Red Hat Product Errata RHBA-2015:1872 - Bug Fix Advisory
Issued:
2015-10-08
Updated:
2015-10-08

RHBA-2015:1872 - Bug Fix Advisory

Synopsis

openstack-puppet-modules bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated openstack-puppet-modules package that fixes several bugs and adds two enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. This advisory includes a package for:

  • Configuration management (openstack-puppet-modules).

The openstack-puppet-modules package contains a collection of Puppet modules which are required to install and configure OpenStack via installers using Puppet configuration tool.

This update addresses the following issues:

  • Previously, the director contained no direct mechanism to control the file_descriptors limit for rabbitmq-server because the file limits snippet was not installed on Red Hat Enterprise Linux 7, which uses systemd. With this update, the file limits snippet is installed as /etc/security/limits.d/rabbitmq-server.conf unconditionally, which allows users to control the limit. (BZ#1240587)
  • Prior to this update, the HAProxy configuration contained the "option httpchk GET /" directive. Consequently, a "GET /" request was sent every two seconds, and the following message was repeated indefinitely in the /var/log/glance/api.log file:

WARNING glance.api.middleware.version_negotiation [req-...] Unknown version. Returning version choices.

This update removes the aforementioned directive. As a result, the warning message is no longer logged. (BZ#1245572)

  • When connecting from a web browser to the novncproxy service load-balanced by HAproxy, it is necessary for the browser to stay connected to the same server, because if HAproxy load-balances to another novncproxy node, the browser loses the connection, which then times out with the "Connection Reset By Peer" error. This update configures novnc HAproxy to balance using "source" mode to ensure the server remains the same while the connection is established. (BZ#1257324)
  • This update adds previously missing support for the swift-object-expirer service to puppet-swift by creating a new class (swift::objectexpirer) and its associated custom type and provider. (BZ#1251498)
  • Previously, the HAProxy configuration for Horizon did not enable HTTP mode, which is needed because a cookie is used for persistence. As a consequence, an error similar to the following occurred:

[WARNING] 238/115010 (13878) : config : cookie will be ignored for proxy 'horizon' (needs 'mode http')

Now, "mode => 'http'" has been added to the configuration, which resolves this problem. (BZ#1257687)

In addition, this update adds the following enhancements:

  • The Cisco Puppet modules have been upgraded to the latest version, which adds and updates classes for Nexus, Nexus VXLAN, and UCSM drivers. (BZ#1259777)
  • The nexus1000v (n1kv) Puppet class has been added. (BZ#1238740)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 7 runs on Red Hat Enterprise Linux 7.1.

The Red Hat Enterprise Linux OpenStack Platform 7 Release Notes contain the following:

  • An explanation of the way in which the provided components interact to form a working cloud computing environment.
  • Technology Previews, Recommended Practices, and Known Issues.
  • The channels required for Red Hat Enterprise Linux OpenStack Platform 7, including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/7/html/Release_Notes/index.html

This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

  • Red Hat OpenStack 7 x86_64

Fixes

  • BZ - 1240587 - Unable to control the file_descriptors limit for rabbitmq-server via the director.
  • BZ - 1245572 - overcloud: HA deployment: Glance api.log flooded by warning messages.
  • BZ - 1251498 - No support for swift-object-expirer service
  • BZ - 1257324 - novncproxy got wedged/unresponsive
  • BZ - 1257687 - horizon proxy is not http mode
  • BZ - 1259232 - puppet-pacemaker support for resource defaults
  • BZ - 1259777 - Refresh cisco networking puppet modules
  • BZ - 1259900 - Add tripleo::packages and package_manifest resource for yum/puppet integration
  • BZ - 1262189 - Overcloud Deployment fails: either hangs or raises resources.ComputeNodesPostDeployment.resources.ComputePuppetDeployment.resources[0]
  • BZ - 1264203 - rhel-osp-director: "openstack overcloud update stack --templates -e <yaml> -i overcloud" failed.

CVEs

(none)

Red Hat OpenStack 7

SRPM
openstack-puppet-modules-2015.1.8-21.el7ost.src.rpm SHA-256: ce48600ce76ab29989002e9137545ba5bb2f877c1ef2b71e5a0a6cd8aec15ec6
x86_64
openstack-puppet-modules-2015.1.8-21.el7ost.noarch.rpm SHA-256: 7bdc35a16abecdfbe25fc2ab0aeb54b4a278d499b4bbbafca5a809d1866d7150

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.