Feature-update to provide High Availability support for SUSE Cloud 3
SUSE Recommended Update: Feature-update to provide High Availability support for SUSE Cloud 3
This collective update provides the ability to remove single point of
failures from a SUSE Cloud deployment by enabling High Availability
support for the OpenStack services. Please refer to the updated deployment
guide to learn about how to configure High Availability support. The
update also includes fixes for several bugs and some security issues.
The following new packages have been added to the product: haproxy,
crowbar-barclamp-pacemaker, openstack-resource-agents, rubygem-bson-1_9,
rubygem-mongo and patterns-cloud.
Crowbar and the following Barclamps have been updated: ceilometer, ceph,
cinder, crowbar, database, deployer, dns, glance, heat, ipmi, keystone,
logging, network, neutron, nfs_client, nova, nova_dashboard, ntp,
provisioner, rabbitmq, suse-manager-client, swift and updater.
The following OpenStack modules have been updated: ceilometer, dashboard,
keystone, neutron, nova and suse.
The following Python modules have been updated: heatclient, neutronclient,
psycopg2 and amqp.
The YaST2 Crowbar module was also updated to enable the new High
Availability feature.
Finally, the update ships with the latest revision of the SUSE Cloud
Guide, now including information about how to make SUSE Cloud highly
available.
References to non-security issues fixed by this update:
* crowbar-barclamp-ceph: Recipe fails if libvirt is available but not
started. (bnc#861551)
* crowbar-barclamp-crowbar: Add crowbar_reset* scripts as unsupported
workarounds for bricked proposals. (bnc#840255)
* crowbar-barclamp-neutron: Make sure that the VLAN range is valid.
(bnc#870898)
* crowbar-barclamp-nova: Use neutron dhcp_domain in nova.conf.
(bnc#865733)
* crowbar-barclamp-nova: Recipe fails if libvirt is available but not
started. (bnc#861551)
* mongodb: Tell logrotate about log file ownership. (bnc#863719)
* mongodb: Avoid hitting virtual memory limits with mmaps. (bnc#876326)
* openstack-neutron: Fixes an issue where Neutron wouldn't reconnect
to DB after fail-over. (bnc#872361)
* openstack-nova: Fixes an issue where Nova wouldn't reconnect to DB
after fail-over. (bnc#872361)
* openstack-suse: Remove case of magic sed'ing that breaks OpenStack.
(bnc#871199)
* openstack-suse: Drop eventlet_backdoor.py and it's sole usage in
oslo-incubator code. (bnc#847189)
* python-amqp: Set TIMEOUT and KEEPALIVE values for TCP sockets in the
amqp library. (bnc#872700)
* yast2-crowbar: Added HA repositories. (bnc#870175)
References to security issues fixed by this update:
* openstack-dashboard: Introduces escaping in Horizon/Orchestration.
(bnc#871855, CVE-2014-0157)
* openstack-keystone: Sanitizes authentication methods received in
requests. (bnc#873127, CVE-2014-2828)
* openstack-neutron: Prevent cross plugging router ports from other
tenants (bnc#869570, CVE-2014-0056)
* openstack-nova: Add RBAC policy for ec2 API security groups calls.
(bnc#872116, CVE-2014-0167)
* openstack-nova: Persist image format to a file, to prevent attacks
based on changing it. (bnc#869078, CVE-2014-0134)
For a comprehensive list of changes and bugs fixed by this update, please
refer to the packages' change log.
Security Issues:
* CVE-2014-0157
* CVE-2014-2828
* CVE-2014-0056
* CVE-2014-0167
* CVE-2014-0134
| Announcement ID: | SUSE-RU-2014:0656-1 |
| Rating: | low |
| References: | #840255 #847189 #861551 #863719 #865733 #869078 #869570 #870175 #870898 #871199 #871855 #872116 #872361 #872700 #872915 #873127 #874171 #874611 #874755 #876326 |
| Affected Products: |
An update that solves 5 vulnerabilities and has 15 fixes is now available. It includes 33 new package versions.
Description:
This collective update provides the ability to remove single point of
failures from a SUSE Cloud deployment by enabling High Availability
support for the OpenStack services. Please refer to the updated deployment
guide to learn about how to configure High Availability support. The
update also includes fixes for several bugs and some security issues.
The following new packages have been added to the product: haproxy,
crowbar-barclamp-pacemaker, openstack-resource-agents, rubygem-bson-1_9,
rubygem-mongo and patterns-cloud.
Crowbar and the following Barclamps have been updated: ceilometer, ceph,
cinder, crowbar, database, deployer, dns, glance, heat, ipmi, keystone,
logging, network, neutron, nfs_client, nova, nova_dashboard, ntp,
provisioner, rabbitmq, suse-manager-client, swift and updater.
The following OpenStack modules have been updated: ceilometer, dashboard,
keystone, neutron, nova and suse.
The following Python modules have been updated: heatclient, neutronclient,
psycopg2 and amqp.
The YaST2 Crowbar module was also updated to enable the new High
Availability feature.
Finally, the update ships with the latest revision of the SUSE Cloud
Guide, now including information about how to make SUSE Cloud highly
available.
References to non-security issues fixed by this update:
* crowbar-barclamp-ceph: Recipe fails if libvirt is available but not
started. (bnc#861551)
* crowbar-barclamp-crowbar: Add crowbar_reset* scripts as unsupported
workarounds for bricked proposals. (bnc#840255)
* crowbar-barclamp-neutron: Make sure that the VLAN range is valid.
(bnc#870898)
* crowbar-barclamp-nova: Use neutron dhcp_domain in nova.conf.
(bnc#865733)
* crowbar-barclamp-nova: Recipe fails if libvirt is available but not
started. (bnc#861551)
* mongodb: Tell logrotate about log file ownership. (bnc#863719)
* mongodb: Avoid hitting virtual memory limits with mmaps. (bnc#876326)
* openstack-neutron: Fixes an issue where Neutron wouldn't reconnect
to DB after fail-over. (bnc#872361)
* openstack-nova: Fixes an issue where Nova wouldn't reconnect to DB
after fail-over. (bnc#872361)
* openstack-suse: Remove case of magic sed'ing that breaks OpenStack.
(bnc#871199)
* openstack-suse: Drop eventlet_backdoor.py and it's sole usage in
oslo-incubator code. (bnc#847189)
* python-amqp: Set TIMEOUT and KEEPALIVE values for TCP sockets in the
amqp library. (bnc#872700)
* yast2-crowbar: Added HA repositories. (bnc#870175)
References to security issues fixed by this update:
* openstack-dashboard: Introduces escaping in Horizon/Orchestration.
(bnc#871855, CVE-2014-0157)
* openstack-keystone: Sanitizes authentication methods received in
requests. (bnc#873127, CVE-2014-2828)
* openstack-neutron: Prevent cross plugging router ports from other
tenants (bnc#869570, CVE-2014-0056)
* openstack-nova: Add RBAC policy for ec2 API security groups calls.
(bnc#872116, CVE-2014-0167)
* openstack-nova: Persist image format to a file, to prevent attacks
based on changing it. (bnc#869078, CVE-2014-0134)
For a comprehensive list of changes and bugs fixed by this update, please
refer to the packages' change log.
Security Issues:
* CVE-2014-0157
* CVE-2014-2828
* CVE-2014-0056
* CVE-2014-0167
* CVE-2014-0134
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 3:
zypper in -t patch sleclo30sp3-cloud3-ha-201405-9200
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 3 (x86_64) [New Version: 0.2.6,2.3.4,2.5.2,2013.2.3.dev1.g54ec015,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]:
- haproxy-1.4.24-0.9.2
- mongodb-2.4.3-0.13.1
- openstack-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-ceilometer-agent-central-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-ceilometer-agent-compute-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-ceilometer-alarm-evaluator-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-ceilometer-alarm-notifier-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-ceilometer-api-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-ceilometer-collector-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-dashboard-2013.2.3.dev1.g54ec015-0.7.3
- openstack-keystone-2013.2.4.dev2.ge7c2987-0.7.3
- openstack-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-dhcp-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-ha-tool-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-l3-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-lbaas-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-linuxbridge-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-metadata-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-metering-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-mlnx-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-nec-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-openvswitch-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-plugin-cisco-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-ryu-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-server-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-vmware-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-neutron-vpn-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-nova-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-api-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-cells-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-cert-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-compute-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-conductor-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-console-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-consoleauth-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-novncproxy-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-objectstore-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-scheduler-2013.2.4.dev10.g155262c-0.7.3
- openstack-nova-vncproxy-2013.2.4.dev10.g155262c-0.7.3
- patterns-cloud-20140224-0.21.2
- python-amqp-1.2.0-0.9.1
- python-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1
- python-heatclient-0.2.6-0.7.2
- python-heatclient-doc-0.2.6-0.7.2
- python-horizon-2013.2.3.dev1.g54ec015-0.7.3
- python-keystone-2013.2.4.dev2.ge7c2987-0.7.3
- python-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3
- python-neutronclient-2.3.4-0.7.3
- python-nova-2013.2.4.dev10.g155262c-0.7.3
- python-psycopg2-2.5.2-0.7.2
- rubygem-bson-1_9-1.9.2-0.7.2
- rubygem-mongo-1.9.2-0.7.2
- SUSE Cloud 3 (noarch) [New Version: 2.17.35,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]:
- crowbar-1.7+git.1393415366.c7d7ed2-0.9.1
- crowbar-barclamp-ceilometer-1.7+git.1397725532.6562e99-0.11.1
- crowbar-barclamp-ceph-1.7+git.1394531703.94bc662-0.7.4
- crowbar-barclamp-cinder-1.7+git.1397563537.c0e3c1f-0.7.4
- crowbar-barclamp-crowbar-1.7+git.1397546986.0138729-0.7.5
- crowbar-barclamp-database-1.7+git.1398437917.4d9d949-0.7.4
- crowbar-barclamp-deployer-1.7+git.1395841488.9bd9b18-0.7.4
- crowbar-barclamp-dns-1.7+git.1395139533.d8065e0-0.7.4
- crowbar-barclamp-glance-1.7+git.1397563542.7f7adbd-0.7.4
- crowbar-barclamp-heat-1.7+git.1397563528.5365573-0.7.4
- crowbar-barclamp-ipmi-1.7+git.1394447661.823417e-0.7.4
- crowbar-barclamp-keystone-1.7+git.1397563548.5e1f6f4-0.7.4
- crowbar-barclamp-logging-1.7+git.1394447795.1352678-0.7.4
- crowbar-barclamp-network-1.7+git.1397462393.b75b4a2-0.7.4
- crowbar-barclamp-neutron-1.7+git.1399280715.7a6d30c-0.7.1
- crowbar-barclamp-nfs_client-1.7+git.1394448673.eec60d0-0.7.4
- crowbar-barclamp-nova-1.7+git.1397563532.b0a2cf3-0.7.4
- crowbar-barclamp-nova_dashboard-1.7+git.1397195786.72f875c-0.7.4
- crowbar-barclamp-ntp-1.7+git.1394526594.bd0925a-0.7.4
- crowbar-barclamp-pacemaker-1.7+git.1399292086.c9d262e-0.7.1
- crowbar-barclamp-provisioner-1.7+git.1398437839.2078a3c-0.7.1
- crowbar-barclamp-rabbitmq-1.7+git.1398437927.2b9a534-0.7.4
- crowbar-barclamp-suse-manager-client-1.7+git.1394449068.c91f840-0.7.4
- crowbar-barclamp-swift-1.7+git.1398348658.e9aadc4-0.7.4
- crowbar-barclamp-updater-1.7+git.1394449074.c15a84e-0.7.4
- openstack-ceilometer-doc-2013.2.4.dev3.gd7b0634-0.9.1
- openstack-keystone-doc-2013.2.4.dev2.ge7c2987-0.7.3
- openstack-neutron-doc-2013.2.3.dev38.g1b9ceaf-0.7.3
- openstack-nova-doc-2013.2.4.dev10.g155262c-0.7.3
- openstack-resource-agents-1.0+git.1392632006.9b9b934-0.7.2
- openstack-suse-sudo-2013.2-0.11.2
- susecloud-admin_en-pdf-3.0-0.34.1
- susecloud-deployment_en-pdf-3.0-0.34.1
- susecloud-manuals_en-3.0-0.34.1
- susecloud-user_en-pdf-3.0-0.34.1
- yast2-crowbar-2.17.35-0.7.2
References:
- http://support.novell.com/security/cve/CVE-2014-0056.html
- http://support.novell.com/security/cve/CVE-2014-0134.html
- http://support.novell.com/security/cve/CVE-2014-0157.html
- http://support.novell.com/security/cve/CVE-2014-0167.html
- http://support.novell.com/security/cve/CVE-2014-2828.html
- https://bugzilla.novell.com/840255
- https://bugzilla.novell.com/847189
- https://bugzilla.novell.com/861551
- https://bugzilla.novell.com/863719
- https://bugzilla.novell.com/865733
- https://bugzilla.novell.com/869078
- https://bugzilla.novell.com/869570
- https://bugzilla.novell.com/870175
- https://bugzilla.novell.com/870898
- https://bugzilla.novell.com/871199
- https://bugzilla.novell.com/871855
- https://bugzilla.novell.com/872116
- https://bugzilla.novell.com/872361
- https://bugzilla.novell.com/872700
- https://bugzilla.novell.com/872915
- https://bugzilla.novell.com/873127
- https://bugzilla.novell.com/874171
- https://bugzilla.novell.com/874611
- https://bugzilla.novell.com/874755
- https://bugzilla.novell.com/876326
- http://download.suse.com/patch/finder/?keywords=6b6c2ab2019cacb05895c4274ff8b7b3