- Issued:
- 2015-10-29
- Updated:
- 2015-10-29
RHBA-2015:1950 - Bug Fix Advisory
Synopsis
openstack-neutron bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for
RHEL 7.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for the OpenStack Networking service. OpenStack Networking
(neutron) is a virtual network service for OpenStack. Just as OpenStack
Compute (nova) provides an API to dynamically request and configure
virtual servers, OpenStack Networking provides an API to dynamically
request and configure virtual networks. These networks connect interfaces
from other OpenStack services (e.g. virtual NICs from Compute virtual
machines). The OpenStack Networking API supports extensions to provide
advanced network capabilities, such as qualities of service, network
monitoring, and access controls.
This update addresses the following issues:
- When attempting to upgrade Neutron networking services, the operation
because it claimed it was missing versions in the package. The migrations
scripts were not being properly populated, and the versions directory was
not being built in the package. (BZ#1271222)
- Intermittently, when deleting a stack or image would fail, then it would
also deadlock when deleting the associated floating IP. (BZ#1268787)
- The iptables implementation of security groups includes a default rule to
drop any INVALID packets. Since this was placed near the top of the rule
stack, that rule was processed before any user-defined security group
rules. This led to allowed traffic being improperly blocked by the firewall
rules. The order of this rule has been changed so that user-defined rules
are evaluated first. (BZ#1268413)
- The enable_isolated_metadata and enable_metadata_network parameters set a
DHCP server to use to serve metadata. Once a network is attached to a
router, the router would override the DHCP namespace and be used to serve
the metadata. A new parameter, force_metadata, has been added to force the
network to use the DHCP namespace rather than the router namespace for
metadata. (BZ#1267669)
- A Cisco UCSM ML2 driver has been added to enable SR-IOV virtual functions
in Cisco blades with 1340 NICs. (BZ#1260121)
- The Neutron server now logs both its version and the release for the
server package. (BZ#1257271)
- When restarting the br-ex network interface using systemctl, the
interface was detached from the OVS bridge and any agents had to be
manually restarted. The network now has 'PartOf=network' set in its systemd
configuration so that the restart propagates to L3 and OVS agents as well.
(BZ#1252947)
- There was a spurious warning message about the dnsmasq version in the
Neutron logs. This has been removed. (BZ#1221216)
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise
Linux 7.1.
The Red Hat Enterprise Linux OpenStack Platform 6 Release Notes contain the
following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 6,
including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat OpenStack 6.0 x86_64
Fixes
- BZ - 1221216 - [DHCP-Agent] Warning message removal
- BZ - 1257271 - Fix logging version in neutron logs coming from pbr
- BZ - 1268413 - security groups iptables can block legitimate traffic as INVALID
- BZ - 1268787 - DBDeadLock Error deleting floating IP
- BZ - 1271222 - Migration scripts are not included in rpm package if egg_info is re-built from tarball
CVEs
(none)
Red Hat OpenStack 6.0
SRPM | |
---|---|
openstack-neutron-2014.2.3-23.el7ost.src.rpm | SHA-256: b18210372a6fa1ec2cec21c8cf849155e7815057b2e2ca20e4c041b9229d9daf |
x86_64 | |
openstack-neutron-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 5b0274cdfc0d226b24ec3d14edae12389b9687670afb0e984e34fa9472c37091 |
openstack-neutron-bigswitch-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 7cc0eade3cd238219ea07e76c040f47e5bdbbe74851db0fc91a13446188ce841 |
openstack-neutron-brocade-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 1a9745d96531586436b357f69c5e772fd06a38ccf3d0a9595c237ab2d8fc4034 |
openstack-neutron-cisco-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 2f78ee3c8ea920d5b46203d57d98e813c954f122fb2c19f21831f3140f598cc9 |
openstack-neutron-common-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 21c81ae79c2a04fa2709df5f7cafbb94d57e27bad7d86e78ff2e059a20500443 |
openstack-neutron-embrane-2014.2.3-23.el7ost.noarch.rpm | SHA-256: af925694e6c7a947cb75c27b23b37d883b08151920eb5d27d90520d30388a949 |
openstack-neutron-hyperv-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 28174d419661650f94eebc7ba781087749b2969f372665bdcf776f159bce8733 |
openstack-neutron-ibm-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 642aa98f156a7fa94aa65492661707f4e731d53dee4b98af8bc9e0529c2cee73 |
openstack-neutron-linuxbridge-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 8ad5c14b54c94640dac6c20fdfa772088310116fcfa2671e039e47f07e0c3312 |
openstack-neutron-mellanox-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 194a8e034137450f8f333844624683fc30c800dc9143d9b98bc7439333a5ee21 |
openstack-neutron-metaplugin-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 8f30b29fd3808c0b3cd01a36806bd6a49c7125454260d8dcbc73f61455835177 |
openstack-neutron-metering-agent-2014.2.3-23.el7ost.noarch.rpm | SHA-256: f89fe265a9f6e7232d088c92a517010a729290195cb58ab919d131d3051c2fd8 |
openstack-neutron-midonet-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 87be989802486ca3e4bb2642fcd07ea0414e1698f31dd5d45e2e41b5302a9bbb |
openstack-neutron-ml2-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 404e7b6c006570c471221ada626c32c7e318545dc83205601652e739776177b7 |
openstack-neutron-nec-2014.2.3-23.el7ost.noarch.rpm | SHA-256: db8e2d276f1b318b31ad9dfdb9c97b96a23c71ee53d2019ba96cc0238a400707 |
openstack-neutron-nuage-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 87c95af9dbebd330c942ec60edee3ebfebc32ccd28bab40b37d8529ce5ed6b29 |
openstack-neutron-ofagent-2014.2.3-23.el7ost.noarch.rpm | SHA-256: ae80afe2a19f34cba1f6f43684db5897c5ad4063b6d546f2550a0f7535e280c9 |
openstack-neutron-oneconvergence-nvsd-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 7218f0f2c4e0621e0cb6f054e9559d6c83480afe4523d6ca0d724d56254a94e6 |
openstack-neutron-opencontrail-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 993a56c677e510857a2182d0e267d6b3484b5160821aa287d05b9d5d0d091b83 |
openstack-neutron-openvswitch-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 8eda3f2eaa302023017402504a4f2db6df9724cadd64c054924eb162aec63f42 |
openstack-neutron-plumgrid-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 79b58ad3ea4369995ef5e414e9e4a6ac625f86800ea61cd0d9c5ef7f54d7b352 |
openstack-neutron-ryu-2014.2.3-23.el7ost.noarch.rpm | SHA-256: cc07cf5415a48aad950ee3c496b1261ad1a1aa56b534adb6a84f77da4ee65f74 |
openstack-neutron-sriov-nic-agent-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 049a320cc5ea0bd53c428dc46f59b4a0189f9cf8ee0a7da802f1812644c3e0fc |
openstack-neutron-vmware-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 599cc34d086290d15e5c0cff6806a9238edaf4320eb6bbef76272801ed6f74ac |
openstack-neutron-vpn-agent-2014.2.3-23.el7ost.noarch.rpm | SHA-256: c976e48a29e835aad6dc7a9b877d9ccd356b585a2036d362ec81763211adb400 |
python-neutron-2014.2.3-23.el7ost.noarch.rpm | SHA-256: 2cffa937cc7febc83835de535d3c4dd3fedf611e191c1cc30f1d7a21059c8b80 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.