RHBA-2015:2677 - Bug Fix Advisory

Topic

Updated Installation utility packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for
RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:

• Installation utility ("PackStack").

PackStack is a command-line utility for deploying OpenStack on existing
servers over an SSH connection. Deployment options are provided either
interactively, using the command line, or non-interactively by means of a
text file containing a set of preconfigured values for OpenStack
parameters.

PackStack is suitable for deploying the following types of configurations:

• Single-node proof-of-concept installations, where all controller services

and your virtual machines run on a single physical host. This is referred
to as an all-in-one install.

• Proof-of-concept installations, where there is a single controller node

and multiple compute nodes. This is similar to the all-in-one install
above, except you may use one or more additional hardware nodes for running
virtual machines.

This update addresses the following issues:

• On the Undercloud, HAProxy is configured to run a HTTP check against the

openstack-ironic-api service every 2 seconds. The check causes
openstack-ironic-api to log a traceback to stderr with the errors:
error: [Errno 104] Connection reset by peer
error: [Errno 32] Broken pipe
Since the check runs every 2 seconds, these messages repeat frequently in
/var/log/messages. As a workaround, switch to root permissions, edit
/etc/haproxy/haproxy.cfg, and comment out the "option httpchk GET /"
line from the ironic listener configuration:
listen ironic
bind 192.0.2.2:6385
bind 192.0.2.3:6385
# option httpchk GET /
server 192.0.2.1 192.0.2.1:6385 check fall 5 inter 2000 rise 2
Save the file, then restart haproxy:
$ sudo systemctl restart haproxy
No tracebacks from openstack-ironic-api are written to stderr. (BZ#1246525)

• With this update, use the following workaround for this issue:

In the cinder.conf file, update the following parameters.
DEFAULT/nova_catalog_info = compute:nova:publicURL
DEFAULT/nova_catalog_admin_info = compute:nova:publicURL
Or, rename the Compute endpoints from 'nova' to 'Compute Service'. (BZ#1260717)

• With this enhancement, parameters CONFIG_CONTROLLER_HOST,

CONFIG_COMPUTE_HOSTS, CONFIG_NETWORK_HOSTS support the use of hostname
values along with the IP address values. (BZ#1129773)

• Previously, although the haproxy is configured at allow a value of

10000 for the 'maxconn' parameter for all proxies together, there is a
default 'maxconn' value of 2000 for each proxy individually. If the
specific proxy used for MySQL reached the limit of 2000, it dropped all
further connections to the database and the client would not retry, which
caused API timeout and subsequent commands to fail.
With this update, the default value for 'maxconn' parameter has been
increased to work better for production environments, As a result, the
database connections are far less likely to time out. (BZ#1281584)

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 7 runs on Red Hat Enterprise
Linux 7.2.

The Red Hat Enterprise Linux OpenStack Platform 7 Release Notes contain the
following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 7,

including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/red-hat-enterprise-linux-openstack-platform-7-release-notes/release-notes

This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

• Red Hat OpenStack 7 x86_64

Fixes

• BZ - 1205506 - python-ldap is missing for packstack (and needed for keystone-ldap backend)
• BZ - 1243949 - Can't supply ssl certs to horizon
• BZ - 1246525 - rhel-osp-director: Repeating "ironic-api" errors in /var/log/messages on the undercloud node.
• BZ - 1249106 - Requirement for Database Size Management
• BZ - 1258614 - Puppet fails to find heat domain ID
• BZ - 1260717 - Cinder's nova catalog configuration is not set
• BZ - 1265774 - [RFE]: Add support for Nuage to puppet-neutron
• BZ - 1269995 - Nodes reconnection to the broker not working properly. Compute nodes are not registered again
• BZ - 1272092 - heat didn't work because used keystone v3
• BZ - 1273409 - RHEL OSP Director must be configure with nova-event-callback by default
• BZ - 1277168 - Backport caused breakage in heat keystone domain creation
• BZ - 1278395 - New puppet modules for OpenContrail integration
• BZ - 1278874 - [RFE]: Add support for Nuage to puppet-nova
• BZ - 1281584 - Director does not create an haproxy configuration that conforms to our best-practice recommendations
• BZ - 1283463 - MariaDB Galera Cluster tries to use SSL during IST even when SSL is disabled.
• BZ - 1287817 - After 7.1 -> 7.2 update manila section shows up in haproxy
• BZ - 1287839 - OPM kilo needs puppet-neutron notifications backports

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal