Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

Announcement ID: SUSE-RU-2017:3083-1
Rating: moderate
References:
Affected Products:
  • SUSE Enterprise Storage 4
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE OpenStack Cloud 7

An update that has 18 fixes can now be installed.

Description:

This update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack fixes the following issues:

  • crowbar-core:
  • ohai: don't up interfaces
  • crowbar_framework:fix filtered nodes in apply_role
  • ohai: Remove useless assignment
  • ohai: Coding style fixes
  • ohai: Code cleanup for static variables
  • provisioner: Use also permanent addresses for dhcp
  • ohai: Collect permanent address of NICs
  • Show IPMI links earlier
  • crowbar_framework: fix skip_unchanged_nodes
  • ohai: Do not fail dealing with UEFI config with invalid CurrentBoot
  • crowbar: Add ability to skip chef run on node when applying
  • crowbar_framework: add experimental option for skip_unchanged_nodes
  • Allow setting NVMe drive in ceph (bsc#1051298)
  • crowbar: Don't store invalid locks (bsc#1055669)
  • Increase default chef_splay
  • Prefetch all roles during node listing
  • network: keep ovs secure fail-mode (bsc#1063772)
  • Get role data directly from CouchDB
  • utils: Add systemd override LWRP
  • schema_migration: Provide a hook into ServiceObject (bsc#1058876)
  • Get 'all' nodes directly from CouchDB
  • crowbar: Forward protocol to rails (bsc#1059733)
  • utils: Fix restart flag removal
  • crowbar: use pre_cached_nodes on the deployment queue
  • crowbar: remove unready nodes from deployment
  • crowbar: Add skip_unready_nodes experimental option
  • Add experimental.yml file as %config(noreplace)
  • utils: fix data bag loading on RestartManager
  • crowbar: Do not save applied proposal as role too early in apply_role
  • utils: override the service provider to allow for no-restart of services
  • crowbar: Introduce a config for experimental options
  • crowbar_framework: Add the RestartManagementController
  • network: Partly revert 3d24a0f4cb - do not add Restart= for ovs
  • upgrade: Don't fail without openstack db (bsc#1061777)
  • nfs-server: Revert systemd Restart= bits for nfs services
  • Mark crowbar_framework/config/database.yml as config (bsc#1056750)
  • all: Make systemd restart services on failures
  • Add chef_splay to allowed time without update
  • provisioner: Make chef splay configurable
  • Add json version of /clusters endpoint
  • utils: Add utils_systemd_service_restart LWRP
  • apache2: Use new utils_systemd_service_restart LWRP
  • ipmi: Read-only mode
  • ipmi: Option to disable BMC NAT
  • Disable upgrade API in Cloud7

  • Switch to admin-server-upgrading for apache config check

  • crowbar-ha:

  • corosync: remove nonsensical ring default
  • crowbar-pacemaker: Reset sync-marks for all nodes
  • Fix for pacemaker proposal migration failure
  • crowbar-pacemaker:fix migration number
  • Add support for multiple Corosync rings
  • pacemaker: provide a option to configure migrate-threshold
  • crowbar-framework: fix is_pacemaker flag for RestartManager
  • crowbar-pacemaker: allow to skip restart if disallow_restart flag is set
  • crowbar-pacemaker: hide output for #cib_up_for_node?
  • crowbar-pacemaker: Update apache override for systemd restart LWRP
  • hawk: Make systemd restart hawk service on failures
  • pacemaker: Add option to stop managing stateless active/active services
  • Fix the translation label for the clone_stateless_services hint
  • crowbar: Save founder name in the proposal role
  • crowbar-pacemaker: Reimplement sync marks with pacemaker attributes
  • crowbar-pacemaker: Deprecate usage of revisions in sync marks
  • pacemaker: Add missing operations to the parser
  • ipmi: Use discovered IP in read-only mode
  • haproxy: Add location contraint to VIP directly
  • haproxy: provide a option to ratelimit frontends
  • pacemaker: Use --wait with crm configure command
  • haproxy: Fix VIP creation for haproxy

  • haproxy: Make sure that systemd kills haproxy service on restart

  • crowbar-init:

  • Fix endless loop when waiting for crowbar (bsc#1059790)

  • crowbar-openstack:

