Issued:
2016-06-29
Updated:
2016-06-29

RHBA-2016:1353 - Bug Fix Advisory

Synopsis

openstack-neutron bug fix advisory

Type/Severity

Bug Fix Advisory

Topic

Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 8.0 (Liberty) for RHEL 7.

Description

Red Hat OpenStack Platform provides the facilities for building a private
or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:

  • OpenStack Networking service

OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Changes to the openstack-neutron component:

  • Previously, when the metadata agent experienced an issue with RPC communication, it would start using the neutron client interface as a fallback. The only way to configure the metadata agent to use RPC again would then be to restart the agent. Due to this, metadata agent services would become unavailable after any disruption of RPC communication if neutron API credentials are not configured for the agent. With this update, the code that activates a fallback using neutron client has been removed from the metadata agent so that RPC is always used. (BZ#1340097)
  • This update removes unnecessary downtime caused by updating OvS switch reconfiguration when restarting the OvS agent. Previously, dropping flows on physical bridges caused networking to drop. The same issue was experienced when the patch port between br-int and br-tun was deleted and rebuilt during startup. This enhancement resolves these issues, making it possible to restart the OvS agent without unnecessarily disrupting network traffic. This results in no downtime when restarting the OvS neutron agent if the bridge is already set up and reconfiguration was not requested. (BZ#1340717)
  • Previously, the lbaasv2 stevedore entry point was not registered in the neutron.service_plugins namespace. This would cause neutron-server to fail if the lbaasv2 alias was used in the service_plugins option instead of the full Python import path to the plug-in. With this update, the missing stevedore alias was added to the package, allowing neutron-server to load the lbaasv2 plug-in using the alias. (BZ#1287677)
  • Previously, connectivity would never be enabled when attempting to use the new native OVSDB provider due to the db_set operation appearing to fail to change the patch ports from "nonexistant-peer" to the correct peer, thereby not linking the bridges together. This was caused by an incorrect method being used to set the peer interface of an OVS bridge. With this update, the peer option is now correctly set for both native and vsctl interfaces. (BZ#1341958)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.

Red Hat OpenStack Platform 8 runs on Red Hat Enterprise Linux 7.2.

The Red Hat OpenStack Platform 8 Release Notes contain the following:

  • An explanation of the way in which the provided components interact to form a working cloud computing environment.
  • Technology Previews, Recommended Practices, and Known Issues.
  • The channels required for Red Hat OpenStack Platform 8, including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/version-8/release-notes/

This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

  • Red Hat OpenStack 8 x86_64

Fixes

  • BZ - 1287677 - class name of lbaasv2 is not working in neutron.conf
  • BZ - 1299557 - Update network with New Qos-Policy isn't working with SR-IOV agent
  • BZ - 1308639 - neutron-openvswitch-agent service should automatically start openvswitch service
  • BZ - 1334747 - No packages available in OSP-8 to install vmware nsx plugin for neutron
  • BZ - 1340097 - Review fallback on RPC messaging
  • BZ - 1340717 - Backport to liberty: set of no-downtime patches for ovs neutron agent
  • BZ - 1341958 - Backport to liberty: Native ovsdb implementation not working

CVEs

(none)

Red Hat OpenStack 8

SRPM
openstack-neutron-7.0.4-7.el7ost.src.rpm SHA-256: 9296a659dded91044b40c5920d8b73740e42a73b39773ebe834b3b966fb94747
python-networking-vmware-nsx-1.0.0-1.el7ost.src.rpm SHA-256: f32c904f8ddc51d11478f8f2e3098d6e99a02ea76b911eb969d7e9603474dc79
x86_64
openstack-neutron-7.0.4-7.el7ost.noarch.rpm SHA-256: 0958e802541b492c52b333a5f6019316d4ff4fbe1a819d1a35a835c79b359b49
openstack-neutron-bigswitch-7.0.4-7.el7ost.noarch.rpm SHA-256: 597d9bc5468e0f0e918e122dfc8c4dceccb1c3f899456a4e1f6369e5c28334ef
openstack-neutron-brocade-7.0.4-7.el7ost.noarch.rpm SHA-256: 2c6cb08f0b3ff24b3ad4afe13381b0bca6433a43755f887e3a4a3881a29d64c3
openstack-neutron-cisco-7.0.4-7.el7ost.noarch.rpm SHA-256: 04831e72b65269a49ce8da537ec610bf8a3878387293209c2067de753e9d8bf8
openstack-neutron-common-7.0.4-7.el7ost.noarch.rpm SHA-256: a3b4c58982714662b7522578dd5104deb463b40e8860bad1867c4d43874d802b
openstack-neutron-dev-server-7.0.4-7.el7ost.noarch.rpm SHA-256: 0c5b9e973db3102d9ca349e9613671ff1c19df63e88837675ef2a7c6cd89dc5c
openstack-neutron-embrane-7.0.4-7.el7ost.noarch.rpm SHA-256: dff0e65e55abae1fc01bd65c308686f983f3a0c5a20885b7a0c92e57dcf9c547
openstack-neutron-linuxbridge-7.0.4-7.el7ost.noarch.rpm SHA-256: 4850455d594dba146fda5efcb0fe476e805b0b8837ddc9e4a271e8b56b0261ef
openstack-neutron-mellanox-7.0.4-7.el7ost.noarch.rpm SHA-256: 99e1b3001a88d1ca00c35d3877de88a78b16da33b5c264ee172d3d260f0b3402
openstack-neutron-metering-agent-7.0.4-7.el7ost.noarch.rpm SHA-256: 0cf979badcc2d0b2c2ef6c646a8b73058b4c88469270085f2cd1091d11c44350
openstack-neutron-midonet-7.0.4-7.el7ost.noarch.rpm SHA-256: 7c1516b754f0d8eba2e03fd7deafc2a949e5ec64ae94cf0fa5beeced7246e2fa
openstack-neutron-ml2-7.0.4-7.el7ost.noarch.rpm SHA-256: 23c88038afc774e6f2ff6013502bd7b7160017a6a5c886a11eca0e8dac140059
openstack-neutron-nuage-7.0.4-7.el7ost.noarch.rpm SHA-256: 1537a94694229c684ed14908da521fa8d86074447a15cc4bb97db3f91d622f79
openstack-neutron-ofagent-7.0.4-7.el7ost.noarch.rpm SHA-256: 34b0cfb793c874fba04858182f56afb56ae64e11a33d23ce97e433c77e1a26a3
openstack-neutron-oneconvergence-nvsd-7.0.4-7.el7ost.noarch.rpm SHA-256: c46f4cbac903dfbaf2524191c27de6a4fbfcb33988e8eb1562b24fe9feb2ff6d
openstack-neutron-opencontrail-7.0.4-7.el7ost.noarch.rpm SHA-256: 118c06d138a60599f4382da3e3fa9be9d8442f0c161a6977c466a07f0b5677f8
openstack-neutron-openvswitch-7.0.4-7.el7ost.noarch.rpm SHA-256: 4300c39108a2d7b63626f2cf697f0f8507c09b42e4ae76c52d22ace418093572
openstack-neutron-ovsvapp-7.0.4-7.el7ost.noarch.rpm SHA-256: 6e8541aadaf12c685dec68458b6b1a343344196526e48923def9e585c1d1023f
openstack-neutron-rpc-server-7.0.4-7.el7ost.noarch.rpm SHA-256: e606adbd6efe551664305135007e02986b772e16d6d42c00756686cf0659d0b2
openstack-neutron-sriov-nic-agent-7.0.4-7.el7ost.noarch.rpm SHA-256: 31609369ce33a444269c43fea79a4d1c678d48524e420c98913a4e8f2f1566f5
python-networking-vmware-nsx-1.0.0-1.el7ost.noarch.rpm SHA-256: 51dd9f1e421f64858afdc93368caeb390b4682795232950d88495db54c118bdc
python-neutron-7.0.4-7.el7ost.noarch.rpm SHA-256: 85a2ccf604d03578e1e3ed75a2b036545839b9302d3ec8fa63c096a4012e54f2
python-neutron-tests-7.0.4-7.el7ost.noarch.rpm SHA-256: 50e09e5d65b4f7ed58a5a9005c50354e31af7eeec39f39d6b5b7c06f7299ad7f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.