Red Hat Product Errata RHEA-2014:0854 - Product Enhancement Advisory
Issued:
2014-07-08
Updated:
2014-07-08

RHEA-2014:0854 - Product Enhancement Advisory

Synopsis

Red Hat Enterprise Linux OpenStack Platform Enhancement - Identity

Type/Severity

Product Enhancement Advisory

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

OpenStack Identity service packages for Red Hat Enterprise Linux OpenStack
Platform 5.0 (Icehouse) for RHEL 7 are now available.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building
a private or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:

  • OpenStack Identity service ("keystone").
  • OpenStack Identity client ("python-keystoneclient").

The OpenStack Identity service authenticates and authorizes OpenStack users by
keeping track of users and their permitted activities. The Identity service
supports multiple forms of authentication including user name and password
credentials, token-based systems, and AWS-style logins.

These packages also fix various bugs found in the Red Hat Enterprise Linux
OpenStack Platform 4 release. Documentation for these bug fixes is available in
the Technical Notes document, available at:
https://access.redhat.com/site/documentation/en-UShttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Technical_Notes/index.html

Solution

Before applying this update, ensure all previously released errata
relevant to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat
Enterprise Linux 7.0.

The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes
contain the following:

  • An explanation of the way in which the provided components interact to form a

working cloud computing environment.

  • Technology Previews, Recommended Practices, and Known Issues.
  • The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for

RHEL 7, including which channels need to be enabled and disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html

This update is available through the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

  • BZ - 901955 - 'keystone-all' script issues
  • BZ - 908355 - Keystone SQL Backend does not remove expired tokens
  • BZ - 970098 - Keystone API v3 lists disabled endpoints and services in catalog
  • BZ - 1028856 - keystone-manage man page errors [PATCH]
  • BZ - 1033190 - codec can't encode character u'\\u2013'
  • BZ - 1041859 - [RFE][keystone]: Update own password
  • BZ - 1041860 - [RFE][keystone]: v3 Region API
  • BZ - 1041863 - [RFE][keystone]: Opting out from catalog during token validation
  • BZ - 1041864 - [RFE][keystone]: Support Accept-Language for API messages
  • BZ - 1041865 - [RFE][keystone]: Provide ability for length of list responses to be limited
  • BZ - 1041873 - [RFE][keystone]: Update Driver base objects for Keystone pluggable systems to use ABCMeta metaclass
  • BZ - 1041875 - [RFE][keystone]: Keystone needs to record audit relevant events for audit trail
  • BZ - 1041877 - [RFE][keystone]: Use Dogpile.cache as a KVS abstraction for backends
  • BZ - 1041886 - [RFE][keystone]: SAML consumption
  • BZ - 1041904 - [RFE][keystone]: Extend filtering into the identity backends wherever possible to improve scaling and performance
  • BZ - 1041930 - [RFE][keystone]: Callbacks on internal events
  • BZ - 1041959 - [RFE][keystone]: Enable limited trust chaining
  • BZ - 1042373 - [RFE][keystone]: Unified SQL table for role assignments
  • BZ - 1043708 - [RFE][keystone]: Make Assignment Controllers/Routers First Class
  • BZ - 1052807 - [RFE][keystone]: Reduce default token duration
  • BZ - 1053722 - [RFE][keystone]: External Identity Providers
  • BZ - 1055856 - [RFE][keystone]: Implement notifications for trust
  • BZ - 1056875 - [RFE][keystone]: i18n logging
  • BZ - 1058577 - [RFE][keystone]: Move s3_token middleware to keystoneclient
  • BZ - 1059963 - [RFE][keystone]: Convert to oslo.messaging
  • BZ - 1060397 - [RFE][keystone]: MongoDb as dogpile caching backend
  • BZ - 1062034 - [RFE][keystone]: Notifications for Disable Events
  • BZ - 1073011 - with ldap.Identity token issueing fails with KeyError on user_ref['name']
  • BZ - 1101713 - /etc/profile.d/keystone.sh created, can we move to /etc/bash_completion.d/

CVEs

(none)

References

(none)

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-keystone-2014.1-6.el7ost.src.rpm SHA-256: ed91ab08366a0b9d20ec08d820b846a282f93fa61b1cd3844d35bdad26a9df63
python-keystoneclient-0.9.0-1.el7ost.src.rpm SHA-256: 3026bb2e041f5d4f83113b213619c6e9f269a98af1d421906b858c83233bf976
x86_64
openstack-keystone-2014.1-6.el7ost.noarch.rpm SHA-256: c7ea584102e0c82e13cea9cf4ed5f284f13aba914f171252bcccfd94f17e0c63
openstack-keystone-doc-2014.1-6.el7ost.noarch.rpm SHA-256: 2bd815a5ad1d4b0e8ed61d36b15d4506f8ece53607d4403e707bb7d255e44589
python-keystone-2014.1-6.el7ost.noarch.rpm SHA-256: eebdc6dcfc89a002116bfa7ba5b8b6b1f4ddee755c8111079e99c42a53e8abd4
python-keystoneclient-0.9.0-1.el7ost.noarch.rpm SHA-256: 5264af72bd3681ce26c34202cf949de1cade07038b95dadd79c39d8141e0bab7
python-keystoneclient-doc-0.9.0-1.el7ost.noarch.rpm SHA-256: ec8463a4b2a21bc8a3518a8afa701db90721cd842e54f15dd27d5a12cbb532cd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.