- Issued:
- 2017-10-31
- Updated:
- 2017-10-31
RHBA-2017:3098 - Bug Fix Advisory
Synopsis
Red Hat OpenStack Platform 11.0 director Bug Fix Advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated director installer packages that resolve various issues are now
available for Red Hat OpenStack Platform 11.0 (Ocata) for RHEL 7.
Description
Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.
This update addresses the following issues:
- The EC2 API was not fully operational. This was because EC2 API support depended on the Glance V1 API, but the Glance V1 API was no longer supported. This fix provides EC2 API support for newer versions of the Glance API.
- Previously, some cinder volume operations would fail when using the NFS backend. This was because cinder's NFS backend driver implements enhanced NAS security features that are enabled by default. These features require non-standard configuration changes in nova's libvirt, and without these changes, some cinder volume operations would fail.
This update introduces TripleO settings to control the NFS driver's NAS secure features, and disables the features by default. As a result, cinder volume operations no longer fail when using the NFS backend.
- Previously, upgrading a composable roles deployment running cinder-manage db sync would fail with duplicate columns in the cinder database. This was because cinder-manage db sync was run multiple times. With this update, the sync only runs only one controller. As a result, the cinder database schema successfully upgrades.
- The ceph-osd package is not required on OpenStack controller and compute nodes; it is only required on ceph storage nodes (including hyperconverged nodes running ceph OSD and compute services). This package is only available in a repository that requires a special entitlement. However, the ceph-osd package is part of the common overcloud image, and its presence creates an RPM dependency problem when it cannot be updated along with the rest of the ceph packages. As a result, yum updates would fail on nodes that do not have the ceph-osd entitlement, even though they do not require the ceph-osd package.
With this update, before performing yum update, the ceph-osd package is removed from overcloud nodes that do not require the package. As a result, yum updates succeed on nodes that do not require the ceph-osd package. Ceph storage and hyperconverged nodes that require the ceph-osd package will still require the necessary ceph OSD entitlement.
- iSCSI session parsing has bugs that affect the attach/detach mechanism, since they were only looking at tcp sessions. Previously, these bugs were not a problem, but with the refactoring of iSCSI connections on os-brick, we began relying more heavily on the iSCSI session parsing. As a result, it was not possible to attach volumes that use iSER protocol. This update includes iSER sessions when checking existing sessions, so attach and detach now work for iSER connections.
- Previously, the default value for the manila configuration variable "neutron_admin_auth_url" was set incorrectly in the template files used by the director. As a result, authorization requests would fail when manila called out to the neutron api, breaking some network setup operations. This update corrects the default setting for "neutron_admin_auth_url" in the director template files, so neutron callouts from manila succeed and network setup proceeds as intended.
- In the release version of OSP11, there was a bug that caused the generation of overcloud fencing configuration to occasionally fail. This update includes improvements to the generator so that overcloud fencing configuration generation is now reliable.
- This update includes a rebase to version 6.5.1, which adds the innodb_buffer_pool_size hiera parameter. This allows MariaDB's buffer pool setting to be tuned for both clustered and non-clustered overcloud MariaDB databases.
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat OpenStack Platform 11 runs on Red Hat Enterprise Linux 7.4.
The Red Hat OpenStack Platform 11 Release Notes contain the following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat OpenStack Platform 11, including which
channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/
This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Affected Products
- Red Hat OpenStack 11 x86_64
Fixes
- BZ - 1341170 - [OSP-director] nova ec2-api integration
- BZ - 1371911 - Cinder create volume from snapshot chmod permission error
- BZ - 1440700 - Unable to live migrate Nova instance with attached NFS backed Cinder volume
- BZ - 1441587 - ntp.conf is overwritten by os-apply-config
- BZ - 1450403 - Downstream only - Fix overcloud-resource-registry for rhos12 and rhos11 in THT
- BZ - 1479327 - OSP10 -> OSP11 upgrade: major upgrade composable step fails on composable roles deployment while running cinder-manage db sync
- BZ - 1483920 - Deployment of native fencing occasionally fails
- BZ - 1484431 - iSER multipath broken after iSCSI refactoring
- BZ - 1485030 - director generated invalid neutron_admin_auth_url in manila.conf.
