- Issued:
- 2015-09-10
- Updated:
- 2015-09-10
RHBA-2015:1758 - Bug Fix Advisory
Synopsis
openstack-cinder bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Block Storage packages that resolve various issues are
now available for Red Hat Enterprise Linux OpenStack Platform 5.0
(Icehouse) for RHEL 7.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:
- OpenStack Block Storage service
OpenStack Block Storage (cinder) manages block storage mounting and the
presentation of such mounted block storage to instances. The back-end
physical storage can consist of local disks, Fiber Channel, iSCSI, and/or
NFS mounts attached to Compute nodes. In addition, Block Storage supports
volume backups, and snapshots for temporary save and restore operations.
Programmatic management is available through the Block Storage service's
API.
With this update, the Block Storage service is now re-based to upstream
version 2014.1.5 (BZ#1254710). This applies several fixes, including:
- Previously, Red Hat Gluster Storage volumes were not re-mounted when
restarting the Block Storage volumes using them as back ends. This
prevented updated mount options in the glusterfs shares
configuration file from being honored, even after restarting the
Block Storage service volumes.
With this update, the Block Storage glusterfs driver now explicitly
unmounts and mounts the Red Hat Gluster Storage volumes explicitly.
This, in turn, ensures that updated mount options are honored as
expected upon restarting the Block Storage volume. (BZ#991490)
- Some iSCSI target helpers in previous releases incorrectly updated
CHAP username and passwords while the initiator was still connected.
Whenever this occurred, Compute instance migrations could be
aborted, as the unexpected credentials change prevented the instance
from logging in to the iSCSI volume.
This release prevents CHAP credentials from changing while the
initiator was still connected, thereby preventing migrations from
aborting unexpectedly.(BZ#1212072)
- Previously, iSCSI settings were not saved in the underlying operating
system. This resulted in empty configurations for iSCSI targets; this,
in turn, cleared the iSCSI targets upon start/restart. With this
update, iSCSI changes in target.service default configuration are now
persistent, thereby ensuring that iSCSI targets are not cleared upon
start/restart. (BZ#1213430)
- This update backports a fix from Red Hat Enterprise Linux OpenStack
6 that ensures proper migration of attached volumes via retyping.
(BZ#1218342)
- Previous releases did not have synchronized access to configfs in
rtslib. This made it possible for rtstool or rtslib to attempt
access to an element that had just been removed mid-loop by another
Block Storage request (and was, therefore, non-existent). This, in
turn, could result in any of the following exceptions:
- .dump()
- KeyError
- IOError
- RTSLibError on storage_object
This release implements synchronized access to all rtstool calls
that access or modify configfs. With this, concurrent access from
multiple threads and processes now work consistently.(BZ#1221614)
- Previously, when the Compute service called the Block Storage service
to complete a migration (or perform a re-type with migration) of an
in-use volume, the source volume was deleted synchonously. As such,
if the source volume deletion caused the entire migration process to
take longer than the set rpc_response_timeout, the Compute service
considered the migration as a failure even if the operation was still
ongoing. Whenever this occured, the source volume entry would be left
in the database as 'retyping', and the temporary volume was left as
'attaching'.
With this release, during migration the source volume is now deleted
asynchronously -- specifically, upon migration completion. This
prevents the Compute service from prematurely labeling the migration
as failed. (BZ#1244539)
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat Enterprise
Linux 7.1.
The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes contain the
following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 5,
including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat OpenStack 5.0 for RHEL 7 x86_64
Fixes
- BZ - 991490 - [RHS-RHOS] Mount options specified in glusterfs_shares_config not applied when cinder-volume is restarted
- BZ - 1162401 - Enable mask_password to handle byte code strings
- BZ - 1200022 - Back-port request for IBM Storwize commit into Red Hat OpenStack Platform
- BZ - 1221614 - Cinder LVM iSCSI driver with LIO helper fails to handle multiple concurrent requests to attach/detach volumes
- BZ - 1221868 - Remove iscsi_helper calls from base iscsi driver
- BZ - 1244446 - Exceptions dropped by volume manager when creating exports
- BZ - 1254710 - Rebase openstack-cinder to 2014.1.5
- BZ - 1256739 - Detached volume loses its sparseness after Cinder side migration between different NetApp shares
CVEs
(none)
References
(none)
Red Hat OpenStack 5.0 for RHEL 7
SRPM | |
---|---|
x86_64 | |
openstack-cinder-2014.1.5-1.el7ost.noarch.rpm | SHA-256: ea988e0f0caea63ad2b1c76765d40587f59e3f5fa0efe5a7e663bc0db9d5662c |
openstack-cinder-doc-2014.1.5-1.el7ost.noarch.rpm | SHA-256: 6cb01c893024cde99a269986e6dcbc556be7f8b668b863305fa74ddf05ab94fd |
python-cinder-2014.1.5-1.el7ost.noarch.rpm | SHA-256: 53f87d56b58d46a127a83066c73cbe4aeef0273ebd537d1a89d338932a3ec4af |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.