RHBA-2016:1353 - Bug Fix Advisory

Topic

Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 8.0 (Liberty) for RHEL 7.

Description

Red Hat OpenStack Platform provides the facilities for building a private
or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:

• OpenStack Networking service

OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Changes to the openstack-neutron component:

• Previously, when the metadata agent experienced an issue with RPC communication, it would start using the neutron client interface as a fallback. The only way to configure the metadata agent to use RPC again would then be to restart the agent. Due to this, metadata agent services would become unavailable after any disruption of RPC communication if neutron API credentials are not configured for the agent. With this update, the code that activates a fallback using neutron client has been removed from the metadata agent so that RPC is always used. (BZ#1340097)
• This update removes unnecessary downtime caused by updating OvS switch reconfiguration when restarting the OvS agent. Previously, dropping flows on physical bridges caused networking to drop. The same issue was experienced when the patch port between br-int and br-tun was deleted and rebuilt during startup. This enhancement resolves these issues, making it possible to restart the OvS agent without unnecessarily disrupting network traffic. This results in no downtime when restarting the OvS neutron agent if the bridge is already set up and reconfiguration was not requested. (BZ#1340717)
• Previously, the lbaasv2 stevedore entry point was not registered in the neutron.service_plugins namespace. This would cause neutron-server to fail if the lbaasv2 alias was used in the service_plugins option instead of the full Python import path to the plug-in. With this update, the missing stevedore alias was added to the package, allowing neutron-server to load the lbaasv2 plug-in using the alias. (BZ#1287677)
• Previously, connectivity would never be enabled when attempting to use the new native OVSDB provider due to the db_set operation appearing to fail to change the patch ports from "nonexistant-peer" to the correct peer, thereby not linking the bridges together. This was caused by an incorrect method being used to set the peer interface of an OVS bridge. With this update, the peer option is now correctly set for both native and vsctl interfaces. (BZ#1341958)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.

Red Hat OpenStack Platform 8 runs on Red Hat Enterprise Linux 7.2.

The Red Hat OpenStack Platform 8 Release Notes contain the following:

• An explanation of the way in which the provided components interact to form a working cloud computing environment.
• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat OpenStack Platform 8, including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/version-8/release-notes/

This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

• Red Hat OpenStack 8 x86_64

Fixes

• BZ - 1287677 - class name of lbaasv2 is not working in neutron.conf
• BZ - 1299557 - Update network with New Qos-Policy isn't working with SR-IOV agent
• BZ - 1308639 - neutron-openvswitch-agent service should automatically start openvswitch service
• BZ - 1334747 - No packages available in OSP-8 to install vmware nsx plugin for neutron
• BZ - 1340097 - Review fallback on RPC messaging
• BZ - 1340717 - Backport to liberty: set of no-downtime patches for ovs neutron agent
• BZ - 1341958 - Backport to liberty: Native ovsdb implementation not working

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal