Red Hat SummitChapter 16. RHBA-2014:0209 - OpenShift Enterprise 2.0.3 Bug Fix and Enhancement Update
OpenShift Enterprise 2.0.3 is now available with updates to packages that fix several bugs and introduce feature enhancements. See the errata advisory at https://rhn.redhat.com/errata/rhel6-rhose2-errata.html for more information.
Important
See the OpenShift Enterprise 2.0 Release Notes at https://access.redhat.com/site/documentation for instructions on how to apply this specific update.
This update addresses the following bug fixes and enhancements:
Broker
- BZ#1040257
Copy to Clipboard Copied! Toggle word wrap Toggle overflow By default, users were restricted from creating custom domain name aliases in the cloud domain of their applications to prevent confusion or possible name collisions. This enhancement adds a new ALLOW_ALIAS_IN_DOMAIN setting in the /etc/openshift/broker.conf file on the broker host that allows users to create aliases within the cloud domain. However, the alias must not be in the form <name>-<name>.<cloud-domain>. Aliases taking this standard form of application names are rejected to prevent conflicts. See the OpenShift Enterprise Administration Guide for more information.
By default, users were restricted from creating custom domain name aliases in the cloud domain of their applications to prevent confusion or possible name collisions. This enhancement adds a new ALLOW_ALIAS_IN_DOMAIN setting in the /etc/openshift/broker.conf file on the broker host that allows users to create aliases within the cloud domain. However, the alias must not be in the form <name>-<name>.<cloud-domain>. Aliases taking this standard form of application names are rejected to prevent conflicts. See the OpenShift Enterprise Administration Guide for more information.- BZ#1057153
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The broker host now allows configurable default templates for new applications without requiring custom cartridges, enabling administrators to customize the initial application experience for users. For example, initial JBoss EWS configuration files can be customized with organization defaults, and all default applications can have the organization name and logo. Set the new DEFAULT_APP_TEMPLATES setting in the /etc/openshift/broker.conf file on the broker host to specify default Git URLs for any web cartridge using a space-separated list of elements in the form <cartridge-name>|<git-url>. These URLs are used rather than any Git template included in the cartridge. Configure all broker hosts with the same values and restart the broker service.
The broker host now allows configurable default templates for new applications without requiring custom cartridges, enabling administrators to customize the initial application experience for users. For example, initial JBoss EWS configuration files can be customized with organization defaults, and all default applications can have the organization name and logo. Set the new DEFAULT_APP_TEMPLATES setting in the /etc/openshift/broker.conf file on the broker host to specify default Git URLs for any web cartridge using a space-separated list of elements in the form <cartridge-name>|<git-url>. These URLs are used rather than any Git template included in the cartridge. Configure all broker hosts with the same values and restart the broker service.- BZ#1027122
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The lokkit tool removed critical iptables rules required by OpenShift Enterprise, resulting in node outages. This bug fix updates the oo-diagnostics tool to detect if the lokkit or system-config-firewall tools are used, and advises the user not to use lokkit. If lokkit is required by the user, oo-diagnostics also provides a snippet that users can add to their lokkit configuration to allow interoperation with OpenShift Enterprise. Outages due to conflicting iptables configurations are now reduced.
The lokkit tool removed critical iptables rules required by OpenShift Enterprise, resulting in node outages. This bug fix updates the oo-diagnostics tool to detect if the lokkit or system-config-firewall tools are used, and advises the user not to use lokkit. If lokkit is required by the user, oo-diagnostics also provides a snippet that users can add to their lokkit configuration to allow interoperation with OpenShift Enterprise. Outages due to conflicting iptables configurations are now reduced.- BZ#1056899
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Authorization tokens were not properly distributed between HAProxy gears in the same application. As a result, attempting to scale up an application from a secondary HAProxy gear failed. This bug fix adds logic to replicate broker authorization tokens between HAProxy gears in the same application. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.
Authorization tokens were not properly distributed between HAProxy gears in the same application. As a result, attempting to scale up an application from a secondary HAProxy gear failed. This bug fix adds logic to replicate broker authorization tokens between HAProxy gears in the same application. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.- BZ#1062844
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Attempting to create an application using an invalid manifest produced an unhelpful error message. This bug fix improves the exception handling so that a more helpful error message is displayed when an invalid manifest is used.
Attempting to create an application using an invalid manifest produced an unhelpful error message. This bug fix improves the exception handling so that a more helpful error message is displayed when an invalid manifest is used.- BZ#1048139
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The VALID_SSH_KEY_TYPES setting was not documented in the /etc/openshift/broker.conf file on the broker host. The file now documents the setting and its defaults for greater visibility.
The VALID_SSH_KEY_TYPES setting was not documented in the /etc/openshift/broker.conf file on the broker host. The file now documents the setting and its defaults for greater visibility.- BZ#1061941
Copy to Clipboard Copied! Toggle word wrap Toggle overflow OpenShift Enterprise DNS commands assumed DNS keys were created using the HMAC-MD5 algorithm, causing calls to the nsupdate utility to fail when the DNS key did not use HMAC-MD5. This bug fix adds support to the nsupdate plugin and the oo-accept-broker tool to include the key algorithm when nsupdate is called. DNS key algorithms other than HMAC-MD5 are now supported by OpenShift Enterprise tools.
OpenShift Enterprise DNS commands assumed DNS keys were created using the HMAC-MD5 algorithm, causing calls to the nsupdate utility to fail when the DNS key did not use HMAC-MD5. This bug fix adds support to the nsupdate plugin and the oo-accept-broker tool to include the key algorithm when nsupdate is called. DNS key algorithms other than HMAC-MD5 are now supported by OpenShift Enterprise tools.
Node
- BZ#1061422
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Previously, the validation for metadata.json files caused confusing error messages when empty metadata.json files were loaded during certain operations. This bug fix improves file validation to account for zero-length metadata.json files, and these errors no long occur. The MCollective service must be restarted on each node host after applying this fix.
Previously, the validation for metadata.json files caused confusing error messages when empty metadata.json files were loaded during certain operations. This bug fix improves file validation to account for zero-length metadata.json files, and these errors no long occur. The MCollective service must be restarted on each node host after applying this fix.- BZ#1040824
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The openshift-iptables-port-proxy service compared the count of existing NAT rules against the number asserted by OpenShift Enterprise. As a result, adding any custom NAT rules to a node host caused the openshift-iptables-port-proxy service to incorrectly report a problem with the NAT table. This bug fix updates the NAT table comparison to verify that the count of rules in the NAT table is equal to or greater than the expected number. Additional NAT rules can now be specified without any error messages from the openshift-iptables-port-proxy service.
The openshift-iptables-port-proxy service compared the count of existing NAT rules against the number asserted by OpenShift Enterprise. As a result, adding any custom NAT rules to a node host caused the openshift-iptables-port-proxy service to incorrectly report a problem with the NAT table. This bug fix updates the NAT table comparison to verify that the count of rules in the NAT table is equal to or greater than the expected number. Additional NAT rules can now be specified without any error messages from the openshift-iptables-port-proxy service.- BZ#1055675
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The environment variable handling in the MCollective service has been optimized for efficiency.
The environment variable handling in the MCollective service has been optimized for efficiency.- BZ#1059322
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Existing vhost templates referenced a variable that is only available when using the mod-rewrite front-end proxy plug-in. Therefore, gear server names were not logged in the /var/log/httpd/openshift_log file, causing disruptions in gear idling functions. This bug fix improves the custom access log format to ensure the server name is included, and gear idling functions are no longer impacted. These steps are recommended only for systems where the rubygem-openshift-origin-frontend-apache-vhost package is installed. For the updated package to take effect, the following commands must be run on affected node hosts. Please note that this will cause a node outage, and must be done with care. See the OpenShift Enterprise Administration Guide for full documentation on modifying the front-end proxy server plug-in configuration. # oo-frontend-plugin-modify --save > filename # oo-frontend-plugin-modify --delete # oo-frontend-plugin-modify --restore < filename
Existing vhost templates referenced a variable that is only available when using the mod-rewrite front-end proxy plug-in. Therefore, gear server names were not logged in the /var/log/httpd/openshift_log file, causing disruptions in gear idling functions. This bug fix improves the custom access log format to ensure the server name is included, and gear idling functions are no longer impacted. These steps are recommended only for systems where the rubygem-openshift-origin-frontend-apache-vhost package is installed. For the updated package to take effect, the following commands must be run on affected node hosts. Please note that this will cause a node outage, and must be done with care. See the OpenShift Enterprise Administration Guide for full documentation on modifying the front-end proxy server plug-in configuration. # oo-frontend-plugin-modify --save > filename # oo-frontend-plugin-modify --delete # oo-frontend-plugin-modify --restore < filename- BZ#1045972
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The MOTD_FILE setting in the /etc/openshift/node.conf file on the node host contained an extraneous white space at the beginning of the quoted string. If this setting was used as provided, the MOTD file was not read correctly. This bug fix removes the leading white space in the quoted string, and the supplied example MOTD_CONF setting now works correctly.