  • Hide MySQL SSL options from the UI
  • neutron: Fixes for ACI integration - updates for Newton
  • Revert "rabbitmq: Fix HA service management"
  • Revert "database: Fix HA service management"
  • mariadb: Make HA op timeouts configurable
  • neutron: use service account for neutron-l3-ha service
  • mariadb: Drop unneeded root users (bsc#1060628)
  • ceilometer: add configurable API timeout attribute (bsc#1064060)
  • crowbar: add timeout parameter to wsgi resource
  • database: Add resource limit control (bsc#1020922)
  • rabbitmq: Add resource_limits option (bsc#1020922)
  • apache: Add resource_limits controls (bsc#1020922)
  • cinder: Add resource limit controls (bsc#1020922)
  • neutron: fix fwaas_v1 configuration (bsc#1064057)
  • nova: get pub key from file instead of stdin
  • barbican: reorder config creation and initial db sync
  • database: Fix schema migrations for backend specific attributes (bsc#1058876)
  • neutron: add HA rate limiting options to raw template
  • cinder: add HA rate limiting options to raw template
  • memcached: increase max connections limit
  • mariadb: Add expire_logs_days config option
  • mysql: Use increased timeout for promote operation
  • mariadb: Move pacemaker op arguments to chef attributes
  • neutron: Wait longer for database sync to complete (bsc#1060421)
  • nova: Raise timeouts for nova db sync to complete (bsc#1060421)
  • neutron-l3-ha-service: Introduce log_file
  • neutron-l3-ha-service: Enable log to file
  • neutron-l3-ha-service: Set default log path
  • neutron-l3-ha-service: fixed hound issues
  • neutron: fix HA neutron-agents_before_ha timeout
  • neutron: fix neutron_default_networks HA timeout error
  • neutron, nova: Revert use of Restart= for ovs and nfs
  • nova: respect image_cache_manager_interval set in proposal (bsc#1057233)
  • nova: enable cache manager by default (bsc#1057233)
  • keystone: Fix updated password check (bsc#1060687)
  • mysql: tune innodb log size / writeback
  • mysql: Use fqdn for database hostname when using SSL
  • nova: reduce excessive node searches on compute role nodes
  • database: Let MariaDB search for user's presence.
  • mysql: Correctly delete all anonymous users
  • horizon: Explicit set REST_API_REQUIRED_SETTINGS (bsc#1046616)
  • database: Expose max_connections and slow_query_logging in UI
  • neutron: enable dns extension
  • magnum: Use credential env to setup domain role
  • database: Show Insecure SSL flag in the UI
  • nova: stop using the passwd ohai tree
  • ceilometer: fix hypervisor_inspector value for 'vmware' to be 'vsphere'
  • mysql: Added SSL configuration for client-server traffic
  • crowbar-openstack: Update database connection string for SSL setup
  • crowbar-openstack: Add require_ssl option to database_user resource
  • database: Return hostname for listen address in case of SSL setup.
  • rabbitmq: Increase timeouts for start/promote actions (bsc#1059532)
  • all: Make systemd restart services on failures
  • postgresql, rabbitmq: Re-use existing variable for clarity
  • nova: use the proper vars for serialproxy
  • mysql: Set the current node as non-backup server in haproxy config
  • rabbitmq: Set "clone-max" for the ms-rabbitmq resource
  • barbican: Remove unused barbican_service definition
  • heat: Run "heat-manage db_sync" before defining and starting services
  • all: Use new pacemaker option to stop managing stateless a/a services
  • heat, neutron, nova: Make hound happy
  • nova: add HA rate limiting options to raw template
  • keystone: Switch memcache backend to oslo_cache.memcache_pool
  • neutron: Increase inotify max user instances
  • mysql: Make sure galera resources are started on controller nodes only
  • rabbitmq: Remove remaining references to old cluster recipe
  • trove: Remove unused chef node searches
  • rabbitmq: Enable deploying rabbitmq with clustering when doing HA
  • rabbitmq: More robust check for rabbit
  • rabbitmq: dont let the template changes restart if in cluster mode
  • swift: disable ceilometer middleware when using durable queues
  • rabbitmq: prevent template changes
  • Always wait for the cluster to be started
  • rabbitmq: sync nodes before pacemaker resources
  • manila, ha: fix bind_host in HA case
  • ceilometer: Allow enabling SSL with HA (bsc#1049153)
  • neutron: Switch data center IDs to start at 1 for Infoblox (bsc#1047881)
  • neutron: Switch to systemd for Infoblox (bsc#1047881)
  • keystone: Set an origin flag on apache2 restart
  • Stop exposing passwords in the process table
  • openstack: Fetch HA resource name for rabbitmq from rabbitmq settings
  • trove: rename template variable to rabbit_settings
  • openstack: make rabbitmq durable_queues/ha_queues setting configurable
  • trove: move retrieval of rabbit url to common openstack cookbook
  • rabbitmq: remove unused cluster.rb recipe
  • rabbitmq: prevent configuration changes for backport
  • mysql: Add a timeout to galera bootstrapping

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE OpenStack Cloud 7
    zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1915=1
  • SUSE Enterprise Storage 4
    zypper in -t patch SUSE-Storage-4-2017-1915=1

Package List:

  • SUSE OpenStack Cloud 7 (x86_64)
    • crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4
    • crowbar-core-branding-upstream-4.0+git.1508607101.73c7a9c77-9.11.4
  • SUSE OpenStack Cloud 7 (noarch)
    • crowbar-openstack-4.0+git.1508531151.8580c7e51-9.17.4
    • crowbar-init-4.0+git.1507187369.c3f2348-8.9.4
    • crowbar-ha-4.0+git.1508403557.f438560-4.15.4
  • SUSE Enterprise Storage 4 (aarch64 x86_64)
    • crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4
  • SUSE Enterprise Storage 4 (noarch)
    • crowbar-init-4.0+git.1507187369.c3f2348-8.9.4

References: