.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-openshift-hyperkube-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-openshift-clients-redistributable-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-descheduler-3.10.139-1.git.1.4b3edb1.el7.src.rpm
  • atomic-openshift-dockerregistry-3.10.139-1.git.1.d548783.el7.ppc64le.rpm
  • atomic-openshift-3.10.139-1.git.0.aa29c47.el7.src.rpm
  • atomic-openshift-descheduler-3.10.139-1.git.1.4b3edb1.el7.ppc64le.rpm
  • atomic-openshift-node-problem-detector-3.10.139-1.git.1.ec81bb7.el7.src.rpm
  • atomic-openshift-pod-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-openshift-template-service-broker-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-openshift-template-service-broker-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-hyperkube-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-tests-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • golang-github-prometheus-node_exporter-3.10.139-1.git.1.b1b6e2a.el7.src.rpm
  • atomic-openshift-pod-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-enterprise-service-catalog-3.10.139-1.git.1.ae2bce0.el7.ppc64le.rpm
  • atomic-openshift-clients-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-openshift-hypershift-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-node-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-sdn-ovs-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-web-console-3.10.139-1.git.1.328d00d.el7.src.rpm
  • openshift-ansible-3.10.139-1.git.0.02bc5db.el7.noarch.rpm
  • atomic-openshift-descheduler-3.10.139-1.git.1.4b3edb1.el7.x86_64.rpm
  • openshift-ansible-playbooks-3.10.139-1.git.0.02bc5db.el7.noarch.rpm
  • openshift-enterprise-cluster-capacity-3.10.139-1.git.1.929a137.el7.x86_64.rpm
  • prometheus-node-exporter-3.10.139-1.git.1.b1b6e2a.el7.ppc64le.rpm
  • prometheus-node-exporter-3.10.139-1.git.1.b1b6e2a.el7.x86_64.rpm
  • python-docker-2.4.2-2.el7.noarch.rpm
  • python-docker-2.4.2-2.el7.src.rpm
  • atomic-openshift-master-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • openshift-enterprise-cluster-capacity-3.10.139-1.git.1.929a137.el7.ppc64le.rpm
  • atomic-openshift-tests-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-enterprise-service-catalog-svcat-3.10.139-1.git.1.ae2bce0.el7.x86_64.rpm
  • atomic-enterprise-service-catalog-3.10.139-1.git.1.ae2bce0.el7.src.rpm
  • openshift-enterprise-cluster-capacity-3.10.139-1.git.1.929a137.el7.src.rpm
  • atomic-openshift-hypershift-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • atomic-enterprise-service-catalog-svcat-3.10.139-1.git.1.ae2bce0.el7.ppc64le.rpm
  • openshift-ansible-roles-3.10.139-1.git.0.02bc5db.el7.noarch.rpm
  • atomic-openshift-master-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-dockerregistry-3.10.139-1.git.1.d548783.el7.x86_64.rpm
  • atomic-openshift-node-3.10.139-1.git.0.aa29c47.el7.ppc64le.rpm
  • openshift-ansible-3.10.139-1.git.0.02bc5db.el7.src.rpm
  • atomic-openshift-web-console-3.10.139-1.git.1.328d00d.el7.x86_64.rpm
  • atomic-openshift-web-console-3.10.139-1.git.1.328d00d.el7.ppc64le.rpm
  • openshift-ansible-docs-3.10.139-1.git.0.02bc5db.el7.noarch.rpm
  • atomic-openshift-docker-excluder-3.10.139-1.git.0.aa29c47.el7.noarch.rpm
  • atomic-openshift-3.10.139-1.git.0.aa29c47.el7.x86_64.rpm
  • atomic-openshift-node-problem-detector-3.10.139-1.git.1.ec81bb7.el7.ppc64le.rpm

Fixes

CVEs

(none)

References

(none)

Additional information