- Issued:
- 2014-07-28
- Updated:
- 2014-07-28
RHEA-2014:0957 - Product Enhancement Advisory
Synopsis
Red Hat Enterprise Linux OpenStack Platform Enhancement - Identity
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
OpenStack Identity service packages for Red Hat Enterprise Linux OpenStack
Platform 5.0 (Icehouse) for RHEL 6 are now available.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building
a private or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:
- OpenStack Identity service ("keystone").
- OpenStack Identity client ("python-keystoneclient").
The OpenStack Identity service authenticates and authorizes OpenStack users by
keeping track of users and their permitted activities. The Identity service
supports multiple forms of authentication including user name and password
credentials, token-based systems, and AWS-style logins.
The openstack-keystone packages have been rebased to upstream version 2014.1.1.
For more information about this version, refer to
https://launchpad.net/keystone/icehouse/2014.1.1.
This rebase includes several important bug fixes, including:
- Previously, if a user had more than one role on a project, duplicate user
resources were returned when listing users through the v2 Identity API. These
duplicate user resources are now filtered out before returning the response to
clients.(Launchpad#1308218)
- The migration of Identity's SQL assignment data could fail with a
'db_sync_error' when upgrading from Havana to Icehouse due to charset issues.
The charset settings have now been corrected, allowing data migration to
succeed.(Launchpad#1320855)
- LDAP attribute names were being treated as case-sensitive by the Identity
service, even though the LDAP standards specify that attribute names are
case-insensitive. This could cause LDAP-related operations such as
authentication to fail when the LDAP server returned an attribute name in a case
that Identity did not expect. The Identity service has been fixed to properly
treat LDAP attribute names as case-insensitive.(Launchpad#1281216)
- When using LDAP as the Identity backend, there was previously no ability to
map additional attributes that are unknown to Identity. The mapping of
arbitrary attributes is now allowed.(Launchpad#1293698)
These packages also fix various bugs found in the Red Hat Enterprise Linux
OpenStack Platform 4 release.
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat
Enterprise Linux 6.5.
The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes
contain the following:
- An explanation of the way in which the provided components interact to form a
working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for
RHEL 6, including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat OpenStack 5.0 for RHEL 6 x86_64
Fixes
- BZ - 1118487 - Rebase openstack-keystone to 2014.1.1
CVEs
(none)
Red Hat OpenStack 5.0 for RHEL 6
SRPM | |
---|---|
openstack-keystone-2014.1.1-1.el6ost.src.rpm | SHA-256: 67295336b9d33801cadff9e245622bdfe9bd058c551f9f93323b5d54d4050ef8 |
python-keystoneclient-0.9.0-1.el6ost.src.rpm | SHA-256: 57fc1d1270ad34e232e17bca1e1ae7a58daf5c5ea1450ef81457c07bc435a4d4 |
x86_64 | |
openstack-keystone-2014.1.1-1.el6ost.noarch.rpm | SHA-256: 7584c7b60c9ae948ae53460a48d91363fede160bac949e3b84913604ad35dc07 |
openstack-keystone-doc-2014.1.1-1.el6ost.noarch.rpm | SHA-256: 8bdf2495b3699b3f85225aa8ca8f402b959f234975875263e38094f05fce72a1 |
python-keystone-2014.1.1-1.el6ost.noarch.rpm | SHA-256: 24bbc2371313b17f11718dd4a81ddd3b00f604536720c41431f1324226154100 |
python-keystoneclient-0.9.0-1.el6ost.noarch.rpm | SHA-256: f28bb21d62f8b1215a67454e1fc090f74ffdb8129286d92de0cef91154092296 |
python-keystoneclient-doc-0.9.0-1.el6ost.noarch.rpm | SHA-256: 5ac8742a78326a2edaf360acc758ebc14155f6089ce199ec230a8d4f1c245a22 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.