- Issued:
- 2015-02-09
- Updated:
- 2015-02-09
RHEA-2015:0145 - Product Enhancement Advisory
Synopsis
openstack-swift enhancement advisory
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Object Storage packages that resolve various issues
are now available for Red Hat Enterprise Linux OpenStack Platform 6.0
(Juno).
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities
for building a private or public infrastructure-as-a-service (IaaS)
cloud running on commonly available physical hardware. This advisory
includes packages for:
- OpenStack Object Storage service
OpenStack Object Storage (swift) provides object storage in virtual
containers, which allows users to store and retrieve files (arbitrary
data). The service's distributed architecture supports horizontal scaling;
redundancy as failure-proofing is provided through software-based data
replication. Because Object Storage supports asynchronous eventual
consistency replication, it is well suited to multiple data-center
deployment.
The openstack-swift package has been rebased to 2.2.0.
Notable enhancements and fixes include:
- Storage Policies are now supported. This is a large code change in the
internals of the Object Storage service. See the upstream documentation:
http://swift.openstack.org/overview_policies.html
Storage Policies have shown good compatibility in upstream testing,
including the automated scheme migration (zero downtime is possible).
However, note that once you upgrade nodes to openstack-swift 2.x, you
cannot return them to openstack-swift 1.13 due to the change in the
database format. Another visible change is in the API where policy
summaries are reported in HEAD requests or the "stat" subcommand in CLI.
- The bind_port parameter must be specified, which permits a seamless
change of the default away from the old 6000 block. For now you must set
bind_port in all configurations, or the Object Storage service will
refuse to start after a "yum upgrade". Red Hat Enterprise Linux OpenStack
Platform deployment tools specify the bind_port value, so typically no
action is required. The administrator should verify that services restart
normally after an upgrade.
- Identity service (keystone) v3 authentication is fully supported. In
v3, user names are no longer unique in tenants because of the new concept
of "domains". To avoid ambiguity and improperly granting permissions, you
should now specify user IDs instead of user names in the Container Access
Control Lists (ACLs). Old ACLs continue to work and apply to the default
domain (specified in the configuration). Even if you continue to use
Identity v2, Red Hat recommends you transition to user IDs in ACLs.
- The Object Storage service now rejects ranged requests that are deemed
not sensible (such as those with more than 50 specified ranges). This
eliminates a possibility of denial-of-service (DoS) through ranged
requests. Please report if any legitimate applications stop working.
- A server-side copy between accounts is now supported by adding a
"Destination-Account:" header instead of the traditional "Destination:"
header.
- Object auditor can now run several audits in parallel (see the
"concurrency" setting). This is useful for "fat" nodes with large
hardware parallelism (if you have 80 drives per node, you should
investigate this).
- Object updater can now also run in parallel, but does not require
explicit configuration.
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat
Enterprise Linux 7.0.
This update is available through 'yum update' on systems registered
through Red Hat Subscription manager. For more information about Red
Hat Subscription manager, refer to:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Red Hat Enterprise Linux OpenStack Platform 6 documentation is
available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform
The Release Notes include:
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack
Platform 6, including which channels need to be enabled and disabled.
Affected Products
- Red Hat OpenStack 6.0 x86_64
Fixes
- BZ - 1170809 - Rebase openstack-swift to 2.2.0
CVEs
(none)
References
(none)
Red Hat OpenStack 6.0
SRPM | |
---|---|
x86_64 | |
openstack-swift-2.2.0-2.el7ost.noarch.rpm | SHA-256: 0150420f2168f1fe3ffea9fb20c16891edd9e8bee1d782cb35ed0a800a2a3764 |
openstack-swift-account-2.2.0-2.el7ost.noarch.rpm | SHA-256: c778dd842302f2329b538c0f546036692591b86f0fa591df4a532ebfb26994c7 |
openstack-swift-container-2.2.0-2.el7ost.noarch.rpm | SHA-256: cf27b49d5668577dc367b410505f4d0e17fac0a0ac0fa8d361ba74db65c6e0fb |
openstack-swift-doc-2.2.0-2.el7ost.noarch.rpm | SHA-256: 17e1e2a87abf44e07a7b95be041ada9b13d3f7665a388d95741a7e24465450d5 |
openstack-swift-object-2.2.0-2.el7ost.noarch.rpm | SHA-256: 458cd7664e0285eaf8e59290679895ef1fc4c14404687c863d1d8170739af1df |
openstack-swift-plugin-swift3-1.7-3.el7ost.noarch.rpm | SHA-256: b92992a62008ca053590353711206fd45241aaa853cdcdbc88b649e56de311bc |
openstack-swift-proxy-2.2.0-2.el7ost.noarch.rpm | SHA-256: 33e7feebcd9de6611efd20120cb8c880540580c4b9dd6f829f8aeec8afdf571a |
python-swiftclient-2.3.1-2.el7ost.noarch.rpm | SHA-256: 9661dd657ca80b530d3f16e5fb6d02ccea114433dc02483e2c12e13eaf99d863 |
python-swiftclient-doc-2.3.1-2.el7ost.noarch.rpm | SHA-256: d72c26ab206d3b1a456369cadff11544d7c0c1e8075d03ef3b50ee61499f8b8e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.