- Issued:
- 2015-10-08
- Updated:
- 2015-10-08
RHBA-2015:1872 - Bug Fix Advisory
Synopsis
openstack-puppet-modules bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated openstack-puppet-modules package that fixes several bugs and adds two enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. This advisory includes a package for:
- Configuration management (openstack-puppet-modules).
The openstack-puppet-modules package contains a collection of Puppet modules which are required to install and configure OpenStack via installers using Puppet configuration tool.
This update addresses the following issues:
- Previously, the director contained no direct mechanism to control the file_descriptors limit for rabbitmq-server because the file limits snippet was not installed on Red Hat Enterprise Linux 7, which uses systemd. With this update, the file limits snippet is installed as /etc/security/limits.d/rabbitmq-server.conf unconditionally, which allows users to control the limit. (BZ#1240587)
- Prior to this update, the HAProxy configuration contained the "option httpchk GET /" directive. Consequently, a "GET /" request was sent every two seconds, and the following message was repeated indefinitely in the /var/log/glance/api.log file:
WARNING glance.api.middleware.version_negotiation [req-...] Unknown version. Returning version choices.
This update removes the aforementioned directive. As a result, the warning message is no longer logged. (BZ#1245572)
- When connecting from a web browser to the novncproxy service load-balanced by HAproxy, it is necessary for the browser to stay connected to the same server, because if HAproxy load-balances to another novncproxy node, the browser loses the connection, which then times out with the "Connection Reset By Peer" error. This update configures novnc HAproxy to balance using "source" mode to ensure the server remains the same while the connection is established. (BZ#1257324)
- This update adds previously missing support for the swift-object-expirer service to puppet-swift by creating a new class (swift::objectexpirer) and its associated custom type and provider. (BZ#1251498)
- Previously, the HAProxy configuration for Horizon did not enable HTTP mode, which is needed because a cookie is used for persistence. As a consequence, an error similar to the following occurred:
[WARNING] 238/115010 (13878) : config : cookie will be ignored for proxy 'horizon' (needs 'mode http')
Now, "mode => 'http'" has been added to the configuration, which resolves this problem. (BZ#1257687)
In addition, this update adds the following enhancements:
- The Cisco Puppet modules have been upgraded to the latest version, which adds and updates classes for Nexus, Nexus VXLAN, and UCSM drivers. (BZ#1259777)
- The nexus1000v (n1kv) Puppet class has been added. (BZ#1238740)
Solution
Before applying this update, ensure all previously released errata relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 7 runs on Red Hat Enterprise Linux 7.1.
The Red Hat Enterprise Linux OpenStack Platform 7 Release Notes contain the following:
- An explanation of the way in which the provided components interact to form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 7, including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/7/html/Release_Notes/index.html
This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Affected Products
- Red Hat OpenStack 7 x86_64
Fixes
- BZ - 1240587 - Unable to control the file_descriptors limit for rabbitmq-server via the director.
- BZ - 1245572 - overcloud: HA deployment: Glance api.log flooded by warning messages.
- BZ - 1251498 - No support for swift-object-expirer service
- BZ - 1257324 - novncproxy got wedged/unresponsive
- BZ - 1257687 - horizon proxy is not http mode
- BZ - 1259232 - puppet-pacemaker support for resource defaults
- BZ - 1259777 - Refresh cisco networking puppet modules
- BZ - 1259900 - Add tripleo::packages and package_manifest resource for yum/puppet integration
- BZ - 1262189 - Overcloud Deployment fails: either hangs or raises resources.ComputeNodesPostDeployment.resources.ComputePuppetDeployment.resources[0]
- BZ - 1264203 - rhel-osp-director: "openstack overcloud update stack --templates -e <yaml> -i overcloud" failed.
CVEs
(none)
Red Hat OpenStack 7
SRPM | |
---|---|
openstack-puppet-modules-2015.1.8-21.el7ost.src.rpm | SHA-256: ce48600ce76ab29989002e9137545ba5bb2f877c1ef2b71e5a0a6cd8aec15ec6 |
x86_64 | |
openstack-puppet-modules-2015.1.8-21.el7ost.noarch.rpm | SHA-256: 7bdc35a16abecdfbe25fc2ab0aeb54b4a278d499b4bbbafca5a809d1866d7150 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.