The MOTD_FILE setting in the /etc/openshift/node.conf file on the node host contained an extraneous white space at the beginning of the quoted string. If this setting was used as provided, the MOTD file was not read correctly. This bug fix removes the leading white space in the quoted string, and the supplied example MOTD_CONF setting now works correctly.- BZ#1054944
Copy to Clipboard Copied! Toggle word wrap Toggle overflow When an application deployment is performed using the git push command, a REST API call registers the new deployment with the broker. If this call fails for any reason, the HAProxy cartridge in a scalable application is not correctly restarted, and the application is unavailable until the HAProxy cartridge is restarted. This bug fix adds logic to allow the HAProxy cartridge to restart during the deployment even if the registration failed. Therefore, in the event that the registration fails, the application is correctly deployed and remains available. Because all known deployments are reported each time, the broker receives a fully updated list after the next successful deployment registration.
When an application deployment is performed using the git push command, a REST API call registers the new deployment with the broker. If this call fails for any reason, the HAProxy cartridge in a scalable application is not correctly restarted, and the application is unavailable until the HAProxy cartridge is restarted. This bug fix adds logic to allow the HAProxy cartridge to restart during the deployment even if the registration failed. Therefore, in the event that the registration fails, the application is correctly deployed and remains available. Because all known deployments are reported each time, the broker receives a fully updated list after the next successful deployment registration.- BZ#1032798
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Previously, when a node host attempted to insert an iptables rule without first verifying that the target table existed, a scalable application could not be created where iptables rules were not defined. This bug fix adds logic to the oo-diagnostics tool to check for missing iptables rules. The oo-admin-ctl-iptables-port-proxy tool has been updated to confirm that the expected tables exist before modifying them, and to provide useful warning messages when the table is missing in the active configuration.
Previously, when a node host attempted to insert an iptables rule without first verifying that the target table existed, a scalable application could not be created where iptables rules were not defined. This bug fix adds logic to the oo-diagnostics tool to check for missing iptables rules. The oo-admin-ctl-iptables-port-proxy tool has been updated to confirm that the expected tables exist before modifying them, and to provide useful warning messages when the table is missing in the active configuration.- BZ#988756
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Previously, cartridge scripts that depend on the bc package for calculating various JVM parameters failed due to a missing requirement in the JBoss EAP and JBoss EWS packages. This bug fix adds the bc package requirement to the cartridges, and these failures no long occur.
Previously, cartridge scripts that depend on the bc package for calculating various JVM parameters failed due to a missing requirement in the JBoss EAP and JBoss EWS packages. This bug fix adds the bc package requirement to the cartridges, and these failures no long occur.
Cartridge
- BZ#1061424
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The --hot-deploy option was ignored when deploying an application using the binary deployment method. This bug fix adds the missing handling for the --hot-deploy option to the binary deployment logic and the option is now recognized. The MCollective service must be restarted on each node host after applying this fix.
The --hot-deploy option was ignored when deploying an application using the binary deployment method. This bug fix adds the missing handling for the --hot-deploy option to the binary deployment logic and the option is now recognized. The MCollective service must be restarted on each node host after applying this fix.- BZ#1057956
Copy to Clipboard Copied! Toggle word wrap Toggle overflow While successfully creating or scaling an application, the scale_events.log file on HAProxy cartridges displayed this error message: "Failed to get information from haproxy". This occurred due to common HAProxy operations and was potentially confusing because there was no actual problem. This bug fix suppresses the messages during such operations and now the logs do not show extraneous error messages. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.
While successfully creating or scaling an application, the scale_events.log file on HAProxy cartridges displayed this error message: "Failed to get information from haproxy". This occurred due to common HAProxy operations and was potentially confusing because there was no actual problem. This bug fix suppresses the messages during such operations and now the logs do not show extraneous error messages. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.- BZ#1054916
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Administrators can now provide additional, custom httpd configurations to cartridges that are based on httpd without requiring custom cartridges. The custom configurations are read after the rest of the configurations for each gear, effectively overriding or expanding most gear httpd configurations. See https://access.redhat.com/site/articles/726143 for more details.
Administrators can now provide additional, custom httpd configurations to cartridges that are based on httpd without requiring custom cartridges. The custom configurations are read after the rest of the configurations for each gear, effectively overriding or expanding most gear httpd configurations. See https://access.redhat.com/site/articles/726143 for more details.- BZ#1057183
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Previously, the way the HAProxy cartridge determined when to scale an application was not optimal because it checked the number of connections against a fixed threshold, which could impact stability or performance. This enhancement improves the HAProxy cartridge so that it uses a moving average of the number of current connections and provides a configurable threshold. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.
Previously, the way the HAProxy cartridge determined when to scale an application was not optimal because it checked the number of connections against a fixed threshold, which could impact stability or performance. This enhancement improves the HAProxy cartridge so that it uses a moving average of the number of current connections and provides a configurable threshold. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.- BZ#1061423
Copy to Clipboard Copied! Toggle word wrap Toggle overflow After restoring an application snapshot, gears with the hot_deploy marker did not restart. This bug fix updates the marker logic and gears with the hot_deploy marker now restart correctly. The MCollective service must be restarted on each node host after applying this fix.
After restoring an application snapshot, gears with the hot_deploy marker did not restart. This bug fix updates the marker logic and gears with the hot_deploy marker now restart correctly. The MCollective service must be restarted on each node host after applying this fix.- BZ#1056394
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Attempts to restore an application snapshot would fail when restoring from a snapshot that was created after a cartridge was moved, due to empty deployments what were created during the move. This bug fix corrects the cartridge move logic and the empty deployments are no longer created. Note that this only applies to gears created after applying this fix. For existing applications experiencing this issue, the ~/app-deployments/ directory must be searched for any empty directories, which then must be removed with the rmdir command.
Attempts to restore an application snapshot would fail when restoring from a snapshot that was created after a cartridge was moved, due to empty deployments what were created during the move. This bug fix corrects the cartridge move logic and the empty deployments are no longer created. Note that this only applies to gears created after applying this fix. For existing applications experiencing this issue, the ~/app-deployments/ directory must be searched for any empty directories, which then must be removed with the rmdir command.- BZ#1057447
Copy to Clipboard Copied! Toggle word wrap Toggle overflow During a restart, the Ruby cartridge attempted to modify a file in the {OPENSHIFT_REPO_DIR}/tmp directory, which in some cases did not exist. Therefore, the Ruby cartridge would fail to restart on gears that were missing this directory. This bug fix adds a test to ensure ${OPENSHIFT_REPO_DIR}/tmp exists before creating or modifying any files in that directory. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.During a restart, the Ruby cartridge attempted to modify a file in the {OPENSHIFT_REPO_DIR}/tmp directory, which in some cases did not exist. Therefore, the Ruby cartridge would fail to restart on gears that were missing this directory. This bug fix adds a test to ensure ${OPENSHIFT_REPO_DIR}/tmp exists before creating or modifying any files in that directory. The following command must be run on the broker host after applying this fix: # rm -rf /tmp/oo-upgrade # oo-admin-upgrade upgrade-node --version=2.0.3 See the Solution section in the errata advisory for full details.- BZ#1051190
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Users can now create a new action hook that makes automatic scaling decisions for a specific application using a customized haproxy_ctld.rb script. See the OpenShift Enterprise User Guide for more information.
Users can now create a new action hook that makes automatic scaling decisions for a specific application using a customized haproxy_ctld.rb script. See the OpenShift Enterprise User Guide for more information.
Client Tools
- BZ#1063769
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Rollbacks initiated by the OpenShift Enterprise client tools only occurred on the head gear due to an incompatibility between the client tools and the deployment API. This bug fix updates the client tools so that the correct deployment API is called, and rollbacks now work correctly.
Rollbacks initiated by the OpenShift Enterprise client tools only occurred on the head gear due to an incompatibility between the client tools and the deployment API. This bug fix updates the client tools so that the correct deployment API is called, and rollbacks now work correctly.- BZ#1059900
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The OpenShift Enterprise client tools depended on the Ruby method Array#sort_by!, which is not implemented in Ruby 1.8.7, causing an error when attempts were made to generate the domain members list. This bug fix updates the client tools to use the Ruby method Array#sort_by, which is defined in Ruby 1.8.7, and errors no longer occur when generating the domain members list.
The OpenShift Enterprise client tools depended on the Ruby method Array#sort_by!, which is not implemented in Ruby 1.8.7, causing an error when attempts were made to generate the domain members list. This bug fix updates the client tools to use the Ruby method Array#sort_by, which is defined in Ruby 1.8.7, and errors no longer occur when generating the domain members list.
Management Console
- BZ#1056905
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The Management Console has been updated to include improved error message highlighting when adding a non-existent member to a domain. The openshift-console service must be restarted after applying this fix.
The Management Console has been updated to include improved error message highlighting when adding a non-existent member to a domain. The openshift-console service must be restarted after applying this fix.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}