Merge pull request openshift#6523 from ahardin-rh/3.7-release-notes-BZs

Added the remaining BZs to the Bug Fixes list

Author: ahardin-rh

release_notes/ocp_3_7_release_notes.adoc

@@ -1658,7 +1658,7 @@ there is a cache miss. With this bug fix, the replication controllers are scaled
 properly.
 (link:https://bugzilla.redhat.com/show_bug.cgi?id=1427992[*BZ#1427992*])
 
-*Image*
+*Images*
 
 * A .NET jenkins slave image for performing .NET CI/CD flows is now offered. This
 makes it easier to build and test .NET code bases using Jenkins. A .NET slave
@@ -1671,7 +1671,7 @@ included.
 
 * `importPolicy.insecure` is ignored in `oc import-image <imagestream:tag>` As a
 result, re-import from an insecure registry fails because it expects a valid SSL
-certificate. When the image stream tag exists, use its i`mportPolicy.insecure`.
+certificate. When the image stream tag exists, use its `importPolicy.insecure`.
 With this bug fix, re-import succeeds.
 (link:https://bugzilla.redhat.com/show_bug.cgi?id=1494231[*BZ#1494231*])
 
@@ -1992,7 +1992,7 @@ es_load_kibana_ui_objects user-name`. It exists inside the Elasticsearch and
 ES-OPS pod, and must be run inside those pods. Additionally, it requires some
 indices and other objects set up by the OpenShift Elasticsearch plug-in, so the
 user must login to Kibana or Elasticsearch before using this script. This will
-also add an index pattern for `project.*` and load the necessary index pattern
+also add an index pattern for project.* and load the necessary index pattern
 file. Kibana visualizations and dashboard gives administrators an easier way to
 view Kubernetes/OpenShift related logs in the cluster, allowing admin users have
 graphs and a dashboard to use to view logs from OpenShift pods and containers.
@@ -2551,9 +2551,180 @@ namespace terminating. As a result, deprovision fails, and both the APB
 deprovision sandbox and target namespace were not deleted. Now, instead of
 executing APB actions on namespace deletion, the records of the services to be
 deprovisioned are cleaned up, allowing kubernetes to delete the resources
-normally, meaning the target namespace is properly deleted by kubernetes.
+normally, meaning the target namespace is properly deleted by Kubernetes.
 (link:https://bugzilla.redhat.com/show_bug.cgi?id=1476173[*BZ#1476173*])
 
