RHBA-2015:1659 - Bug Fix Advisory

Topic

Updated packages that resolve various issues are now available for Red Hat
Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.

This update addresses the following issues:

• This package rebases mariadb-galera to 5.5.42, fixing an issue where duplicate

key errors would occur during INSERT statements, when performed during the
period when database connectivity was moving to another Galera node, and when
the first node was entering a non-available state. (BZ#1240114)

• Previously, a call to the 'sed' command within 'mysqld_safe.sh' (to certain

command line arguments) failed to accommodate arguments which include a slash,
such as the paths to SSL key and certificate files which are passed through this
function.
Consequently, the 'mysqld_safe.sh' script produced warnings of the form "unknown
option to `s'". However, the script continued to work correctly, as these
arguments are not actually needed in this specific context.
This update addresses this issue by correcting the call to 'sed' so that SSL
arguments which include slashes are properly interpreted.
As a result, the warnings regarding 'sed' are now resolved. (BZ#1134033)

• Previously, a default logrotate configuration was not provided. This update

adds a default config, rotating based on log size rather than time, avoiding
long logs as per current RHEL OpenStack Platform standards. (BZ#1212488)

• Previously, the HDP plug-in installed the 'Extra Packages for Enterprise Linux

(EPEL)' repo on cluster generation, even though neither the plug-in nor the
saraha-image-elements package used the repo. Consequently, a potentially
error-prone step was introduced into HDP cluster generation; in addition, these
clusters may potentially update to unsupported packages.
With this update, the repo is no longer installed by the HDP plug-in.
(BZ#1231922)

• Previously, the neutron VPN agent received an incorrect SELinux context.

Consequently, SELinux was causing the VPN agent to fail.
This update addresses this issue by changing the type to 'neutron_vpn_agent_t'.
As a result, the VPN agent now runs as expected. (BZ#1238360)

• Previously, SELinux prevented glance from creating a symlink. Consequently,

users could not use /home/glance to replace /var/lib/glance.
This fix addresses the issue by granting Image Service permission to create a
symlink to glance types.
As a result, users can now free up space in the / directory by symlinking
/var/lib/glance to /home/glance. (BZ#1210271)

• Previously, glance's VMware vSphere store failed to handle 401 errors

correctly. These errors were raised after the vSphere session had expired,
causing long-standing operations, such as snapshots, to fail. This update
resolves the issue, allowing these operations to succeed. (BZ#1200075)

• Previously, oslo.messaging could enter a loop while waiting for messages, if

RabbitMQ had died.
This update adds a more precise timeout handling for message consumption,
allowing the poll operations on specific connections to end whenever such
scenarios occur. (BZ#1188304)

• This update addresses potential race conditions involving the 'oslo' messaging

backend used in RabbitMQ. (BZ#1188309)

• Previously, the GM process would send a message to terminate all slaves once

the master process terminated, but would not wait for confirmation that the
slaves had received this message before terminating itself. As a result, a slave
that did not receive the message would detect that the master GM process had
terminated and promote itself to master, causing the previous master process to
hang.
With this update, the GM process now waits for its broadcast buffer to empty
before terminating. This results in all slaves receiving the message to
terminate, allowing the master process to terminate as expected. (BZ#1239141)

• This rebase package contains an updated snapshot from the LTS upstream

'branch-2.3' that includes multiple bugfixes. (BZ#1250221)

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise
Linux 7.1.

The Red Hat Enterprise Linux OpenStack Platform 6 Release Notes contain the
following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 6,

including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html

This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat OpenStack 6.0 x86_64

Fixes

• BZ - 1134033 - mysqld_safe generates errors on sed
• BZ - 1160343 - On a Live migration setup with shared NFS storage, nova instance creation will only work if setenforce 0 is called for selinux
• BZ - 1188304 - rabbit: more precise iterconsume timeout
• BZ - 1188309 - Declare DirectPublisher exchanges with passive=True
• BZ - 1200075 - Broken Pipe in vsphere store due to inactive session
• BZ - 1231922 - HDP plugin installs unnecessary EPEL package

CVEs

• CVE-2015-0433
• CVE-2015-0441
• CVE-2015-2568
• CVE-2015-2573

References

(none)