- Issued:
- 2014-07-28
- Updated:
- 2014-07-28
RHEA-2014:0953 - Product Enhancement Advisory
Synopsis
Red Hat Enterprise Linux OpenStack Platform Enhancement - Networking
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
OpenStack Networking service packages for Red Hat Enterprise Linux OpenStack
Platform 5.0 (Icehouse) for RHEL 6 are now available.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building
a private or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:
- OpenStack Networking service ("Neutron").
- OpenStack Networking client ("python-neutronclient").
OpenStack Networking (Neutron) is a virtual network service for OpenStack. Just
as OpenStack Compute (Nova) provides an API to dynamically request and configure
virtual servers, In addition, OpenStack Networking provides an API to
dynamically request and configure virtual networks.
- In Red Hat Enterprise Linux OpenStack Platform 5.0, OpenStack Networking
notifies Compute about port status changes, and to do so it requires Identity
credentials in the file neutron.conf.
Prior to this update, an instance's network ports were not created if the
Compute (nova) API configuration was missing from neutron.conf.
This update addresses this issue by disabling 'nova-neutron' notifications by
default in Red Hat Enterprise Linux OpenStack Platform 5.0.
As a result, instances will boot without dependency on the notification feature.
Enabling Compute's notifications is recommended in order to mitigate race
behavior issues.
This is managed in the following neutron.conf parameters:
notify_nova_port_status_changes=true
notify_nova_on_port_data_changes=true
nova_url=http://[nova_api]:[nova_api_port]/v2
nova_admin_username=[admin_username]
nova_admin_password=[admin_password]
nova_admin_tenant_id=[admin_tenant_id]
nova_admin_auth_url=http://[keystone_service_ip]:[keystone_port]/v2.0
With this workaround in place, OpenStack Networking will correctly notify
Compute of port changes. (BZ#1094506)
- An argument that would make the agent read the /etc/neutron/fwaas_driver.ini
configuration file was missing in the previous release's neutron-vpn-agent
service files. As a result, neutron-vpn-agent didn't apply configuration from
the configuration file. At the same time, the L3 agent that is replaced by
neutron-vpn-agent did read the file. This introduced inconsistency in how
different L3 agents were configured.
The service files have been updated so that the configuration file is now read
on agent startup, and configuration from the file is applied for
neutron-vpn-agent. (BZ#1098596)
- Previously, the OpenStack Networking (neutron) package did not depend on the
iproute2 version with network-namespace support. This meant that OpenStack
Networking was installed, but failed to operate with network namespaces.
An explicit dependency has been added to either install or update iproute2 to a
version with network-namespace support. OpenStack Networking can now operate
with network namespaces. (BZ#1101315)
- When deleting a port, under some circumstances a deadlock occurred when two
inter-dependent threads attempted to access the same database row.
This resulted in the database library returning an OperationalError after a
delay of approximately 50 seconds.
This has been fixed by moving notifications which could cause this type of
conflict to outside the database transaction.
Now, these types deadlock do not occur. (BZ#1117818)
- With this release, openstack-neutron is now rebased to upstream version
2014.1.1. This rebase applies the following updates:
- OVS agent now handles 'openvswitch service restart' correctly.
- Querying for security groups is optimized.
- The router-list command performance is optimized, reducing the average time of
the operation for 10-30%.
- Multiple updates to VMware NSX, Cisco N1KV, and other plugins.
(BZ#1118484)
These packages also fix various bugs found in the Red Hat Enterprise Linux
OpenStack Platform 4 release.
Documentation for these bug fixes is available in the Technical Notes document:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_Open Stack_Platform/5/html/Technical_Notes/index.html
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat
Enterprise Linux 6.5.
The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes
contain the following:
- An explanation of how the provided components interact to form a working cloud
computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for
RHEL 6, including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat OpenStack 5.0 for RHEL 6 x86_64
Fixes
- BZ - 1042945 - [RFE][neutron]: Data Migration for Depricated Quantum Plugins-and-Drivers
- BZ - 1094506 - Instances will not boot after upgrade because of missing required config for neutron/nova notifications
- BZ - 1098596 - neutron-vpn-agent does not use the /etc/neutron/fwaas_driver.ini
- BZ - 1101261 - Multiple RPC workers and Neutron nova notifications don't play nice
- BZ - 1101315 - openstack-neutron should require a version of iproute that includes netns.
- BZ - 1108562 - Booting a VM overloads Neutron service; DHCP agent sends unneeded RPC request per port
- BZ - 1113953 - neutron-openvswitch-agent exits with 1 on SIGTERM
- BZ - 1115408 - Neutron packaging attempts to update sudoers config file avoiding usual procedure
- BZ - 1117818 - DB locking errors when deleting multiple instances that have floating IPs associated to them.
- BZ - 1118484 - Rebase openstack-neutron to 2014.1.1
CVEs
(none)
Red Hat OpenStack 5.0 for RHEL 6
SRPM | |
---|---|
openstack-neutron-2014.1.1-4.el6ost.src.rpm | SHA-256: 9d66e6af80be62581a4846fd17362d70eea68135c9616c3fc561b6b48ef4ab5b |
python-neutronclient-2.3.4-2.el6ost.src.rpm | SHA-256: e5298e761a984d15c6c0ce28a6ccca5df2e38ab756c9570f8f4681c715856e07 |
x86_64 | |
openstack-neutron-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 3a5b818adc8f23d6e11c0fdd4b37d61f0564f2f1cfdd08dc2d18475ed8fb39f8 |
openstack-neutron-bigswitch-2014.1.1-4.el6ost.noarch.rpm | SHA-256: fe50a2b01fc9b0ab3f27d6ff045b61375a542a0688232a2151ad218990fd21af |
openstack-neutron-brocade-2014.1.1-4.el6ost.noarch.rpm | SHA-256: fb65a47b77807716dafd2dfdb33ffe1fe0c9dbedf36ca4ec92d80b3fce88ebee |
openstack-neutron-cisco-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 6be83548f8c55b65fea818b168b627b33debbdce3ef793588ac8d6d2b1f4cace |
openstack-neutron-hyperv-2014.1.1-4.el6ost.noarch.rpm | SHA-256: d0e2b7f21a3113ddf3948dbc3453e47a8fd93161e88412d0a5e5048173188df5 |
openstack-neutron-ibm-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 6417926c64240817ae7db540c1623c3f550bbda203c54d1086ea773042394b75 |
openstack-neutron-linuxbridge-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 4f2f6e3ae453208e296d197c98771d3c0ebf6d1b5da81c8a5e5e820d3242b7dc |
openstack-neutron-mellanox-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 5e00b47bbdb8dbb6ca1d2ff7e14d63a92989138dcc0fde0fb1367770a4cc88bc |
openstack-neutron-metaplugin-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 852fa534419b92e541a7f53e9c44624916225d31f54153d0907e808aef6f40ac |
openstack-neutron-metering-agent-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 59721a30fe47a5567f09a5281aeac20c7fe9526f196d264092de9376081e5148 |
openstack-neutron-midonet-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 2702f67eb6d4951ea6aa3c0b3a8172f1c41ac8af86eafa29715f8f27d17e4ba8 |
openstack-neutron-ml2-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 28255baa9f3cab121053181f78ce9c407c39e5135c446202db5eb8c611c8d4f5 |
openstack-neutron-nec-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 45eb207c15991c4c9e36721ec051411f3c415adc361b74971d7a6a520918ee7b |
openstack-neutron-ofagent-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 28862863ea98e4050d4b6cab4c8c67f695c66062e0d3b5fed8d0e0fd7dc242b7 |
openstack-neutron-oneconvergence-nvsd-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 825fca2356f42cfcc074fd74288be20eb29808e9e7120a9979976d372b023e5a |
openstack-neutron-openvswitch-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 702757e57705f25ca0c2dd18de5617f453bc2d947a0d5312fb96b0ef4fc53481 |
openstack-neutron-plumgrid-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 1cba07dce8e64a2028de82bdbb0e8fdb8b6228874b1cfd97638fbc205255486f |
openstack-neutron-ryu-2014.1.1-4.el6ost.noarch.rpm | SHA-256: f33fbc78b7d985622a75202fc59e8e3ec9f60c9f4cd5c14b91a35c47ce6e44f9 |
openstack-neutron-vmware-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 374e65185dc0ece881567edec50784f334bb09137b95d75f0f9a9625905db4fc |
openstack-neutron-vpn-agent-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 0a8ff018461d8f68d60ab32253c371af3283606411f16ad1fff127a567f01aca |
python-neutron-2014.1.1-4.el6ost.noarch.rpm | SHA-256: 098a359684a3e3fdcfd24e9ff10ee8196491798c230ccb4093f26de0c03ce64a |
python-neutronclient-2.3.4-2.el6ost.noarch.rpm | SHA-256: 6cc1ad423960617def706e9cd79b56aabf95f2fe4c888eeea89860c4bd8620ae |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.