Synopsis

Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Type/Severity

Bug Fix Advisory

Topic

Updated packages that resolve various issues are now available for Red Hat
Enterprise Linux OpenStack Platform 5.0 (Icehouse) for Red Hat Enterprise
Linux 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.

This update addresses the following issues:

• Previously, when swift client added a 'Content-Length' header and
  requests implicitly added a 'content-length' header, requests sends both
  as separate headers. This caused Apache to reject the request with a
  400 error.
  With this release, python-requests package is now rebased to version 2.3.0.
  This version fixes the buggy implementation of case-insensitive mapping.
  As a result, Apache no longer rejects requests with a 400
  error. (BZ#1169530)
  
• Previously, the log directory permissions for Sahara was set to 755,
  resulting in the Sahara service not conforming to the Red Hat log security
  standards.
  With this update, the directory permissions are modified to 750, thus,
  conforming to the Red Hat log security standards. (BZ#1163420)
  
• Previously, SELinux prevented the nova scheduler from searching
  directories labeled 'cert_t', resulting in SELinux causing Compute to fail.
  With this update, an 'allow' rule has been created to give the nova
  scheduler permission to search the 'cert_t' directories. As a result,
  Compute service functions normally. (BZ#1149975)
  
• Previously, the 'nova list' was inefficient and took very long to
  complete as the number of instances increased.
  With this update, 'nova list' command code has been optimized and uses
  server-side filtering, resulting in faster response. (BZ#1147958)
  
• If an existing haproxy process was already running before installing and
  running LBaaS (Load-Balancing-as-a-Service), attempting to start LBaaS will
  fail. This typically happens when upgrading to Red Hat Enterprise Linux
  OpenStack Platform 5 with an existing LBaaS service.
  To work around this, you will have to kill the running haproxy process and
  restart the LBaaS agent:
  # kill $(pgrep haproxy)
  # service neutron-lbaas-agent restart (BZ#1133920)
  
• Previously, the rabbitmq-plugins command was not available in the
  default path. As a result, trying to run rabbitmq-plugins command would
  result in a 'Command Not Found' error.
  With this update, the rabbitmq-plugins command is added to the default
  path and it executes as expected. (BZ#1126680)
  
• Previously, an improvement to the connection pool such that new
  connections could be made concurrently made it so that the 'init on first
  connect' routine of a SQLAlchemy dialect would not have been completed if
  concurrent routines proceeded at the same time. As a result, when a
  SQLAlchemy engine was first used, operations which rely on the state
  acquired during initial startup could fail, as this information would not
  have been completed.
  To resolve this issue, with this update, 'mutexing' was added to the event
  system which handles the initial dialect startup phase, so that connection
  attempts are again serialized, but only when the engine first start
  up. (BZ#1121796)
  
• Previously, SQLite database was created by a user who ran the database
  management script, resulting in Sahara being unable to read the default
  database without changing ownership of the database.
  With this update, the file is not touched and the ownership is assigned to
  Sahara (for only the default file location). As a result, Sahara now has
  access to its database in the default flow. (BZ#1101516)
  
• With this release, mariadb-galera is now rebased to version 5.5.41 fixing
  the memory barrier problem in InnoDB/XtraDB mutex implementation causing
  the server to stall or hang. (BZ#1168321)
  

In addition to the above issue, this update also addresses bugs and
enhancements which can be found in the Red Hat Enterprise Linux OpenStack
Platform Technical Notes:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Technical_Notes/index.html

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat
Enterprise Linux 7.1.

The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes
(see References section) contain the following:

• An explanation of the way in which the provided components interact to
  form a working cloud computing environment.
  
• Technology Previews, Recommended Practices, and Known Issues.
  
• The channels required for Red Hat Enterprise Linux OpenStack Platform 5
  for RHEL 7, including which channels need to be enabled and disabled.
  

