RHBA-2015:2680 - Bug Fix Advisory

Topic

Updated OpenStack Orchestration packages that resolve various issues are
now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo)
for RHEL 7.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:

• OpenStack Orchestration service

OpenStack Orchestration (heat) is a template-driven engine used to specify
and deploy configurations for Compute, Storage, and OpenStack Networking.
It can also be used to automate post-deployment actions, which in turn
allows automated provisioning of infrastructure, services, and
applications. Orchestration can also be integrated with Telemetry alarms to
implement auto-scaling for certain infrastructure resources.

The openstack-heat packages have been upgraded to upstream version
2015.1.2. See https://launchpad.net/heat/kilo/2015.1.2 for a complete list
of bug fixes. (BZ#1274882)

This update also addresses the following issues:

• The value of a comma_delimited_list or json parameter was not updated in

the event of overriding the default. Thus, when an environment of a stack
contained a parameter_defaults section with a value for a parameter of type
comma_delimited_list or json, that default did not get applied unless in a
nested stack. The fix for this problem updates the value if appropriate
when the result changes. (BZ#1269314)

• Sometimes it takes a long time to create a new resource as requested by

the scaling operation on an autoscaling group resource; for instance, a
nova server creation followed by a complex software deployment. Previously,
the cooldown time stamp was not generated until this was complete. During
this process, any additional alarms that were triggered were not blocked by
the current cooldown checking mechanism, so the group size could be
adjusted too many times. The autoscaling group now ignores alarms received
while a scaling operation is in progress. (BZ#1270026)

• The allocation_pools property of the OS::Neutron::Subnet resource was

marked as not allowing updates. If the allocation_pools property changed,
the Subnet resource was replaced, and this generally failed if there was
an overlap. The property is now marked to allow in-place updates. If the
allocation_pools property changes, the existing Subnet will be updated with
the new value. (BZ#1276204)

• This update moves the heat-config/deployed directory from /var/run, which

is usually tmpfs, to /var/lib, which allows the deployed state to persist
across reboots. (BZ#1278181)

• On a stack update, old and new resource types were compared based on the

type specified in the template, not the actual resolved type. In a stack
with type aliases defined in the environment, renaming one of those
resulted in resources of that type being replaced on update, even if the
old and new aliases resolved to the same type. Now, the actual resource
plug-ins are compared to determine whether the types have changed, and
users can rename resource type aliases without replacing all of the
resources that use them. (BZ#1278537)

• After a failed stack update, Heat ignored the contents of the new

environment when reading backed up resources (set aside while their
replacements were being created), and new resource type aliases were not
picked up. If a new resource was created using a new type alias before the
update failed, further attempts to update the stack failed due to the
inability to load a resource with an unknown type alias. With this update,
backup resources are stored with a merged combination of the old and new
environments. After an update failure, a subsequent update can recover the
stack. (BZ#1278544)

• Heat did not ignore a "Not Found" exception when trying to fetch a stack

user to authenticate back to Heat. If the stack user was deleted, Heat was
unable to delete the associated stack. Heat now catches the "Not Found"
exception in this case, so stacks can still be deleted even if their
associated stack user is missing. (BZ#1286118)

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 7 runs on Red Hat Enterprise
Linux 7.2.

The Red Hat Enterprise Linux OpenStack Platform 7 Release Notes contain the
following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 7,

including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/red-hat-enterprise-linux-openstack-platform-7-release-notes/release-notes

This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

• Red Hat OpenStack 7 x86_64

Fixes

• BZ - 1256538 - rhel-osp-director: "openstack overcloud update stack --templates -e <yaml> -i overcloud" is running for a long time although the yum repos aren't avilable.
• BZ - 1274882 - Rebase openstack-heat to 2015.1.2
• BZ - 1276204 - OS::Neutron::Subnet should not be deleted/created when allocation_pools is updated
• BZ - 1278181 - 55-heat-config shouldn't use /var/run for it's DEPLOYED_DIR
• BZ - 1278537 - TemplateResource updates can destroy more than is needed
• BZ - 1278544 - Unrecoverable heat stack in UPDATE_FAILED
• BZ - 1278975 - StackValidationFailed: Unknown resource Type : OS::TripleO::AllNodes::Validation while updating stack in UPDATE_FAILED
• BZ - 1280081 - No error logging for uncaught exceptions in setup/cleanup of long-running tasks
• BZ - 1286118 - Deleting stack can fail persistently due to missing user

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal