Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

SUSE Recommended Update: Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack
Announcement ID: SUSE-RU-2017:3083-1
Rating: moderate
References: #1020922 #1046616 #1047881 #1049153 #1051298 #1055669 #1056750 #1057233 #1058876 #1059532 #1059733 #1059790 #1060421 #1060628 #1060687 #1061777 #1063772 #1064057
Affected Products:
  • SUSE OpenStack Cloud 7
  • SUSE Enterprise Storage 4

  • An update that has 18 recommended fixes can now be installed.


    This update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack
    fixes the following issues:

    - crowbar-core:
    + ohai: don't up interfaces
    + crowbar_framework:fix filtered nodes in apply_role
    + ohai: Remove useless assignment
    + ohai: Coding style fixes
    + ohai: Code cleanup for static variables
    + provisioner: Use also permanent addresses for dhcp
    + ohai: Collect permanent address of NICs
    + Show IPMI links earlier
    + crowbar_framework: fix skip_unchanged_nodes
    + ohai: Do not fail dealing with UEFI config with invalid CurrentBoot
    + crowbar: Add ability to skip chef run on node when applying
    + crowbar_framework: add experimental option for skip_unchanged_nodes
    + Allow setting NVMe drive in ceph (bsc#1051298)
    + crowbar: Don't store invalid locks (bsc#1055669)
    + Increase default chef_splay
    + Prefetch all roles during node listing
    + network: keep ovs secure fail-mode (bsc#1063772)
    + Get role data directly from CouchDB
    + utils: Add systemd override LWRP
    + schema_migration: Provide a hook into ServiceObject (bsc#1058876)
    + Get 'all' nodes directly from CouchDB
    + crowbar: Forward protocol to rails (bsc#1059733)
    + utils: Fix restart flag removal
    + crowbar: use pre_cached_nodes on the deployment queue
    + crowbar: remove unready nodes from deployment
    + crowbar: Add skip_unready_nodes experimental option
    + Add experimental.yml file as %config(noreplace)
    + utils: fix data bag loading on RestartManager
    + crowbar: Do not save applied proposal as role too early in apply_role
    + utils: override the service provider to allow for no-restart of
    + crowbar: Introduce a config for experimental options
    + crowbar_framework: Add the RestartManagementController
    + network: Partly revert 3d24a0f4cb - do not add Restart= for ovs
    + upgrade: Don't fail without openstack db (bsc#1061777)
    + nfs-server: Revert systemd Restart= bits for nfs services
    + Mark crowbar_framework/config/database.yml as config (bsc#1056750)
    + all: Make systemd restart services on failures
    + Add chef_splay to allowed time without update
    + provisioner: Make chef splay configurable
    + Add json version of /clusters endpoint
    + utils: Add utils_systemd_service_restart LWRP
    + apache2: Use new utils_systemd_service_restart LWRP
    + ipmi: Read-only mode
    + ipmi: Option to disable BMC NAT
    + Disable upgrade API in Cloud7
    + Switch to admin-server-upgrading for apache config check

    - crowbar-ha:
    + corosync: remove nonsensical ring default
    + crowbar-pacemaker: Reset sync-marks for all nodes
    + Fix for pacemaker proposal migration failure
    + crowbar-pacemaker:fix migration number
    + Add support for multiple Corosync rings
    + pacemaker: provide a option to configure migrate-threshold
    + crowbar-framework: fix is_pacemaker flag for RestartManager
    + crowbar-pacemaker: allow to skip restart if disallow_restart flag is
    + crowbar-pacemaker: hide output for #cib_up_for_node?
    + crowbar-pacemaker: Update apache override for systemd restart LWRP
    + hawk: Make systemd restart hawk service on failures
    + pacemaker: Add option to stop managing stateless active/active services
    + Fix the translation label for the clone_stateless_services hint
    + crowbar: Save founder name in the proposal role
    + crowbar-pacemaker: Reimplement sync marks with pacemaker attributes
    + crowbar-pacemaker: Deprecate usage of revisions in sync marks
    + pacemaker: Add missing operations to the parser
    + ipmi: Use discovered IP in read-only mode
    + haproxy: Add location contraint to VIP directly
    + haproxy: provide a option to ratelimit frontends
    + pacemaker: Use --wait with crm configure command
    + haproxy: Fix VIP creation for haproxy
    + haproxy: Make sure that systemd kills haproxy service on restart

    - crowbar-init:
    + Fix endless loop when waiting for crowbar (bsc#1059790)