For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

• BZ - 1101516 - SQLite database created with bad permission/ownership
• BZ - 1121796 - potential race condition on dialect init in SQLAlchemy 0.8.4
• BZ - 1121798 - some mysql "commands out of sync" errors may not be interpreted correctly as a "database disconnect" situation, sqlalchemy 0.8.4
• BZ - 1126680 - rabbitmq-plugins is not in the default $PATH and need for detailed information for those plug-in setting.
• BZ - 1133920 - 'openstack-service restart neutron' uses neutron cleanup scripts
• BZ - 1139413 - RFE: nova service-delete doesn't exist in 2.17.0
• BZ - 1149975 - openstack-nova-scheduler: SELinux is preventing /usr/bin/python2.7 from search access on the directory
• BZ - 1163420 - Adjust log permissions to 0750 for openstack-sahara
• BZ - 1168321 - hangs reported in mariadb / mariadb galera 5.5.40
• BZ - 1169530 - headers with different cases are not merged
• BZ - 1199249 - headers with different cases are not merged

CVEs

• CVE-2014-6568
• CVE-2015-0374
• CVE-2015-0381
• CVE-2015-0382
• CVE-2015-0411
• CVE-2015-0432

References

• https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html

Red Hat OpenStack 5.0 for RHEL 7

SRPM
x86_64
mariadb-galera-common-5.5.41-2.el7ost.x86_64.rpm	SHA-256: bad233d76d3fc4e76b473de412be5fabca4d8e91bad5d3dea5d494e08a4cf864
mariadb-galera-debuginfo-5.5.41-2.el7ost.x86_64.rpm	SHA-256: c5600d8dbc71d6595dbe590a5eba2e072bc2bac9ed84638bc1ead4597d7b3e6d
mariadb-galera-server-5.5.41-2.el7ost.x86_64.rpm	SHA-256: de16b9ac44063a8a9fbb88cf8c40ea9b04a0eec439e812d298a6d60aa5ce78a6
openstack-sahara-2014.1.3-3.el7ost.noarch.rpm	SHA-256: 303880b95d00372cb35d5f1bbbdb85c717ef4fd94d6c31eb3053aa8b735b4e51
openstack-sahara-doc-2014.1.3-3.el7ost.noarch.rpm	SHA-256: 8ba8a356bc817b30d8710b94963f916aa02c5b758be8c3329f0fda48fc902671
openstack-selinux-0.6.25-1.el7ost.noarch.rpm	SHA-256: b26d5450df34c6ead2a2f2283c037489cca12f50c86d717246ca520222b45214
openstack-utils-2014.2-1.el7ost.noarch.rpm	SHA-256: 328cf1cb231dc68fe16700d93b7da1f9af6e80ac2f48f229915ceedf9cad2a20
python-novaclient-2.17.0-4.el7ost.noarch.rpm	SHA-256: 4b5983bfdbf54af133dd4e6c536e1d470571bfb112a250fa0f46b03a6987562f
python-novaclient-doc-2.17.0-4.el7ost.noarch.rpm	SHA-256: e8f391fb0424f6916a8dcf127cccdad75d4a0fe08eb96c4b011049d061337b10
python-requests-2.3.0-3.el7ost.noarch.rpm	SHA-256: 9b7ee363a0fa6c5a9a3f557088e9ff8af17ab1f469cffe6a2b781dfad81e6a8d
python-sqlalchemy-0.8.4-2.el7ost.x86_64.rpm	SHA-256: 46311e62c113b72ebaf9dda80d6efc6a9b6006514bce349e7d7e6ece5cbb3a2b
python-sqlalchemy-debuginfo-0.8.4-2.el7ost.x86_64.rpm	SHA-256: e099f8cd0dc032b932fda5bd4bebafc7e7049410f05f88f1ec5a049cb78c1649
python-urllib3-1.8.2-5.el7ost.noarch.rpm	SHA-256: bce763f8d888b652b5e8bde3647bfebf3a3f4c3c78f6f7bf1e27ee0a8ea8db53
rabbitmq-server-3.3.5-3.el7ost.noarch.rpm	SHA-256: 7852e1915b954c2d1b4a43aff1335ca93bfbfdb8d693233e7930b992ac08a55b