- BZ - 1487582 - Incorrectly logging as error message on HBA channel search
- BZ - 1488243 - (OSP11 backport) Overcloud deployment doesn't set the hostname in /etc/host in the deployed nodes
- BZ - 1488538 - rebase puppet-tripleo ocata to 6.5.1
- BZ - 1488631 - (OSP11 backport) fail to use jump with tripleo::firewall::rule
- BZ - 1489490 - yum update failed on controller and compute nodes when ceph-osd repos is not enabled
- BZ - 1493286 - Rebase puppet-neutron to ca7b242
- BZ - 1493287 - Rebase puppet-nova to 005e5c8
- BZ - 1493731 - Rebase openstack-tripleo-common to 6a939cb
- BZ - 1493737 - Rebase openstack-tripleo-puppet-elements to 95348c9
- BZ - 1494250 - Rebase puppet-ironic to 64a3b77
- BZ - 1494269 - Rebase puppet-horizon to 155e416
- BZ - 1494271 - Rebase puppet-keystone to 6071885
- BZ - 1494274 - Rebase puppet-manila to c71ba0e
- BZ - 1494281 - Rebase puppet-tripleo to 0848990
- BZ - 1494716 - Rebase openstack-tripleo-heat-templates to 1897de9
- BZ - 1496193 - Rebase puppet-ceph to ebea4b7
- BZ - 1496551 - Rebase openstack-tripleo-heat-templates-compat to 5.3.0-5
CVEs
(none)
References
(none)
Red Hat OpenStack 11
SRPM | |
---|---|
openstack-tripleo-common-6.1.1-1.el7ost.src.rpm | SHA-256: 3d9c632611eb65fb9a6cc3c1ef70168aa05e20855594fde3d71f777775300c8d |
openstack-tripleo-heat-templates-6.2.1-2.el7ost.src.rpm | SHA-256: 792d166b2ff6432ec22288f72d39d2d44997debca7559f30df4702b10f25e5d8 |
openstack-tripleo-heat-templates-compat-5.3.0-5.el7ost.src.rpm | SHA-256: a17a49e62f922a6ed7a3945c02eb10ec79b94000a6b485e2e7ed25a906589182 |
openstack-tripleo-puppet-elements-6.2.1-1.el7ost.src.rpm | SHA-256: 1801abdb23f827973edbae0163f41835e6863f58ef86756f43bb23328e0d86ee |
puppet-ceph-2.4.1-1.el7ost.src.rpm | SHA-256: 70bac35744535212a32ef8167518bc7a0f870b96b4d433e6f5a52e6b39b6046c |
puppet-horizon-10.3.1-3.el7ost.src.rpm | SHA-256: 3a5b14102f8d3292675c8fd314a025f3af7563affd24f549f83cfa311e1f78ac |
puppet-ironic-10.4.1-2.el7ost.src.rpm | SHA-256: 80fb3c7dafa1ec4a0435ee81362334908828b795fa69f488d589ca086b5634ff |
puppet-keystone-10.3.1-2.el7ost.src.rpm | SHA-256: ba4e85ac2fe5c3b760cb07442b2c64d2fcf42d8c593e4fb7418f0f2c22020bcd |
puppet-manila-10.3.1-2.el7ost.src.rpm | SHA-256: 01c09694f34baa5e19e376aafa07917adeebaa728bd825f919d4f110ff9564cc |
puppet-neutron-10.3.1-3.el7ost.src.rpm | SHA-256: dac705be9ea92a7c0f80aa6bdc1ca82a375556cb46056ee46a39f66e8db45733 |
puppet-nova-10.4.1-3.el7ost.src.rpm | SHA-256: 4c87f13e0a741d4f8f0dc4d6b65251585edcc34a56bec17c4c8593c74f4a79e8 |
puppet-tripleo-6.5.1-1.el7ost.src.rpm | SHA-256: 506f262d08affc42e91fed1bc188742df103d0e0f4a1b3a978cd52ba3c92d4d9 |
python-os-brick-1.11.0-5.el7ost.src.rpm | SHA-256: 870b0c4ccfd88a358000e95070b687d653ace7ccd2c0160c8ef74d85f228ff0f |
x86_64 | |
openstack-tripleo-common-6.1.1-1.el7ost.noarch.rpm | SHA-256: af41c504da1a04d900dbf590882ac46d6da6d4e0215ec09f1179a1b81085ea12 |
openstack-tripleo-heat-templates-6.2.1-2.el7ost.noarch.rpm | SHA-256: 1485260ae40fd1e8b6b03b39b1f4c6b6975ed2156d01e83a1f9f41074c9b932d |
openstack-tripleo-heat-templates-compat-5.3.0-5.el7ost.noarch.rpm | SHA-256: ec8568d659317196491099cd8cc8385cf752f6abd03c08b6b790016fdb30e2bf |
openstack-tripleo-puppet-elements-6.2.1-1.el7ost.noarch.rpm | SHA-256: 3d3a3f6fef378301c3c044db1d6514e13f585d7800edc6cd9675bb00d395d1fc |
puppet-ceph-2.4.1-1.el7ost.noarch.rpm | SHA-256: 06dfde7e0cc0aab2eab8f233fc9b17cb8501dca8967f6221cfa021ee4a9b209c |
puppet-horizon-10.3.1-3.el7ost.noarch.rpm | SHA-256: 7c874c2ebc5df2504afd4f572fda5d82c4658e24b0da97e4162ad23f4e674f1d |
puppet-ironic-10.4.1-2.el7ost.noarch.rpm | SHA-256: 23e4cd89a1ae26caa77045bccff490a349e49f5d20b7e317f3e1c3c98400fa09 |
puppet-keystone-10.3.1-2.el7ost.noarch.rpm | SHA-256: a73910f704701d8ab559152eac9a96fa2d7d1d31f238aa11873067334828a46d |
puppet-manila-10.3.1-2.el7ost.noarch.rpm | SHA-256: 388739815bfa28345c386ffca88cb2d0e15f0ca6ef0e0d73b54520437d132cfe |
puppet-neutron-10.3.1-3.el7ost.noarch.rpm | SHA-256: 923dc0d78761dfca2fc52fb282c4a9342ccc0beb6fbec0bd8ef1f6f95e4925bb |
puppet-nova-10.4.1-3.el7ost.noarch.rpm | SHA-256: 24afa885bf0bcc858097fa2da9dffb8a7146749645ddbf25de0565016268335e |
puppet-tripleo-6.5.1-1.el7ost.noarch.rpm | SHA-256: 291de700020adef77663ac3d8aa9c9352ba96c76892b6436ded0eb2a79c1a52f |
python-os-brick-1.11.0-5.el7ost.noarch.rpm | SHA-256: ebea2f6d823f19bfc950b5ff0aac22dff2b83f88351d7818ab331d54565b0492 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.