Chapter 1. RHSA-2016:1773 - OpenShift Enterprise 2.2.10 Security, Bug Fix, and Enhancement Update

Node

BZ#1361305

When unidling, upgrading, or moving a gear, a small amount of free space must be available on the gear for the operation. Gears that are currently at or exceeding their file system usage quota are unable to be unidled, upgraded, or moved. This bug fix adds a small amount of additional file system space to the gear's quota during these operations. As a result, gears at or exceeding their quota can successfully be unidled, upgraded, and moved.

BZ#1196783

When updating memory_limit_in_bytes in the /etc/openshift/resource_limits.conf file, the new memory limit did not update the OPENSHIFT_GEAR_MEMORY_MB environment variable for current gears. Even when the memory limit was updated, current gears would have the same memory limit. This bug fix adds comments to the resource_limits.conf file to provide instructions to anyone updating the memory_limit_in_bytes variable.  As a result, users changing the file should now have instructions on how to properly apply the change to current gears.

You can also workaround this issue by running:

# for i in /var/lib/openshift/*/.env/OPENSHIFT_GEAR_MEMORY_MB; do echo 512 > "$i"; done

Replace `512` above with the new memory limit in megabytes; note that the two variables have different units.

BZ#1266239

The maximum number of environment variables users are able to add is now configurable on a per node basis. Some organizations may want to allow their users to create more than the default 50 allowed user variables. Administrators may want to set this maximum allowance to different values on each node or node profile. To configure this, set the USER_VARIABLE_MAX_COUNT field in the /etc/openshift/node.conf file on the node host to the desired value, and restart the ruby193-mcollective service.

BZ#1362666

Previously, a gear move did not take into consideration the amount of free space available on the node a gear is moved to. Gears could be moved to a node whose free space was less than what the gear required, resulting in gears on that node failing. This bug fix ensures that the gear move process considers the amount of free space on each node when determining to which node it should move the gear. As a result, gears are no longer moved to a node whose storage space is not adequate for the gear.

Cartridge

BZ#1361307

After the MySQL cartridge was successfully started, the log file mysql.log was automatically removed as a part of control script, with no way to recover it. If errors occurred before the cartridge was started, the error log was lost. This made the debugging process difficult. This bug fix removes the code that is responsible for log file removal. As a result, the log file persists after the cartridge is started.

BZ#1311722

The cartridge removal command `oo-admin-cartridge -a erase` removed all software versions for a given cartridge version from the cartridge repository. However, the command's `--help` output was not clear. This made it possible for users to accidentally delete all software versions for a given cartridge version. This bug fix adds more instructive `--help` output to ensure users are aware of the behavior. As a result, confusion over the command's behavior should be avoided.

BZ#1217403

Previously when using the Cron cartridge, Cron's system-level messages could get lost among the gear-level Cron logs, which could result in important messages being missed by system administrators. This enhancement ensures that Cron's system-level messages are now tagged as they are sent to syslog, allowing administrators to set up syslog rules that separate system-level Cron log messages from gear-level messages.

BZ#1282852

Previously when using the JBoss EWS cartridge, the Tomcat code did not correctly parse the spaces to be included in environment variables and did not sanitize the variables before using them. The parser split the information in variables incorrectly and caused the JVM command to fail due to incomplete or missing parameters. This bug fix adds the new method sh_split to the Tomcat code to sanitize the information in environment variables before parsing them.

Installer

BZ#1358938

The libcgroup dependencies provided in the OpenShift Enterprise 2.2 channels were out of date. This made updating to the latest libcgroup impossible due to a multilib dependency issue. This bug fix updates the libcgroup dependencies provided in these channels to match the libcgroup version shipped with the Red Hat Enterprise Linux base channel. As a result, new installations and updates to existing hosts are able to complete without issue.

Broker

BZ#1274852

In a highly available (HA) environment with a Nginx or F5 load balancer, when an HA gear was moved to another node, an update was not received by the load balancer and the gear's routing information was not modified by the routing daemon. This bug fix adds calls during the `oo-admin-move` command to publish and unpublish routing information. As a result, the routing daemon logs now contain information regarding the changes to an HA gear's routing information upon gear moves.

Routing

BZ#1361306

In the WebSocket handshake, several headers were not being passed through the node's proxy. Applications that depended on the information in the user-agent, X-Forwarded-For, and X-Client-IP headers did not receive the values of those headers. This bug fix configures the node proxy to properly send these headers in WebSocket connections. As a result, the user-agent, X-Forwarded-For, and X-Client-IP headers have proper values set that are available to the application.