- Issued:
- 2017-10-16
- Updated:
- 2017-10-16
RHBA-2017:2896 - Bug Fix Advisory
Synopsis
openstack-neutron bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7.
Description
Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:
- OpenStack Networking service
OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)
Changes to the openstack-neutron component:
- The new iptables version that ships with RHEL 7.4 includes a new --wait parameter. This parameter allows iptables commands issued in parallel to wait until a lock is released by the prior command. For OpenStack, the neutron service provides the iptables locking but only on the routers level.
As such, when processing routers (for example, during a fullsync after the l3 agent is started), some iptables commands issued by neutron may fail because they are experiencing this lock and require the --wait parameter that is not available in neutron yet. Any routers affected by this will cause malfunctions of some floating IPs, or some instances may not access the metadata API during cloud-init.
We recommend that you do not upgrade to RHEL 7.4 until neutron is released with a fix that adopts the new iptables --wait parameter. (BZ#1489070)
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat OpenStack Platform 10 runs on Red Hat Enterprise Linux 7.4.
The Red Hat OpenStack Platform 10 Release Notes contain the following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat OpenStack Platform 10, including which
channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/10/paged/release-notes
This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Affected Products
- Red Hat OpenStack 10 x86_64
Fixes
- BZ - 1489070 - iptables manager may fail to apply firewall rules if another iptables* process is being executed
CVEs
(none)
References
(none)
Red Hat OpenStack 10
SRPM | |
---|---|
openstack-neutron-9.4.1-2.el7ost.src.rpm | SHA-256: 0eaf846c6e363efe0b9546e7e50f5f4fb74e3a067e64fa0d5237bec591a3a432 |
x86_64 | |
openstack-neutron-9.4.1-2.el7ost.noarch.rpm | SHA-256: 859f675846fcf0d5986907c04312dfdc7e7a765c887d37d5fe4994b6c7242732 |
openstack-neutron-common-9.4.1-2.el7ost.noarch.rpm | SHA-256: 621346ca801bd43eb52c44e5ccc1e5245c22b56414b0a9d7150bc104ba8a6a91 |
openstack-neutron-linuxbridge-9.4.1-2.el7ost.noarch.rpm | SHA-256: bad4c3a324f7b7f52c38c654f1b7f7cb8103cea69cca5ecf51754d4f60d37a9f |
openstack-neutron-macvtap-agent-9.4.1-2.el7ost.noarch.rpm | SHA-256: 545db52d49a074bdcb7d4794420d880c89e341c5fb5471dae9d93703a9e36324 |
openstack-neutron-metering-agent-9.4.1-2.el7ost.noarch.rpm | SHA-256: 2f2884721a994c3eed94603d9cb005e3ce6ec61a83f470ba80ab7cdb8d5439b8 |
openstack-neutron-ml2-9.4.1-2.el7ost.noarch.rpm | SHA-256: b18f90e7ff379f77091ad37d7dea0a12ff960ba1af5d1f40f7a79427d1e98558 |
openstack-neutron-openvswitch-9.4.1-2.el7ost.noarch.rpm | SHA-256: c2b92470426d55b69b2d53a287a02e156bd2d59c24f78da329dd52e9cbe0a864 |
openstack-neutron-rpc-server-9.4.1-2.el7ost.noarch.rpm | SHA-256: fb6d339c25b0825ec7f88727b78bad6ec161d44686d32fa5ea22aada355122a7 |
openstack-neutron-sriov-nic-agent-9.4.1-2.el7ost.noarch.rpm | SHA-256: bdc6e9dc7179f37b0b183b1de076ca433cabfaac80717c4d9b60d6b08db6bb67 |
python-neutron-9.4.1-2.el7ost.noarch.rpm | SHA-256: cc13b7da4b187be6ba40826d3bd2ec096cf26b7db99b42f6b5ff204ac3eb9c1f |
python-neutron-tests-9.4.1-2.el7ost.noarch.rpm | SHA-256: c2f323fff106bece34b84515683481877a0ebac4de81ff2e995a86e85d7c14b7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.