- Issued:
- 2015-02-09
- Updated:
- 2015-02-09
RHEA-2015:0153 - Product Enhancement Advisory
Synopsis
openstack-keystone enhancement advisory
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Identity packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno).
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities
for building a private or public infrastructure-as-a-service (IaaS)
cloud running on commonly available physical hardware. This advisory
includes packages for:
- OpenStack Identity service
The OpenStack Identity service (keystone) authenticates and authorizes
OpenStack users by keeping track of users and their permitted
activities. The Identity service supports multiple forms of authentication
including user name and password credentials, token-based systems,
and AWS-style logins.
Changes to the openstack-keystone component:
- Keystone now supports domain specific identity backends. This allows for a
single Keystone instance to use multiple identity backends, such as centralized
LDAP for normal users and a Keystone specific SQL database for service users.
(BZ#1073740)
Rebase package(s) to version:
2014.2.1
Highlights and important bug fixes:
- Paged LDAP search operations would fail with a Python 'AttributeError' when
using python-ldap 2.4 or later due to an API change in python-ldap. Keystone
has been updated to work with the newer python-ldap API, allowing paged searches
to be performed successfully.
- Adding a service endpoint that uses an IPv6 address in the 'url' field would
be incorrectly rejected with a validation error. IPv6 addresses are now
validated properly, allowing endpoint creation to be performed successfully.
- Token flush operations could hang due to an incorrect comparison if a large
number of expired tokens exist in the token back end database. The comparison
operator has been corrected to prevent the flush operation from hanging.
(BZ#1170340)
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise
Linux 7.0.
The Red Hat Enterprise Linux OpenStack Platform 6 Release Notes contain
the following:
- An explanation of the way in which the provided components interact
to form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 6,
including which channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on
how to use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat OpenStack 6.0 x86_64
Fixes
- BZ - 1073740 - [RFE][keystone]: Ensure an entity ID allows routing of API call to correct backend
- BZ - 1170340 - Rebase openstack-keystone to 2014.2.1
CVEs
(none)
References
(none)
Red Hat OpenStack 6.0
SRPM | |
---|---|
x86_64 | |
openstack-keystone-2014.2.1-1.el7ost.noarch.rpm | SHA-256: 7c3f65c1002cd22f3ae52f49cfcd8584c728d62807d18eed50645714ea65c315 |
openstack-keystone-doc-2014.2.1-1.el7ost.noarch.rpm | SHA-256: f0ed37e9170d4500fd9da49d98065d77bf9694ed00123e945b04e8c849d0a807 |
python-keystone-2014.2.1-1.el7ost.noarch.rpm | SHA-256: b4f7f25f762d6497ec45ae434e9d16e2e505a35433b939abbdf7a6812fefc7a3 |
python-keystoneclient-0.11.1-1.el7ost.noarch.rpm | SHA-256: bcce20ed783a5b3aa6aeb19f86d75f81c54c473b016f8cbeb8b75cab274ef09d |
python-keystoneclient-doc-0.11.1-1.el7ost.noarch.rpm | SHA-256: 1dcbf0ac927488cc0ae74ad2a1b696e4344d0d62531ea7a9fa4412eae0fbb7f0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.