RHBA-2017:0856 - Bug Fix Advisory

Topic

Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 9.0 (Mitaka) for RHEL 7.

Description

Red Hat OpenStack Platform provides the facilities for building a private
or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:

• OpenStack Networking service

OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

This update addresses the following issues:

• Previously, when ports were created with port_security disabled, the explicit iptables rules were not applied to allow the traffic. This resulted in packets hitting a default REJECT rule, and all traffic was blocked.

With this fix, firewall rules are correctly installed on ports with port_security disabled and traffic is allowed.

• Previously, because of the way the initial sync was done after starting the DHCP agent, periodic reports were not sent until the sync completed. In large environments this can be a lengthy process, and the lack of status reports during this process caused the agent to be marked as DOWN. This fix allows periodic reports to be sent during the DHCP agent initial sync, so it won't be marked as DOWN. It also addresses a bug which caused the initial sync to be performed twice, so the setup time has been halved.

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat OpenStack Platform 9 runs on Red Hat Enterprise Linux 7.3.

The Red Hat OpenStack Platform 9 Release Notes contain the following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat OpenStack Platform 9, including which

channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/release-notes

This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

• Red Hat OpenStack 9 x86_64

Fixes

• BZ - 1429331 - iptables rule blocks traffic even with port_security_enabled set to False
• BZ - 1433255 - Restarting dhcp-agent in large environment causes the agent to report down for extended time while namespaces are being re-manageed

CVEs

(none)

References

(none)