Chapter 2. RHSA-2016:0489 - OpenShift Enterprise 2.2.9 Security, Bug Fix, and Enhancement Update

Command Line Interface

BZ#1299095

When running the `oo-diagnostics` tool, several lines of code which are intended
to run on the node were added to a section of code that was only run on the
broker. This caused the node-related code to fail when it was run on the broker.
This bug fix separates the node-related code into a different test that is run
on the node instead of the broker. As a result, the test case that is intended
for the broker runs correctly and the `oo-diagnostics` tool no longer fails for
this reason.

BZ#1111456

The `rhc` code previously did not respect the gear size option during Jenkins
application deployment. When a user created an application using the `rhc`
command with `--enable-jenkins` and medium `--gear-size` options, the Jenkins
application was deployed into the default small gear size. This bug fix updates
`rhc` to now respect gear size option during the Jenkins application deployment
process to create a gear with the selected size.

BZ#1308722

There was a duplication of the start process call during Git deployment using
the `rhc --from-code` command. This caused the second start process call to fail
as the httpd port was already in use by the previous start process call,
resulting in a failure message. This bug fix adds a conditional check to the
code to verify the state of the application to identify whether the application
is already started. If it is already started, a restart process is called
instead of a start process. As a result, the failure message is no longer logged
in this scenario.

BZ#1308716

The `rhc snapshot` command did not check if a snapshot file already existed or
warn users before overwriting the file during the process of creating it. This
caused the previous snapshot file with the same name to be overwritten without
any warnings from the `rhc snapshot` command. This bug fix adds a new check to
`rhc snapshot` to verify whether a file with the same name already exists in the
directory. If it does, it prompts to user to ask if they want to overwrite the
file or not. As a result, `rhc snapshot` will no longer overwrite the existing
file unless the user allows it to do so.

BZ#1307174

The `rhc ssh <app>` command did not work in Windows unless ssh.exe was
copied from the C:\Program Files\Git\usr\bin folder to the C:\Program
Files\Git\bin folder. Also, the link to Git for Windows msysgit install was
broken. This bug fix adds C:\Program Files\Git\usr\bin to the search path for
ssh.exe. Users can also move ssh.exe to a custom location; as long as it is in
the Git path, `rhc` will find it. In addition, http://msysgit.github.io/ was
replaced with the updated URL https://git-for-windows.github.io/. As a result,
the `rhc ssh` command works as expected for Windows users.

BZ#1310841

Users using the `rhc` command with Zsh would previously get errors when
attempting to use autocompletion.  This bug fix updates the rhc_bash file to
properly work with Zsh and allow autocompletion without errors.

BZ#1279584

There were certain situations when a user could have a plan_id that that did not
have a defined plan in the get_plan function. This caused the `oo-admin-repair`
and `oo-admin-chk` commands to error out. This bug fix adds a check to see if
the plan is defined, and if it fails a default plan is used. As a result, these
commands no longer error out in this situation, and provide a warning (but not a
failure) that there is a plan_id with a plan that has not been defined.

BZ#1310810

Output from the `rhc app show <app> --gear quota` command was misleading
because the `du` command was used instead of the `quota` command. For example,
`quota` includes usage from files that have been deleted but their data blocks
are still being held by some process in the gear, and is therefore a more
accurate view of usage. Users expected `rhc app show <app> --gear quota`
to show the same values as running `rhc ssh <app>` then running `quota` on
the gear, but they were not due to `du` and `quota` differences. This bug fix
replaced `du` with `quota` in the `rhc app show` command, and as a result the
same values are now shown for `rhc app show <app> --gear quota` and for
`quota` while using SSH to connect to the gear.

BZ#1314535

Missing man pages have been added for the `oo-admin-ctl-iptables-port-proxy`,
`oo-admin-ctl-tc`, `oo-admin-repair-node`, and
`oo-admin-regenerate-gear-metadata` commands.

BZ#1140816

The `oo-admin-ctl-district` did not have an option to list all districts, and
the only way to display this information was to execute a command without any
arguments. The option `list-available` was poorly named, as it did not list
information about districts, but rather listed nodes that were not in districts.
The `oo-admin-ctl-region` command similarly displayed a list of regions only
when no options were selected. This bug fix adds a `list` option to the
`oo-admin-ctl-district` and `oo-admin-ctl-region` commands to list all available
districts or regions, respectively. The `list-available` option has also been
renamed `nodes-available` to avoid confusion. Also, if no arguments are given,
the command now displays a usage message. As a result, both commands now provide
all necessary options to display the appropriate information instead of the
ambiguous non-argument option.

Node

BZ#1294513

Checks for proper RPM packages, with el6op in the name, incorrectly expected the
nodejs-debug package to contain this tag. This caused a false error to be
reported from the `oo-diagnostics` command on up-to-date systems. This bug fix
updates `oo-diagnostics` to no longer expect nodejs-debug to contain the el6op
tag.

BZ#1160934

The `oo-admin-ctl-gears` command did not update the current state of the gear
after it successfully stopped an idled gear. The gear's status remained "idled"
even though it was stopped successfully. This bug fix updates the command to
change the status of the gear from "idled" to "stopped" if the gear is stopped
successfully. As a result, the correct status of the gear is now displayed in
this scenario.

BZ#1307175

Previously, the `oo-accept-node` script incorrectly verified that processes were
in cgroups procs.  Output from this script may have been misleading as the
script should have been checking that threads are in cgroup tasks. This bug fix
updates `oo-accept-node` to now correctly compare threads with cgroup tasks.

BZ#1265811

In order to check that file system quotas were enabled, the `oo-accept-node`
script used the output of the `df` command to determine the device and mount
point of the gear base directory. The script then specified this mount point to
the `repquota` command and expected to see the device in `repquota` output.
However, if the gear base directory was a loop mount, `df` printed the loop
image file name, whereas `repquota` prints the loop device. Thus,
`oo-accept-node` was looking for the wrong string in the `repquota` output. This
bug fix updates `oo-accept-node` to now use the `mount` command to determine
whether the file system is a loop mount, and, if it is, `oo-accept-node` now
parses the file system options to determine the loop device for the file system.
In addition, because using a loop mount degrades performance, `oo-accept-node`
now prints a warning if the gear base directory is a loop mount. As a result,
`oo-accept-node` will now print an error only if quotas really are disabled on
the file system, and `oo-accept-node` will print a warning if the file system is
a loop mount.

BZ#1265423

System administrators can now configure .gitconfig files for gears through the
use of skeleton files. This is needed to allow for an existing Git repository
with a large amount of data to be more easily used in OpenShift. Without this
change, some Git repositories could not be imported into OpenShift using
`--from-code`, due to their size or memory consumption during the clone process.
This enhancement allows for an administrator to use concepts from the
configuration in https://access.redhat.com/solutions/535653 as defined by
https://access.redhat.com/solutions/693593. It should be noted that when setting
up a custom .gitconfig that:

1) the .gitconfig file can now be overwritten by a .gitconfig file provided in
the user's Git repository.
2) the user-provided .gitconfig should contain the following options to ensure
the Git repository can be cloned when the gear is close to its memory limits:

[gc]
auto=100
[pack]
windowMemory = 10m
packSizeLimit = 20m

BZ#1310266

The Management Console previously had an intermediate "Certificate Chain" field.
The certificate files were then internally concatenated. SSL certificate
providers often issue a fullchain.pem file (or similar) that was confusing to
users who did not know whether to use this file or the non-concatenated files.
The `rhc` command to upload SSL certs, however, did not include a certificate
chain option. When using `rhc`, users have always been required to supply a
concatenated certificate file. Users were getting a "B rating" (per ssllabs.com)
and/or "chain incomplete" warning unless they used the fullchain.pem file. This
bug fix removes the SSL "Certificate Chain" field from the Management Console,
and as a result the Management Console now matches the `rhc` usage.

BZ#1308718

In scaled applications, the HAProxy cartridge in the head gear contained an SSH
wrapper that was set to quiet mode (the `-q` flag). If the user executed SSH
commands with invalid parameters, no errors were shown as they were suppressed
by the `-q` flag. This bug fix removes the SSH wrapper from the HAProxy
cartridge as it is no longer needed. The `oo-ssh` command now exists and the
node runtime either uses it or specifies the required flags wherever it invokes
SSH commands. SSH in head gears now use standard SSH from /usr/bin/ssh without a
`-q` flag. As a result, if an invalid SSH command is executed, a meaningful
error message will be reported to the user.

BZ#1283372

The man page for the `oo-admin-gear` command was incorrectly showing the short
flag for `--with-container-uuid` as `-u`. This bug fix updates the man page to
correctly show that the short flag is `-c`.

Cartridge

BZ#1314546

In the Python cartridge, the build process in the `control` script did not catch
all failed operations during the process of installing the required packages in
requirements.txt. If a required package installation failed, the deployment
process still continued. This bug fix updates the `control` script to catch all
failures that may occur during the build process. As a result, if a required
package fails to be installed, the deployment process is terminated.

BZ#1308720

The Drush component of Drupal applications cannot be installed using PEAR
anymore, causing the Drupal application to fail during installation. This bug
fix removes the PEAR package and Drush is now installed using composer instead.
As a result, Drupal applications now install successfully after Drush is
installed using composer.

BZ#1310247

Nodes may have multiple interfaces. Some administrators may need to specifically
control the traffic on all interfaces on a node, rather than just a single
interface. This enhancement enables the use of traffic control on multiple
network interfaces.

Broker

BZ#1168480

The `oo-admin-ctl-user --addgearsize <invalid_name>` command produced a
confusing error message with backtrace information. This bug fix clarifies and
removes the backtrace information from the error message.

BZ#1305688

Previously, the `oo-accept-broker` command did not filter single or double quote
characters from the MONGO_HOST_PORT variable before parsing it. This caused the
individual host and port parsed from MONGO_HOST_PORT to contain unwanted quote
characters. When `oo-accept-broker` attempted to access the broker using the
parsed value, it failed, generating a false failure result. This bug fix updates
the `oo-accept-broker` command to ensure unwanted quote characters from
MONGO_HOST_PORT are removed before parsing, and as a result the command now has
correct information about the broker's host and port to determine if the broker
is accessible.

Management Console

BZ#1169690

When adding a cartridge to a gear, if gear quota is over 90% used, warning
information was shown twice with two different quota values. This was confusing
to users as one warning reflected quota before cartridge addition and the other
reflected quota after cartridge addition. This bug fix removes the double
warning, and as a result users now only see one correct warning message when
trying to add a cartridge to a nearly full gear, for example "Warning: Gear
<app_name> is using 95.9% of disk quota."

REST API

BZ#1308739

Applications have a deploy mode that can be either binary or git. When
attempting to deploy using the REST API, the deploy mode was not checked,
allowing users to deploy using the incorrect method. This bug fix updates the
REST API to now check the git deploy mode and return an error if the deployment
attempt is not using the correct mode.

Security

BZ#1299014

Certain ciphers may need to be disabled or enabled depending on an
organization's security policies. This enhancement allows the cipher suite used
for the node web proxy to be configured. As a result, the cipher suite can now
be configured in the /etc/openshfit/node-web-proxy.json file.

Upgrade

BZ#1302787

Previously, the /etc/openshift/web-proxy-config.json configuration file for the
node web proxy was not marked as a configuration file upon installation. New
versions of the openshift-origin-node-proxy package would overwrite any changes
to the /etc/openshift/web-proxy-config.json file with the original version of
the file. This bug fix marks the /etc/openshift/web-proxy-config.json file as a
configuration file in the RPM spec, and as a result the file will not longer be
overwritten when openshift-origin-node-proxy is updated.