- Issued:
- 2015-03-05
- Updated:
- 2015-03-05
RHBA-2015:0635 - Bug Fix Advisory
Synopsis
openstack-neutron bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Networking packages that resolve various issues are
now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno)
for RHEL 7.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities
for building a private or public infrastructure-as-a-service (IaaS)
cloud running on commonly available physical hardware. This advisory
includes packages for:
- OpenStack Networking service
OpenStack Networking (neutron) is a virtual network service for
OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically
request and configure virtual servers, OpenStack Networking provides
an API to dynamically request and configure virtual networks. These
networks connect ‘interfaces’ from other OpenStack services
(e.g. virtual NICs from Compute VMs). The OpenStack Networking API
supports extensions to provide advanced network capabilities (e.g. QoS,
ACLs, network monitoring, etc.)
This update addresses the following issues:
- Previously, the br-tun bridge was reset (OF rules and ports) during openvswitch-agent restarts, and in some conditions because of neutron-server restarts.
Consequently, if a broadcast packet entered br-tun while there were no openflow rules, and at least 2 other hosts br-tun had been reset the same way, the packet generated a network broadcast storm raising the network usage and the Open vSwitch cpu usage on all hosts.
This update fixes this issue by setting br-tun automatically into secure mode during reset. As a result, packets will not be forwarded in the absence of openflow rules, and the race condition has been eliminated. (BZ#1191922)
The rebase package includes a number of notable enhancements and fixes under version 2014.2.2:
- DHCP agent: Don't inject metadata service routes for DVR ports. Spawning metadata proxy for isolated networks fixed.
- Security Groups: Race condition processing port updates fixed. Old firewall rules are now properly cleaned up when a port is detached from security groups.
- IPv6: Gateway IP is now allocated for SLAAC subnets on creation. DHCP server is now properly advertised via Router Advertisement messages for DHCP stateless and stateful subnets. IPv6 address allocation code is optimized to reflect huge sizes of IPv6 ranges. Support IPv6 stateful subnets with prefix-length other than 64. Fixed IP addresses are now not allowed for auto-address subnets. Subnet deletion now properly clean up auto-address ports. IP allocation for networks with multiple SLAAC subnets is now fixed.
- L3 High Availability (HA): Avoid switching green threads from under database transaction when creating a router.
- DVR: Race condition processing floating IP addresses fixed. Empty FIP namespaces are now properly cleaned up. Ensure a Floating IP address is served via single namespace. Fixed OVS agent startup failure due to race condition in RPC message processing.
- API: Green threads are now properly released into pool when connections are stalled.
- Plugin updates for Arista, Bigswitch, Cisco APIC, VMWare NSX. (BZ#1188392)
- Previously, policy initialization was performed before the required information became available. Consequently, information and operations dependent on component-specific policy validation was not available.
This update addresses this issue by ensuring policies are initialized only after the required information is available, and re-initializing if necessary.
As a result, information and operations that rely on component specific policy check information, and supporting operations, now behave as expected. (BZ#1180265)
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat
Enterprise Linux 7.1.
This update is available through 'yum update' on systems registered
through Red Hat Subscription manager. For more information about
Red Hat Subscription manager, refer to:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Red Hat Enterprise Linux OpenStack Platform 6 documentation is available
at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform
The Release Notes include:
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack
Platform 6, including which channels need to be enabled and disabled.
Affected Products
- Red Hat OpenStack 6.0 x86_64
Fixes
- BZ - 1173451 - neutron-openvswitch-agent does not quit
- BZ - 1174091 - DB corruption when starting multiple neutron-server for the first time at once.
- BZ - 1178027 - It takes too much time for L3 agent to make router active ( about 2 minutes ).
- BZ - 1181041 - stopping neutron-server causes exception when stopping rpc workers
- BZ - 1188392 - Rebase openstack-neutron to 2014.2.2
- BZ - 1191922 - ovs-agent restart or ovs restart can cause a network storm bringing down the net
CVEs
(none)
References
(none)
Red Hat OpenStack 6.0
SRPM | |
---|---|
x86_64 | |
openstack-neutron-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 8118c7a8f4a65bf21888b06b473bc2a5770b593dd7071ad28f92dfe47537fc4b |
openstack-neutron-bigswitch-2014.2.2-3.el7ost.noarch.rpm | SHA-256: ebb7d17764c88935c63f0b5f8512dba072cf42c8009f24e7a7cb6d33bba3ced3 |
openstack-neutron-brocade-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 07895a82d2ce269f31e94c8d0a9b87813eae43d8fbe5ed18f86547d99fe8eb9d |
openstack-neutron-cisco-2014.2.2-3.el7ost.noarch.rpm | SHA-256: ec38a60ee123b9947352f5f32946453281b2969368fc2d74b10d74888807531b |
openstack-neutron-embrane-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 7a532b4253a0109ecb962bae467b55dcea9671a848ecd103e882f559286ec9a8 |
openstack-neutron-hyperv-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 58713d00573be9f8bc961fe2385e28d3426ed71b3472ed8cf780276cc32e1c7a |
openstack-neutron-ibm-2014.2.2-3.el7ost.noarch.rpm | SHA-256: ad1736a329faedabdf38a767d90d3ee18f528afafd30b07a041ab126cf12539f |
openstack-neutron-linuxbridge-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 9e4fd6dc6146d28479c6764364afd0abc41caeefb0a64e6d0a99ad7f5f07335b |
openstack-neutron-mellanox-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 2f2bbe840a5dcd4f2045a00d68ff2b917ee1814d0aab9b6396bc7572fbad0e51 |
openstack-neutron-metaplugin-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 138e6188bebc701d13360ef163e60af8841a93bada5207e76033377fa4c69923 |
openstack-neutron-metering-agent-2014.2.2-3.el7ost.noarch.rpm | SHA-256: bd229d40a854d1f8f92adb1ee8e1c8e5b60ce7fd0c06e841ac50dff81432f6bf |
openstack-neutron-midonet-2014.2.2-3.el7ost.noarch.rpm | SHA-256: e2c8c273f5a761654443547e7e25800eec0766e060fcdae58ad0251ea12fc0b1 |
openstack-neutron-ml2-2014.2.2-3.el7ost.noarch.rpm | SHA-256: a0595fce798a4b755f921cab3198d91505a7155c5a642034d07c806651a0ba67 |
openstack-neutron-nec-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 3eda37c51e96879146890e5efc94424a5d336511acf9e00eb0ce63d3f0d185cb |
openstack-neutron-nuage-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 0432d35156190d2c57f4d1ce224d1574b29c6fd7e8b2c638e5704a2413783cdf |
openstack-neutron-ofagent-2014.2.2-3.el7ost.noarch.rpm | SHA-256: ffbde355e351cbe5feb571acf5523f0e4653eee4ca5633fe942fe881e313ba5f |
openstack-neutron-oneconvergence-nvsd-2014.2.2-3.el7ost.noarch.rpm | SHA-256: acbe06235cb808a73bbc0f0649f61fdbf52332968db452d3419e8871379efbf8 |
openstack-neutron-opencontrail-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 869c18d834978d606489eb5a2b9c131402b31861c60384aa239f000536207c21 |
openstack-neutron-openvswitch-2014.2.2-3.el7ost.noarch.rpm | SHA-256: f81cdfd6d7cc67dc11b229b7804d399d8f0a8db4e71d3953ff2077c1748f8abc |
openstack-neutron-plumgrid-2014.2.2-3.el7ost.noarch.rpm | SHA-256: a2b6144ea4332c199037f8acf55d48b37ffa987cd450c91659dbde4acd42ec8c |
openstack-neutron-ryu-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 9218fea705e71dacdfbca1eb4bbd6f89aeb5356d2dde61add3a84ece2fdbd4b0 |
openstack-neutron-sriov-nic-agent-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 956c4c47910e165e0756d2be8ae7d068d3853eb92327d93314bf833c10c16235 |
openstack-neutron-vmware-2014.2.2-3.el7ost.noarch.rpm | SHA-256: ffda7fccead4de67ad4d413800c0c150107d4607e0477e54e8b11a7c7fdc45ab |
openstack-neutron-vpn-agent-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 8711e4dafc81fea6dbb4fd84db959d1dc31ac2744fdc635620a05112b4899573 |
python-neutron-2014.2.2-3.el7ost.noarch.rpm | SHA-256: 0c79edf33bc4921f15c546a8428d51756d1b78cdc74fa0e5df22a69e57e2cce2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.