RHBA-2015:0937 - Bug Fix Advisory

Topic

Updated OpenStack Identity packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for
RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:

• OpenStack Identity service

The OpenStack Identity service (keystone) authenticates and authorizes
OpenStack users by keeping track of users and their permitted activities.
The Identity service supports multiple forms of authentication including
user name and password credentials, token-based systems, and AWS-style
logins.

This update addresses the following issues:

• Rebase package(s) to version:

2014.2.3

Highlights, important fixes, or notable enhancements:

If simultaneous attempts to create users are made and the default role does not
exist yet, a race condition can be triggered within the Identity service. This
race condition can cause one of the user creation attempts to fail. The race
condition has been eliminated. (Launchpad #1419043)

Identity ID mapping is used to create public IDs for local entities, typically
stored in LDAP backends. Part of the mapping involves creating a hash of the
local identifiers - but this hashing did not correctly handle unicode. This has
been fixed to allow unicode to be properly processed. (Launchpad #1419187)

Migration of the Identity service's 'endpoint_filter' table could fail due to
foreign key constraint. This has been fixed to allow the database migration to
complete successfully. (Launchpad #1399768)

When using an LDAP backend with the Identity service, any attribute with values
of 'TRUE' or 'FALSE' were treated as booleans. This could cause errors when
processing operations. This has been corrected so we only treat boolean
attributes as boolean values. (Launchpad #1411478)

When using memcached as a back end for the Identity service, authentication
attempts can result in timeouts due to the underlying locking implementation.
This has been corrected to speed up the locking. (Launchpad #1395688)

When performing an update of an endpoint group with invalid parameters, the
underlying database could be updated with invalid data even though the operation
response was a 400 error. This has been corrected to have parameter validation
occur before updating the database. (Launchpad #1408930)

When using LDAP as an identity back end, the processing of the user enabled
attribute was not always handled correctly. This could lead to the enabled
value being incorrect. This has been corrected. (Launchpad #1415271)

When running the Identity service in eventlet, a race condition in the logging
subsystem could lead to a hang. The race condition has been eliminated.
(Launchpad #1420788)

When using the catalog kvs driver with the Identity service, attempts to update
endpoints, services, or regions would result in errors. This has been corrected
to allow the update operations to succeed. (Launchpad #1384112) (BZ#1210454)

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise
Linux 7.1.

The Red Hat Enterprise Linux OpenStack Platform 6 Release Notes contain the
following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 6,

including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html

This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat OpenStack 6.0 x86_64

Fixes

• BZ - 1210454 - Rebase openstack-keystone to 2014.2.3

CVEs

(none)

References

(none)