Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

SUSE Recommended Update: Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

Announcement ID:	SUSE-RU-2017:3083-1
Rating:	moderate
References:	#1020922 #1046616 #1047881 #1049153 #1051298 #1055669 #1056750 #1057233 #1058876 #1059532 #1059733 #1059790 #1060421 #1060628 #1060687 #1061777 #1063772 #1064057
Affected Products:	SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4

An update that has 18 recommended fixes can now be installed.

Description:

This update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack
fixes the following issues:

- crowbar-core:
+ ohai: don't up interfaces
+ crowbar_framework:fix filtered nodes in apply_role
+ ohai: Remove useless assignment
+ ohai: Coding style fixes
+ ohai: Code cleanup for static variables
+ provisioner: Use also permanent addresses for dhcp
+ ohai: Collect permanent address of NICs
+ Show IPMI links earlier
+ crowbar_framework: fix skip_unchanged_nodes
+ ohai: Do not fail dealing with UEFI config with invalid CurrentBoot
+ crowbar: Add ability to skip chef run on node when applying
+ crowbar_framework: add experimental option for skip_unchanged_nodes
+ Allow setting NVMe drive in ceph (bsc#1051298)
+ crowbar: Don't store invalid locks (bsc#1055669)
+ Increase default chef_splay
+ Prefetch all roles during node listing
+ network: keep ovs secure fail-mode (bsc#1063772)
+ Get role data directly from CouchDB
+ utils: Add systemd override LWRP
+ schema_migration: Provide a hook into ServiceObject (bsc#1058876)
+ Get 'all' nodes directly from CouchDB
+ crowbar: Forward protocol to rails (bsc#1059733)
+ utils: Fix restart flag removal
+ crowbar: use pre_cached_nodes on the deployment queue
+ crowbar: remove unready nodes from deployment
+ crowbar: Add skip_unready_nodes experimental option
+ Add experimental.yml file as %config(noreplace)
+ utils: fix data bag loading on RestartManager
+ crowbar: Do not save applied proposal as role too early in apply_role
+ utils: override the service provider to allow for no-restart of
services
+ crowbar: Introduce a config for experimental options
+ crowbar_framework: Add the RestartManagementController
+ network: Partly revert 3d24a0f4cb - do not add Restart= for ovs
+ upgrade: Don't fail without openstack db (bsc#1061777)
+ nfs-server: Revert systemd Restart= bits for nfs services
+ Mark crowbar_framework/config/database.yml as config (bsc#1056750)
+ all: Make systemd restart services on failures
+ Add chef_splay to allowed time without update
+ provisioner: Make chef splay configurable
+ Add json version of /clusters endpoint
+ utils: Add utils_systemd_service_restart LWRP
+ apache2: Use new utils_systemd_service_restart LWRP
+ ipmi: Read-only mode
+ ipmi: Option to disable BMC NAT
+ Disable upgrade API in Cloud7
+ Switch to admin-server-upgrading for apache config check

- crowbar-ha:
+ corosync: remove nonsensical ring default
+ crowbar-pacemaker: Reset sync-marks for all nodes
+ Fix for pacemaker proposal migration failure
+ crowbar-pacemaker:fix migration number
+ Add support for multiple Corosync rings
+ pacemaker: provide a option to configure migrate-threshold
+ crowbar-framework: fix is_pacemaker flag for RestartManager
+ crowbar-pacemaker: allow to skip restart if disallow_restart flag is
set
+ crowbar-pacemaker: hide output for #cib_up_for_node?
+ crowbar-pacemaker: Update apache override for systemd restart LWRP
+ hawk: Make systemd restart hawk service on failures
+ pacemaker: Add option to stop managing stateless active/active services
+ Fix the translation label for the clone_stateless_services hint
+ crowbar: Save founder name in the proposal role
+ crowbar-pacemaker: Reimplement sync marks with pacemaker attributes
+ crowbar-pacemaker: Deprecate usage of revisions in sync marks
+ pacemaker: Add missing operations to the parser
+ ipmi: Use discovered IP in read-only mode
+ haproxy: Add location contraint to VIP directly
+ haproxy: provide a option to ratelimit frontends
+ pacemaker: Use --wait with crm configure command
+ haproxy: Fix VIP creation for haproxy
+ haproxy: Make sure that systemd kills haproxy service on restart

- crowbar-init:
+ Fix endless loop when waiting for crowbar (bsc#1059790)

