RHBA-2015:0829 - Bug Fix Advisory

Topic

Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
for RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:

• OpenStack Networking service

OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

This update addresses the following issues:

• This issue arose when setting the DHCP agent's 'enable_isolated_metadata' to

True. Note that an isolated network has no defined gateway or 'neutron' router
(managed by the L3 agent).
As a result, OpenStack Networking's L3 agent spawned a neutron-ns-metadata-proxy
process for all networks with a virtual router. However, when the DHCP agent's
configuration option was True, the DHCP agent would also spawn a process for
each namespace, even if a network had a router connected, meaning it wasn't
isolated. This resulted in two processes per network.
This update ensure the DHCP agent is aware of each network's gateway, and checks
if a network is isolated before spawning a new process.
Consequently, the neutron-ns-metadata-proxy process spawns only once per
network. (BZ#1049193)

• Previously, the L2 population driver had a race condition that could request a

tunnel removal while still in use by new flows added in parallel to the last
flow removal.
Consequently, connections between instances located on different Compute nodes
and attached to the same network could be lost.
This fix updates the check on whether a tunnel is still needed or can be
dropped, to consider all flows in action.
As a result, no tunnels are dropped by the l2pop driver if any active flows
exist. (BZ#1136969)

• Previously, port updates triggered the Cisco Nexus plugin even when it wasn't

configured. Consequently, port updates failed due to the incorrect plugin being
triggered.
This fix ensures OpenStack Networking checks whether the Nexus plugin is
configured before triggering it on a port update.
As a result, no port update failures occur when the Nexus plugin is not
configured. (BZ#1159068)

• Previously, the DHCP agent didn't register leases on startup. Consequently,

after the DHCP agent restarted, it failed to renew existing leases.
This update addresses this issue by ensuring leases are registered for each
instance on dnsmasq start. As a result, the DHCP agent can respond to renewal
requests after restart. (BZ#1181835)

• This update rebases openstack-neutron to version: 2014.1.4

Highlights and important bug fixes:

• WSGI: a new wsgi_keep_alive option is added that can be set to False to make

API endpoints close connections after requests are served without waiting for
clients to explicitly close connections.

• Security Groups: added missing validation for ICMP rules; avoid OVS hybrid

plugging (specifically, an additional Linux Bridge device) when
enable_security_group is False; fixed a race condition in L2 agent that could
make it miss an update for a device if a new RPC message comes in while existing
updates are processed.

• Floating IP: allow the deletion of a port that has multiple floating IP

addresses assigned to it; notify both new an old ports when reassigning a
floating IP; delete disassociated floating IP addresses during the external
network deletion process.

• Hostname validation for DNS nameservers is aligned with RFC 1123.
• DHCP agent: set gateway via classless-static-routes option in addition to

current router option.

• Multiple plugin updates: Big Switch, Cisco N1KV, VMware NSX, OpenDaylight.

(BZ#1203279)

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat Enterprise
Linux 7.1.

The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes contain the
following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 5,

including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html

This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

• BZ - 1136969 - [l2pop] Parallel create/delete requests to fdb entries may mix and delete a tunnel that is still needed
• BZ - 1153942 - Cisco N1kv: Fix update network profile for add tenants
• BZ - 1159068 - Update port should only invoke N1kv and not Nexus plugin
• BZ - 1181835 - Fix dnsmasq lease lost upon restart
• BZ - 1203279 - Rebase openstack-neutron to 2014.1.4

CVEs

(none)

References

(none)