- Issued:
- 2017-08-30
- Updated:
- 2017-08-30
RHBA-2017:2552 - Bug Fix Advisory
Synopsis
openstack-neutron bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 9.0 (Mitaka) for RHEL 7.
Description
Red Hat OpenStack Platform provides the facilities for building a private
or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:
- OpenStack Networking service
OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)
This update addresses the following issues:
- With this update, the neutron server notifies L3 HA agents when the HA router interface port becomes active; as a result, the L3 HA agents spawn the `keepalived` process. Consequently, during the upgrade process, the neutron server must be restarted before the L3 agents. (BZ#1461110)
- Prior to this update, clients could not run tempest tests because the tempest library was missing from the Red Hat OpenStack Platform packages. To address this issue, the tempest library added. (BZ#1471652)
- Prior to this update, the `tuned` service restart request would revert the sysctl configuration that was set on the neutron L2 agent start, which enabled the firewall for kernel bridges.
Consequently, if the neutron L2 agent relied on the `hybrid` iptables firewall driver to implement security groups, once the `tuned` service restarted, the rules on those groups were no longer enforced until the next time the neutron L2 agent restarted. With this update, instead of configuring the needed sysctl configuration settings on the neutron L2 agent start, they are now configured using the `sysctl.d` mechanism.
As a result, the `tuned` service restart now considers neutron's need for custom sysctl configuration and no longer breaks security group enforcement. (BZ#1473371)
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat OpenStack Platform 9 runs on Red Hat Enterprise Linux 7.3.
The Red Hat OpenStack Platform 9 Release Notes contain the following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat OpenStack Platform 9, including which
channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/release-notes
This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Affected Products
- Red Hat OpenStack 9 x86_64
Fixes
- BZ - 1343937 - Unable to delete a LBaaSv2 healthmonitor if its pool/listener is deleted
- BZ - 1452884 - Neutron L3 agent sends gratuitous ARP packets with 1 sec delay, which may conflict with default Linux kernel locktime value (1 sec)
- BZ - 1461110 - When a network node is rebooting, all HA routers will enter a transition flapping storm
- BZ - 1471652 - openstack-neutron-7.0.1-15.el7ost.noarch is still using tempest_lib as dependency instead of tempest.lib
- BZ - 1471735 - Rebase Neutron Mitaka to 8.4.0
CVEs
(none)
References
(none)
Red Hat OpenStack 9
SRPM | |
---|---|
openstack-neutron-8.4.0-3.el7ost.src.rpm | SHA-256: 3915f991a6e06ac9114c2f43685a738f530dc4af16675337a96d3e4267884700 |
openstack-neutron-lbaas-8.4.0-1.el7ost.src.rpm | SHA-256: a0e09b402c3b42c953f4ca0b127dc790feb2cfef1e48dad1d53893d91b9eff53 |
x86_64 | |
openstack-neutron-8.4.0-3.el7ost.noarch.rpm | SHA-256: 23aa470abee4bb9a8a9d20ad40fdef0b4a9fd3692f58738f16e904048fab3498 |
openstack-neutron-bgp-dragent-8.4.0-3.el7ost.noarch.rpm | SHA-256: cf0b72d027bf5d67734b261016c7cf4e6b2907b5a920b7a81f9cdd1428b2a70f |
openstack-neutron-common-8.4.0-3.el7ost.noarch.rpm | SHA-256: c30004515a8d055820762aadf391b2612ce51a051ce1503abbcf039850fcdd3f |
openstack-neutron-lbaas-8.4.0-1.el7ost.noarch.rpm | SHA-256: 0aebe38ae074c549147864a134711056320640492fa10e68d20dc8da3c71e44f |
openstack-neutron-linuxbridge-8.4.0-3.el7ost.noarch.rpm | SHA-256: 8bfd2560f0f252d0d06139a9ed421929fd48ba4a6d9bfc5dfeed4ac5d4e1490e |
openstack-neutron-macvtap-agent-8.4.0-3.el7ost.noarch.rpm | SHA-256: d4a5f1232ef5f46822eec172286f271b27b76a95fc4e581519bb8861c6b4d921 |
openstack-neutron-metering-agent-8.4.0-3.el7ost.noarch.rpm | SHA-256: 39e4f5c0a3e40150a090fdcbe1b524491d784a9d6a9c3831e3d06ffafa7ccbc3 |
openstack-neutron-ml2-8.4.0-3.el7ost.noarch.rpm | SHA-256: b4c4ecb02bcfa876e5c8816eeadae908eeb73b269e7cad7f13ece7e46394c1f2 |
openstack-neutron-openvswitch-8.4.0-3.el7ost.noarch.rpm | SHA-256: 16eee3d73935283679f3792553988f4b946e14751e25caf2bd3cf38f09606ec5 |
openstack-neutron-rpc-server-8.4.0-3.el7ost.noarch.rpm | SHA-256: 8cb5fafdba0eff55104972af8a9121c781fac9a72f9f730e874c007745036f87 |
openstack-neutron-sriov-nic-agent-8.4.0-3.el7ost.noarch.rpm | SHA-256: 495ec3b36191ac89ff01e5f6d359be07623c1a5ee53f4b9461e06098e7fba867 |
python-neutron-8.4.0-3.el7ost.noarch.rpm | SHA-256: 188d43649b19f27543ce72b670bd92e3ab8c197510898d51b333b74f124f2b54 |
python-neutron-lbaas-8.4.0-1.el7ost.noarch.rpm | SHA-256: 3acf9ed9e5be28e64eea33ca97fcb5e207d4829fcf9c7bd8fbf4a69015b9c1c2 |
python-neutron-lbaas-tests-8.4.0-1.el7ost.noarch.rpm | SHA-256: 5d8e64da5e4ce2c35c1eb84b5e26f08a446d34463eb7348fe8eb12ee02b50dc9 |
python-neutron-tests-8.4.0-3.el7ost.noarch.rpm | SHA-256: 0984a3d5921e0ee8d2e29f7e6535a8199b07afc230720137c719c1a81d246d9e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.