RHBA-2015:0827 - Bug Fix Advisory

Topic

Updated OpenStack Orchestration packages that resolve various issues are
now available for Red Hat Enterprise Linux OpenStack Platform 5.0
(Icehouse) for RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:

• OpenStack Orchestration service

OpenStack Orchestration (heat) is a template-driven engine used to specify
and deploy configurations for Compute, Storage, and OpenStack Networking.
It can also be used to automate post-deployment actions, which in turn
allows automated provisioning of infrastructure, services, and
applications. Orchestration can also be integrated with Telemetry alarms to
implement auto-scaling for certain infrastructure resources.

With this update, the Orchestration packages are now re-based to upstream
version 2014.1.4. This re-base fixes several issues in the way stack user
projects and load balancers are deleted.

This update also applies the following fixes:

• Previously, any template where the get_attr (or Fn::GetAtt) intrinsic

function was used to obtain a list to be passed to the list_join (or
Fn::Join) intrinsic function was rejected. This is a valid construct,
and should therefore not be rejected. This re-base fixes the issue,
ensuring that this construct is recognized properly. (BZ#1198603)

• Previously, when detaching a volume from a Compute server, the

Orchestration service repeatedly issued the detach call until it
succeeded. However, calling detach multiple times could lead to a
race condition that results in the volume remaining permanently
stuck in the 'detaching' state. To avoid triggering this error, the
Orchestration service now issues only a single detach call.
(BZ#1182672)

• The logs for the Orchestration service are stored in the /var/log/heat

directory. In previous releases, this directory was readable by all.
This update restricts readability of /var/log/heat to only user and
group (0750). (BZ#1163419)

Solution

Before applying this update, ensure all previously released errata relevant to
your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat
Enterprise Linux 7.1.

The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes (see
References section) contain the following:

• An explanation of the way in which the provided components interact to form a

working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for

RHEL 7, including which channels need to be enabled and disabled.

For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html

Affected Products

• Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

• BZ - 1163419 - Adjust log permissions to 0750 for openstack-heat
• BZ - 1182672 - Volumes can't be detached from heat templates
• BZ - 1198603 - Template validation fails due to empty runtime variables
• BZ - 1203280 - Rebase openstack-heat to 2014.1.4

CVEs

(none)

References

(none)