- crowbar-openstack:
+ Hide MySQL SSL options from the UI
+ neutron: Fixes for ACI integration - updates for Newton
+ Revert "rabbitmq: Fix HA service management"
+ Revert "database: Fix HA service management"
+ mariadb: Make HA op timeouts configurable
+ neutron: use service account for neutron-l3-ha service
+ mariadb: Drop unneeded root users (bsc#1060628)
+ ceilometer: add configurable API timeout attribute (bsc#1064060)
+ crowbar: add timeout parameter to wsgi resource
+ database: Add resource limit control (bsc#1020922)
+ rabbitmq: Add resource_limits option (bsc#1020922)
+ apache: Add resource_limits controls (bsc#1020922)
+ cinder: Add resource limit controls (bsc#1020922)
+ neutron: fix fwaas_v1 configuration (bsc#1064057)
+ nova: get pub key from file instead of stdin
+ barbican: reorder config creation and initial db sync
+ database: Fix schema migrations for backend specific attributes
(bsc#1058876)
+ neutron: add HA rate limiting options to raw template
+ cinder: add HA rate limiting options to raw template
+ memcached: increase max connections limit
+ mariadb: Add expire_logs_days config option
+ mysql: Use increased timeout for promote operation
+ mariadb: Move pacemaker op arguments to chef attributes
+ neutron: Wait longer for database sync to complete (bsc#1060421)
+ nova: Raise timeouts for nova db sync to complete (bsc#1060421)
+ neutron-l3-ha-service: Introduce log_file
+ neutron-l3-ha-service: Enable log to file
+ neutron-l3-ha-service: Set default log path
+ neutron-l3-ha-service: fixed hound issues
+ neutron: fix HA neutron-agents_before_ha timeout
+ neutron: fix neutron_default_networks HA timeout error
+ neutron, nova: Revert use of Restart= for ovs and nfs
+ nova: respect image_cache_manager_interval set in proposal
(bsc#1057233)
+ nova: enable cache manager by default (bsc#1057233)
+ keystone: Fix updated password check (bsc#1060687)
+ mysql: tune innodb log size / writeback
+ mysql: Use fqdn for database hostname when using SSL
+ nova: reduce excessive node searches on compute role nodes
+ database: Let MariaDB search for user's presence.
+ mysql: Correctly delete all anonymous users
+ horizon: Explicit set REST_API_REQUIRED_SETTINGS (bsc#1046616)
+ database: Expose max_connections and slow_query_logging in UI
+ neutron: enable dns extension
+ magnum: Use credential env to setup domain role
+ database: Show Insecure SSL flag in the UI
+ nova: stop using the passwd ohai tree
+ ceilometer: fix hypervisor_inspector value for 'vmware' to be 'vsphere'
+ mysql: Added SSL configuration for client-server traffic
+ crowbar-openstack: Update database connection string for SSL setup
+ crowbar-openstack: Add require_ssl option to database_user resource
+ database: Return hostname for listen address in case of SSL setup.
+ rabbitmq: Increase timeouts for start/promote actions (bsc#1059532)
+ all: Make systemd restart services on failures
+ postgresql, rabbitmq: Re-use existing variable for clarity
+ nova: use the proper vars for serialproxy
+ mysql: Set the current node as non-backup server in haproxy config
+ rabbitmq: Set "clone-max" for the ms-rabbitmq resource
+ barbican: Remove unused barbican_service definition
+ heat: Run "heat-manage db_sync" before defining and starting services
+ all: Use new pacemaker option to stop managing stateless a/a services
+ heat, neutron, nova: Make hound happy
+ nova: add HA rate limiting options to raw template
+ keystone: Switch memcache backend to oslo_cache.memcache_pool
+ neutron: Increase inotify max user instances
+ mysql: Make sure galera resources are started on controller nodes only
+ rabbitmq: Remove remaining references to old cluster recipe
+ trove: Remove unused chef node searches
+ rabbitmq: Enable deploying rabbitmq with clustering when doing HA
+ rabbitmq: More robust check for rabbit
+ rabbitmq: dont let the template changes restart if in cluster mode
+ swift: disable ceilometer middleware when using durable queues
+ rabbitmq: prevent template changes
+ Always wait for the cluster to be started
+ rabbitmq: sync nodes before pacemaker resources
+ manila, ha: fix bind_host in HA case
+ ceilometer: Allow enabling SSL with HA (bsc#1049153)
+ neutron: Switch data center IDs to start at 1 for Infoblox
(bsc#1047881)
+ neutron: Switch to systemd for Infoblox (bsc#1047881)
+ keystone: Set an origin flag on apache2 restart
+ Stop exposing passwords in the process table
+ openstack: Fetch HA resource name for rabbitmq from rabbitmq settings
+ trove: rename template variable to rabbit_settings
+ openstack: make rabbitmq durable_queues/ha_queues setting configurable
+ trove: move retrieval of rabbit url to common openstack cookbook
+ rabbitmq: remove unused cluster.rb recipe
+ rabbitmq: prevent configuration changes for backport
+ mysql: Add a timeout to galera bootstrapping

Patch Instructions:

To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1915=1
SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2017-1915=1

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
- crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4
- crowbar-core-branding-upstream-4.0+git.1508607101.73c7a9c77-9.11.4
SUSE OpenStack Cloud 7 (noarch):
- crowbar-ha-4.0+git.1508403557.f438560-4.15.4
- crowbar-init-4.0+git.1507187369.c3f2348-8.9.4
- crowbar-openstack-4.0+git.1508531151.8580c7e51-9.17.4
SUSE Enterprise Storage 4 (aarch64 x86_64):
- crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4
SUSE Enterprise Storage 4 (noarch):
- crowbar-init-4.0+git.1507187369.c3f2348-8.9.4

Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

Description:

Patch Instructions:

Package List:

References: