RHBA-2017:2714 - Bug Fix Advisory

Topic

Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 11.0 (Ocata) for RHEL 7.

Description

Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:

• OpenStack Networking service

OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Changes to the openstack-neutron component:

• A high memory consumption was observed, especially in large environments, which often led to out-of-memory issues. The main culprit was neutron-ns-metadata-proxy process, responsible for proxying metadata requests from the VM to Nova.

neutron-ns-metadata-proxy is now replaced by haproxy which has a more lightweight memory footprint. (BZ#1439855)

• Neutron HA backup instances have the same IP/MAC addresses as the master instance and they have IPv6 forwarding enabled by default. This causes them to subscribe to different multicast groups and they may respond to queries coming from the external network. This traffic will make the upstream switch learn the MAC address on a different port, disrupting existing traffic to the master instance.

Disable IPv6 forwarding on backup instances and restore it on failover. Traffic will not leave the backup instance to the upstream switch and will not disrupting existing connections with the master instance. (BZ#1469048)

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

Red Hat OpenStack Platform 11 runs on Red Hat Enterprise Linux 7.4.

The Red Hat OpenStack Platform 11 Release Notes contain the following:

• An explanation of the way in which the provided components interact to

form a working cloud computing environment.

• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat OpenStack Platform 11, including which

channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/

This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:

https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html

Affected Products

• Red Hat OpenStack 11 x86_64

Fixes

• BZ - 1439855 - [OSP11] neutron-ns-metadata-proxy has a large memory footprint
• BZ - 1467388 - pep8 job fails in OSP 11 branch
• BZ - 1468630 - Integrated DNS does not work with Cisco ACI due to Neutron bug
• BZ - 1468684 - max_overflow value for sqlalchemy is set to a low value (20) in neutron/common/config.py however default value from oslo.db (50) should be used
• BZ - 1469048 - Backup HA router sending traffic, traffic from switch interrupted
• BZ - 1481420 - Rebase openstack-neutron-lbaas to b3479a1
• BZ - 1481426 - Rebase openstack-octavia to 3e3716c
• BZ - 1481429 - Rebase openstack-octavia to 3e3716c
• BZ - 1481883 - Rebase python-networking-bigswitch to 1bf3d8f
• BZ - 1482141 - Rebase python-networking-cisco to a50f581
• BZ - 1482211 - Rebase openstack-neutron-fwaas to 1f76429
• BZ - 1483153 - Rebase openstack-neutron to 2272a00
• BZ - 1483585 - Rebase python-networking-bigswitch to 1bf3d8f

CVEs

(none)

References

(none)