+* The error message returned when a user does not have permission to modify a
+TemplateInstance is updated.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1460145[*BZ#1460145*])
+
+* Previously, only one annotation returned when both _expose_ and _base64-expose_
+annotations were defined in template (per bind request). This issue is fixed in
+the latest release.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1463570[*BZ#1463570*])
+
+* Previously, Ansible Playbook Bundles (APB) that have been removed from their
+ container catalog, appeared in Ansible Service Broker (ASB) as valid options
+ even after *bootstrap* was performed. This issue is fixed now.
+ (link:https://bugzilla.redhat.com/show_bug.cgi?id=1463798[*BZ#1463798*])
+
+* Previously, there were inconsistency between the serviceclass and the
+server-broker. After creating a broker, the controller-manager only fetched the
+catalog once. This resulted in inability to updates the serviceclass unless the
+broker was recreated. This is fixed now.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1469448[*BZ#1469448*])
+
+* Previously, the Ansible service broker would fail on provisioning because of
+incorrect permissions. This is now fixed and Ansible service broker now has the
+required permissions for creating new namespaces and dynamic service account in
+these new namespace to run APBs.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1469485[*BZ#1469485*])
+
+* The `oc version` command did not get OpenShift version against the ansible
+deployed service catalog environment. The version information is added the
+command now reports correct information.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1471717[*BZ#1471717*])
+
+* Previously, when the Ansible Service Broker started it could not communicate  to
+the configured registry, and therefore got no information about APBs. This was
+because of a missing setting in the ansible service broker configuration. The
+`broker: bootstrap_on_startup: true` setting is now added in the configuration
+which resolves this issue.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1471973[*BZ#1471973*])
+
+* Previously, the ansible service broker container would fail if the dockerhub
+credentials were not supplied because the encryption script required them. It is
+now reconfigured to use RHCC adapter and the dockerhub credentials are optional.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1464222[*BZ#1464222*])
+
+* Previously, bad data was being returned from the bootstrapped registry. This was
+because the broker failed to bootstrap and it used to error out due to a null
+pointer de-reference. The broker now has logic to avoid de-referencing null
+pointers if the data is corrupted. This issue is now resolved and the broker
+skips image with bad data and continues with next one.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1467905[*BZ#1467905*])
+
+* The Service Broker Installer was setting incorrect configuration values for
+`launchapbonbind`, this is fixed and configuration value is now set as
+`launch_apb_on_bind`.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1467948[*BZ#1467948*])
+
+* The role for Service Accounts used by the Ansible Service Broker is updated. The
+Broker runs under `asb` service account set to `admin` through a
+_ClusterRoleBinding_ and APBs run under a temporary service account granted
+`edit` through a _RoleBinding_ in the target namespace.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1470824[*BZ#1470824*])
+
+*Storage*
+
+* Creating a new persistent volume claim (PVC) using OpenStack Cinder storageclass
+resulted in the PVC being stuck in `Pending` state. This bug fix re-configured
+the cloud provider openstack.conf to use OpenStack Keystone V3. As a result,
+dynamic provisioning of new Cinder volumes works as documented.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1491331[*BZ#1491331*])
+
+* Previously, the Gophercloud library used by OpenShift to communicate with the
+OpenStack API did not accept HTTP status 300 in pagination. It was not possible
+to dynamically provision OpenStack Cinder volumes. This bug fix upgrades the
+Gophercloud library in the OpenShift vendor directory. As a result, dynamic
+provisioning of new Cinder volumes works as documented.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1490768[*BZ#1490768*])
+
+* Previously, the default bootstrap policy allowed basic users to “get” storage
+classes, but not “list” storage classes. Basic users would receive an error
+message after issuing the `oc get storagelcass storageclass_name` command. This
+bug fix modified the bootstrap policy. As a result, basic users can now issue
+the `oc get storagelcass storageclass_name` command to receive specific storage
+classes.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1449608[*BZ#1449608*])
+
+* Previously, the lack of cloud provider configuration in the admission plug-in
+caused persistent volume (PV) creation to fail when attempting to create the PV
+in a zone other than master. This bug fix enables static PV provisioning in
+multizone environments. As a result, users can now statically provision PVs in
+zones other than master.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1454601[*BZ#1454601*])
+
+* Previously, when creating storage classes, users could not specify the `fstype`.
+This bug fix allows specifying the desired `fstype` when dynamically
+provisioning volumes with storage classes. As a result, storage classes now
+support file system configuration when creating dynamically provisioned volumes.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1469001[*BZ#1469001*])
+
+* Previously, it was not possible to dynamically provision ScaleIO volumes if the
+ScaleIO volume plug-in was not enabled. This bug fix enables the ScaleIO volume
+plug-in in OpenShift Container Platform 3.7. As a result, it is now possible to
+dynamically provision ScaleIO volumes.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1482274[*BZ#1482274*])
+
+* When trying to mount/unmount, the FlexVolume plug-in’s file system previously
+assumed that SELinux was supported. This assumption instructed docker to relabel
+the volume. If the FlexVolume plugin's file system did not support file system
+relabeling, the container using the FlexVolume would fail to start. This bug fix
+added the `selinuxRelabel` capability, which allows FlexVolume plug-ins to
+report in their `init` call. As a result, FlexVolume plug-ins can now be
+configured to opt out of SELinux relabeling.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1484899[*BZ#1484899*])
+
+*Templates*
+
+* Previously, the service catalog could not provide authentication when invoking
+the template service broker, which meant the template service broker API had to
+allow calls from unauthenticated clients. This bug fix allows the service
+catalog to use proper authentication to invoke the template service broker when
+issuing the `oc cluster up` command to run both. As a result, the template
+service broker APIs will now be secured, and will only be invokable by the
+service catalog (or another client with appropriate credentials).
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1470628[*BZ#1470628*])
+
+*Upgrade*
+
+* Previously, the master node upgrade took more disk space than was initially
+estimated. This caused the etcd member to report a `no space left on device`
+error message. This bug fix increased the estimation of disk space needed before
+the master node upgrade can start. As a result, a master node is properly
+upgraded with enough disk space left after the upgrade finishes.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1489182[*BZ#1489182*])
+
+* Previously, the upgrade playbooks incorrectly overwrote nondefault
+`admissionConfig` parameters while setting specific values required of the
+upgrade process. This bug fix removed this task as it is no longer necessary
+after upgrading from OpenShift Container Platform 3.4 to OpenShift Container
+Platform 3.5.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1486054[*BZ#1486054*])
+
+* Previously, the etcd v3 data migrated prior to the first etcd v2 snapshot being
+written. Without a v2 snapshot, the v3 data was not propagated properly to the
+remaining etcd members, which resulted in a loss of some v3 data. This bug fix
+checks to see if there is at least one v2 snapshot before etcd data migration
+proceeds. As a result, etcd v3 data is now properly distributed among all etcd
+members.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1501752[*BZ#1501752*])
+
+* When trying to upgrade OpenShift Container Platform with dedicated etcd from
+v3.6 to v3.7, the upgrade failed at the [Stop
+atomic-openshift-master-controllers] task due to the wrong hosts group. This bug
+fix corrected the host group to specify the masters group for controller
+restart. As a result, the upgrade now succeeds.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1504515[*BZ#1504515*])
+
+* Previously, if Ansible tags were used to evaluate some of the tasks in a set of
+playbooks, the conditional for including a task file was not properly evaluated.
+This caused the upgrade to fail. This bug fix allows the conditional to evaluate
+properly and skip running the task.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1464025[*BZ#1464025*])
+
+* Ansible playbooks now exit immediately when health checks fail. Previously, in
+some instances, a host failure would not result in the playbook exiting during
+failed health checks. This bug fix sets the `any_errors_fatal` play option to
+`true`, ensuring that the playbook exits as expected.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1484324[*BZ#1484324*])
+
+* Upgrades that made use of system reboots to restart services may have failed if
+ hosts took longer than 5 minutes to restart. This bug fix increases the timeout
+ to 10 minutes. As a result, the shutdown process is now faster.
+ (link:https://bugzilla.redhat.com/show_bug.cgi?id=1455836[*BZ#1455836*])
+
 [[ocp-37-technology-preview]]
 == Technology Preview Features