- Issued:
- 2016-12-21
- Updated:
- 2016-12-21
RHBA-2016:2984 - Bug Fix Advisory
Synopsis
openstack-neutron bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 9.0 (Mitaka) for RHEL 7.
Description
Red Hat OpenStack Platform provides the facilities for building a private
or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:
- OpenStack Networking service
OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)
This update addresses the following issues:
- Due to the nature of concurrency, database precommit errors can occasionally occur. The precommit may issue database transactions, depending on the mechanism driver. Certain operations (for example, on subnets, routers) touch many other resources in a single database transaction (for example, IP allocation, ports). In addition, a background operation by the mechanism driver, (such as background sync, periodic resource monitoring) may touch those database tables in a different order.
Consequently, a transaction may sometimes fail in the precommit phase.
With this update, a retry is performed on the precommit failure. As a result, this can mitigate precommit issues. (BZ#1378123)
- The ip_gre kernel module introduces two new interfaces to every network namespace; with Red Hat Enterprise Linux 7.3, the ip_gre kernel module is a dependency of the vport_gre module used by the Open vSwitch module. Consequently, these two devices can not be removed from the namespace, while neutron-netns-cleanup only removes the namespace if it does not contain any network interface. The presence of those devices causes the namespace removal to be skipped.
With this update, the two new interfaces added by ip_gre will be ignored, similar to how the loopback interface does not block removal.
As a result, the namespace is considered empty if it contains loopback and GRE interfaces, and will be cleaned up even if includes these interfaces. (BZ#1382718)
- Previously, the `physical_network_mtus` configuration option for the ML2 plugin was ignored.
Consequently, there was no way to configure custom MTUs for physical networks.
As a result of this fix, advanced MTU settings that use the `physical_network_mtus` option now honour the configured MTUs. (BZ#1396533)
- Previously, during port scaling, the ML2 plugin Nexus MD Driver threads closed the connections before other threads were completed.
Consequently, the Nexus limit of 8 connections was exceeded.
This update adds locks to threads, to prevent the thread from interfering with another thread's operations. (BZ#1376081)
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat OpenStack Platform 9 runs on Red Hat Enterprise Linux 7.3.
The Red Hat OpenStack Platform 9 Release Notes contain the following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat OpenStack Platform 9, including which
channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/release-notes/
This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Affected Products
- Red Hat OpenStack 9 x86_64
Fixes
- BZ - 1376081 - pick-up fix for Nexus threads prematurely terminating sessions
- BZ - 1378123 - Allow retry on DB error for precommit [osp-9]
- BZ - 1382412 - agent traces about bridge-nf-call sysctl values missing in RHEL 7.3
- BZ - 1393412 - functional test test_get_root_helper_child_pid_returns_first_child failing
- BZ - 1394880 - Booting up VM with dual stack interface is affected by the order of Neutron subnet creation
- BZ - 1394890 - Compute and controller nodes are not reachable after reboot when OVS bridges are set to secure fail mode
- BZ - 1396533 - MTU configuration not working as expected
CVEs
(none)
References
(none)
Red Hat OpenStack 9
SRPM | |
---|---|
openstack-neutron-8.1.2-13.el7ost.src.rpm | SHA-256: baf0de1a137381d2db08c7d3adf14b464ed7c72b3a1aa75e4072fc1771cb4920 |
python-networking-cisco-3.0.0-2.el7ost.src.rpm | SHA-256: 6e01f5e6536516e8374654547084fafbe578fd02d7127436370c2fb25ad0ffaa |
x86_64 | |
openstack-neutron-8.1.2-13.el7ost.noarch.rpm | SHA-256: 959e0e20e8e096afe8bc3b6afa14a8d90cba96afb42235e0818aab56e40b94c8 |
openstack-neutron-bgp-dragent-8.1.2-13.el7ost.noarch.rpm | SHA-256: 37b5c01c7f4bdf8d4bde66b820d62627b27b69ed9f718ce1d691ff2ed91700aa |
openstack-neutron-common-8.1.2-13.el7ost.noarch.rpm | SHA-256: dbc853522b8f2ee5875aadc4a928aa5b0db2b195f13bdb6395164be3a6cbbfd6 |
openstack-neutron-linuxbridge-8.1.2-13.el7ost.noarch.rpm | SHA-256: ffd30b2086d38723c447d9db4cb54d043eaf70a69eb8f95fdf4e21b15205ff2d |
openstack-neutron-macvtap-agent-8.1.2-13.el7ost.noarch.rpm | SHA-256: 80b9f765c70f0138b067b87bf3003aaa1d735b7346061f909344912506c576a1 |
openstack-neutron-metering-agent-8.1.2-13.el7ost.noarch.rpm | SHA-256: 9a4caeb0408eaca4f501ad9f4ad2a032ba9bc1649afbd9883e8413f97ac29cfb |
openstack-neutron-ml2-8.1.2-13.el7ost.noarch.rpm | SHA-256: 4dd42bacb49f08698418892126d61847598a18c0cf6d1adf7488162d145c1a97 |
openstack-neutron-openvswitch-8.1.2-13.el7ost.noarch.rpm | SHA-256: f53182b721d55577c0c9f9933972076339d9582afd8048d4383015fb8b686e91 |
openstack-neutron-rpc-server-8.1.2-13.el7ost.noarch.rpm | SHA-256: 186b7723d58674294a77613c430081222dae3e313be2292e1069682f7145515a |
openstack-neutron-sriov-nic-agent-8.1.2-13.el7ost.noarch.rpm | SHA-256: 36ffabf7f265f54c662444d27938f211862c172e81d3b8c24334ea0b03981d8c |
python-networking-cisco-3.0.0-2.el7ost.noarch.rpm | SHA-256: 3ccd3c4808d631a457fdfa502cad3006aba4b0c5777b9e7471f4bf720a872d2a |
python-neutron-8.1.2-13.el7ost.noarch.rpm | SHA-256: 1332c8714e1d863970d8bffbdfdc04e4272cb50c2396d28cac2c964ae138b1d8 |
python-neutron-tests-8.1.2-13.el7ost.noarch.rpm | SHA-256: 48c07efa25d6abbe3741585376d9744f9dfb927465f6399564352c76aadd49b4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.