- Issued:
- 2014-07-08
- Updated:
- 2014-07-08
RHEA-2014:0854 - Product Enhancement Advisory
Synopsis
Red Hat Enterprise Linux OpenStack Platform Enhancement - Identity
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
OpenStack Identity service packages for Red Hat Enterprise Linux OpenStack
Platform 5.0 (Icehouse) for RHEL 7 are now available.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building
a private or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:
- OpenStack Identity service ("keystone").
- OpenStack Identity client ("python-keystoneclient").
The OpenStack Identity service authenticates and authorizes OpenStack users by
keeping track of users and their permitted activities. The Identity service
supports multiple forms of authentication including user name and password
credentials, token-based systems, and AWS-style logins.
These packages also fix various bugs found in the Red Hat Enterprise Linux
OpenStack Platform 4 release. Documentation for these bug fixes is available in
the Technical Notes document, available at:
https://access.redhat.com/site/documentation/en-UShttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Technical_Notes/index.html
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat
Enterprise Linux 7.0.
The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes
contain the following:
- An explanation of the way in which the provided components interact to form a
working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for
RHEL 7, including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat OpenStack 5.0 for RHEL 7 x86_64
Fixes
- BZ - 901955 - 'keystone-all' script issues
- BZ - 908355 - Keystone SQL Backend does not remove expired tokens
- BZ - 970098 - Keystone API v3 lists disabled endpoints and services in catalog
- BZ - 1028856 - keystone-manage man page errors [PATCH]
- BZ - 1033190 - codec can't encode character u'\\u2013'
- BZ - 1041859 - [RFE][keystone]: Update own password
- BZ - 1041860 - [RFE][keystone]: v3 Region API
- BZ - 1041863 - [RFE][keystone]: Opting out from catalog during token validation
- BZ - 1041864 - [RFE][keystone]: Support Accept-Language for API messages
- BZ - 1041865 - [RFE][keystone]: Provide ability for length of list responses to be limited
- BZ - 1041873 - [RFE][keystone]: Update Driver base objects for Keystone pluggable systems to use ABCMeta metaclass
- BZ - 1041875 - [RFE][keystone]: Keystone needs to record audit relevant events for audit trail
- BZ - 1041877 - [RFE][keystone]: Use Dogpile.cache as a KVS abstraction for backends
- BZ - 1041886 - [RFE][keystone]: SAML consumption
- BZ - 1041904 - [RFE][keystone]: Extend filtering into the identity backends wherever possible to improve scaling and performance
- BZ - 1041930 - [RFE][keystone]: Callbacks on internal events
- BZ - 1041959 - [RFE][keystone]: Enable limited trust chaining
- BZ - 1042373 - [RFE][keystone]: Unified SQL table for role assignments
- BZ - 1043708 - [RFE][keystone]: Make Assignment Controllers/Routers First Class
- BZ - 1052807 - [RFE][keystone]: Reduce default token duration
- BZ - 1053722 - [RFE][keystone]: External Identity Providers
- BZ - 1055856 - [RFE][keystone]: Implement notifications for trust
- BZ - 1056875 - [RFE][keystone]: i18n logging
- BZ - 1058577 - [RFE][keystone]: Move s3_token middleware to keystoneclient
- BZ - 1059963 - [RFE][keystone]: Convert to oslo.messaging
- BZ - 1060397 - [RFE][keystone]: MongoDb as dogpile caching backend
- BZ - 1062034 - [RFE][keystone]: Notifications for Disable Events
- BZ - 1073011 - with ldap.Identity token issueing fails with KeyError on user_ref['name']
- BZ - 1101713 - /etc/profile.d/keystone.sh created, can we move to /etc/bash_completion.d/
CVEs
(none)
References
(none)
Red Hat OpenStack 5.0 for RHEL 7
SRPM | |
---|---|
openstack-keystone-2014.1-6.el7ost.src.rpm | SHA-256: ed91ab08366a0b9d20ec08d820b846a282f93fa61b1cd3844d35bdad26a9df63 |
python-keystoneclient-0.9.0-1.el7ost.src.rpm | SHA-256: 3026bb2e041f5d4f83113b213619c6e9f269a98af1d421906b858c83233bf976 |
x86_64 | |
openstack-keystone-2014.1-6.el7ost.noarch.rpm | SHA-256: c7ea584102e0c82e13cea9cf4ed5f284f13aba914f171252bcccfd94f17e0c63 |
openstack-keystone-doc-2014.1-6.el7ost.noarch.rpm | SHA-256: 2bd815a5ad1d4b0e8ed61d36b15d4506f8ece53607d4403e707bb7d255e44589 |
python-keystone-2014.1-6.el7ost.noarch.rpm | SHA-256: eebdc6dcfc89a002116bfa7ba5b8b6b1f4ddee755c8111079e99c42a53e8abd4 |
python-keystoneclient-0.9.0-1.el7ost.noarch.rpm | SHA-256: 5264af72bd3681ce26c34202cf949de1cade07038b95dadd79c39d8141e0bab7 |
python-keystoneclient-doc-0.9.0-1.el7ost.noarch.rpm | SHA-256: ec8463a4b2a21bc8a3518a8afa701db90721cd842e54f15dd27d5a12cbb532cd |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.