    - crowbar-openstack:
    + Hide MySQL SSL options from the UI
    + neutron: Fixes for ACI integration - updates for Newton
    + Revert "rabbitmq: Fix HA service management"
    + Revert "database: Fix HA service management"
    + mariadb: Make HA op timeouts configurable
    + neutron: use service account for neutron-l3-ha service
    + mariadb: Drop unneeded root users (bsc#1060628)
    + ceilometer: add configurable API timeout attribute (bsc#1064060)
    + crowbar: add timeout parameter to wsgi resource
    + database: Add resource limit control (bsc#1020922)
    + rabbitmq: Add resource_limits option (bsc#1020922)
    + apache: Add resource_limits controls (bsc#1020922)
    + cinder: Add resource limit controls (bsc#1020922)
    + neutron: fix fwaas_v1 configuration (bsc#1064057)
    + nova: get pub key from file instead of stdin
    + barbican: reorder config creation and initial db sync
    + database: Fix schema migrations for backend specific attributes
    + neutron: add HA rate limiting options to raw template
    + cinder: add HA rate limiting options to raw template
    + memcached: increase max connections limit
    + mariadb: Add expire_logs_days config option
    + mysql: Use increased timeout for promote operation
    + mariadb: Move pacemaker op arguments to chef attributes
    + neutron: Wait longer for database sync to complete (bsc#1060421)
    + nova: Raise timeouts for nova db sync to complete (bsc#1060421)
    + neutron-l3-ha-service: Introduce log_file
    + neutron-l3-ha-service: Enable log to file
    + neutron-l3-ha-service: Set default log path
    + neutron-l3-ha-service: fixed hound issues
    + neutron: fix HA neutron-agents_before_ha timeout
    + neutron: fix neutron_default_networks HA timeout error
    + neutron, nova: Revert use of Restart= for ovs and nfs
    + nova: respect image_cache_manager_interval set in proposal
    + nova: enable cache manager by default (bsc#1057233)
    + keystone: Fix updated password check (bsc#1060687)
    + mysql: tune innodb log size / writeback
    + mysql: Use fqdn for database hostname when using SSL
    + nova: reduce excessive node searches on compute role nodes
    + database: Let MariaDB search for user's presence.
    + mysql: Correctly delete all anonymous users
    + horizon: Explicit set REST_API_REQUIRED_SETTINGS (bsc#1046616)
    + database: Expose max_connections and slow_query_logging in UI
    + neutron: enable dns extension
    + magnum: Use credential env to setup domain role
    + database: Show Insecure SSL flag in the UI
    + nova: stop using the passwd ohai tree
    + ceilometer: fix hypervisor_inspector value for 'vmware' to be 'vsphere'
    + mysql: Added SSL configuration for client-server traffic
    + crowbar-openstack: Update database connection string for SSL setup
    + crowbar-openstack: Add require_ssl option to database_user resource
    + database: Return hostname for listen address in case of SSL setup.
    + rabbitmq: Increase timeouts for start/promote actions (bsc#1059532)
    + all: Make systemd restart services on failures
    + postgresql, rabbitmq: Re-use existing variable for clarity
    + nova: use the proper vars for serialproxy
    + mysql: Set the current node as non-backup server in haproxy config
    + rabbitmq: Set "clone-max" for the ms-rabbitmq resource
    + barbican: Remove unused barbican_service definition
    + heat: Run "heat-manage db_sync" before defining and starting services
    + all: Use new pacemaker option to stop managing stateless a/a services
    + heat, neutron, nova: Make hound happy
    + nova: add HA rate limiting options to raw template
    + keystone: Switch memcache backend to oslo_cache.memcache_pool
    + neutron: Increase inotify max user instances
    + mysql: Make sure galera resources are started on controller nodes only
    + rabbitmq: Remove remaining references to old cluster recipe
    + trove: Remove unused chef node searches
    + rabbitmq: Enable deploying rabbitmq with clustering when doing HA
    + rabbitmq: More robust check for rabbit
    + rabbitmq: dont let the template changes restart if in cluster mode
    + swift: disable ceilometer middleware when using durable queues
    + rabbitmq: prevent template changes
    + Always wait for the cluster to be started
    + rabbitmq: sync nodes before pacemaker resources
    + manila, ha: fix bind_host in HA case
    + ceilometer: Allow enabling SSL with HA (bsc#1049153)
    + neutron: Switch data center IDs to start at 1 for Infoblox
    + neutron: Switch to systemd for Infoblox (bsc#1047881)
    + keystone: Set an origin flag on apache2 restart
    + Stop exposing passwords in the process table
    + openstack: Fetch HA resource name for rabbitmq from rabbitmq settings
    + trove: rename template variable to rabbit_settings
    + openstack: make rabbitmq durable_queues/ha_queues setting configurable
    + trove: move retrieval of rabbit url to common openstack cookbook
    + rabbitmq: remove unused cluster.rb recipe
    + rabbitmq: prevent configuration changes for backport
    + mysql: Add a timeout to galera bootstrapping

    Patch Instructions:

    To install this SUSE Recommended Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE OpenStack Cloud 7:
      zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1915=1
    • SUSE Enterprise Storage 4:
      zypper in -t patch SUSE-Storage-4-2017-1915=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
      • crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4
      • crowbar-core-branding-upstream-4.0+git.1508607101.73c7a9c77-9.11.4
    • SUSE OpenStack Cloud 7 (noarch):
      • crowbar-ha-4.0+git.1508403557.f438560-4.15.4
      • crowbar-init-4.0+git.1507187369.c3f2348-8.9.4
      • crowbar-openstack-4.0+git.1508531151.8580c7e51-9.17.4
    • SUSE Enterprise Storage 4 (aarch64 x86_64):
      • crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4
    • SUSE Enterprise Storage 4 (noarch):
      • crowbar-init-4.0+git.1507187369.c3f2348-8.9.4