SUSE-RU-2014:0656-1: Feature-update to provide High Availability support for SUSE Cloud 3

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu May 15 11:06:35 MDT 2014


   SUSE Recommended Update: Feature-update to provide High Availability support for SUSE Cloud 3
______________________________________________________________________________

Announcement ID:    SUSE-RU-2014:0656-1
Rating:             low
References:         #840255 #847189 #861551 #863719 #865733 #869078 
                    #869570 #870175 #870898 #871199 #871855 #872116 
                    #872361 #872700 #872915 #873127 #874171 #874611 
                    #874755 #876326 
Affected Products:
                    SUSE Cloud 3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 15 fixes is
   now available. It includes 33 new package versions.

Description:


   This collective update provides the ability to remove single point of
   failures from a SUSE Cloud deployment by enabling High Availability
   support for the OpenStack services. Please refer to the updated deployment
   guide to learn about how to configure High Availability support. The
   update also includes fixes for several bugs and some security issues.

   The following new packages have been added to the product: haproxy,
   crowbar-barclamp-pacemaker, openstack-resource-agents, rubygem-bson-1_9,
   rubygem-mongo and patterns-cloud.

   Crowbar and the following Barclamps have been updated: ceilometer, ceph,
   cinder, crowbar, database, deployer, dns, glance, heat, ipmi, keystone,
   logging, network, neutron, nfs_client, nova, nova_dashboard, ntp,
   provisioner, rabbitmq, suse-manager-client, swift and updater.

   The following OpenStack modules have been updated: ceilometer, dashboard,
   keystone, neutron, nova and suse.

   The following Python modules have been updated: heatclient, neutronclient,
   psycopg2 and amqp.

   The YaST2 Crowbar module was also updated to enable the new High
   Availability feature.

   Finally, the update ships with the latest revision of the SUSE Cloud
   Guide, now including information about how to make SUSE Cloud highly
   available.

   References to non-security issues fixed by this update:

   * crowbar-barclamp-ceph: Recipe fails if libvirt is available but not
   started. (bnc#861551)
   * crowbar-barclamp-crowbar: Add crowbar_reset* scripts as unsupported
   workarounds for bricked proposals. (bnc#840255)
   * crowbar-barclamp-neutron: Make sure that the VLAN range is valid.
   (bnc#870898)
   * crowbar-barclamp-nova: Use neutron dhcp_domain in nova.conf.
   (bnc#865733)
   * crowbar-barclamp-nova: Recipe fails if libvirt is available but not
   started. (bnc#861551)
   * mongodb: Tell logrotate about log file ownership. (bnc#863719)
   * mongodb: Avoid hitting virtual memory limits with mmaps. (bnc#876326)
   * openstack-neutron: Fixes an issue where Neutron wouldn't reconnect
   to DB after fail-over. (bnc#872361)
   * openstack-nova: Fixes an issue where Nova wouldn't reconnect to DB
   after fail-over. (bnc#872361)
   * openstack-suse: Remove case of magic sed'ing that breaks OpenStack.
   (bnc#871199)
   * openstack-suse: Drop eventlet_backdoor.py and it's sole usage in
   oslo-incubator code. (bnc#847189)
   * python-amqp: Set TIMEOUT and KEEPALIVE values for TCP sockets in the
   amqp library. (bnc#872700)
   * yast2-crowbar: Added HA repositories. (bnc#870175)

   References to security issues fixed by this update:

   * openstack-dashboard: Introduces escaping in Horizon/Orchestration.
   (bnc#871855, CVE-2014-0157)
   * openstack-keystone: Sanitizes authentication methods received in
   requests. (bnc#873127, CVE-2014-2828)
   * openstack-neutron: Prevent cross plugging router ports from other
   tenants (bnc#869570, CVE-2014-0056)
   * openstack-nova: Add RBAC policy for ec2 API security groups calls.
   (bnc#872116, CVE-2014-0167)
   * openstack-nova: Persist image format to a file, to prevent attacks
   based on changing it. (bnc#869078, CVE-2014-0134)

   For a comprehensive list of changes and bugs fixed by this update, please
   refer to the packages' change log.

   Security Issues:

   * CVE-2014-0157
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0157>
   * CVE-2014-2828
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828>
   * CVE-2014-0056
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0056>
   * CVE-2014-0167
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167>
   * CVE-2014-0134
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134>


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 3:

      zypper in -t patch sleclo30sp3-cloud3-ha-201405-9200

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 3 (x86_64) [New Version: 0.2.6,2.3.4,2.5.2,2013.2.3.dev1.g54ec015,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]:

      haproxy-1.4.24-0.9.2
      mongodb-2.4.3-0.13.1
      openstack-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-ceilometer-agent-central-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-ceilometer-agent-compute-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-ceilometer-alarm-evaluator-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-ceilometer-alarm-notifier-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-ceilometer-api-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-ceilometer-collector-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-dashboard-2013.2.3.dev1.g54ec015-0.7.3
      openstack-keystone-2013.2.4.dev2.ge7c2987-0.7.3
      openstack-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-dhcp-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-ha-tool-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-l3-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-lbaas-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-linuxbridge-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-metadata-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-metering-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-mlnx-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-nec-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-openvswitch-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-plugin-cisco-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-ryu-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-server-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-vmware-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-neutron-vpn-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-nova-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-api-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-cells-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-cert-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-compute-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-conductor-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-console-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-consoleauth-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-novncproxy-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-objectstore-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-scheduler-2013.2.4.dev10.g155262c-0.7.3
      openstack-nova-vncproxy-2013.2.4.dev10.g155262c-0.7.3
      patterns-cloud-20140224-0.21.2
      python-amqp-1.2.0-0.9.1
      python-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1
      python-heatclient-0.2.6-0.7.2
      python-heatclient-doc-0.2.6-0.7.2
      python-horizon-2013.2.3.dev1.g54ec015-0.7.3
      python-keystone-2013.2.4.dev2.ge7c2987-0.7.3
      python-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3
      python-neutronclient-2.3.4-0.7.3
      python-nova-2013.2.4.dev10.g155262c-0.7.3
      python-psycopg2-2.5.2-0.7.2
      rubygem-bson-1_9-1.9.2-0.7.2
      rubygem-mongo-1.9.2-0.7.2

   - SUSE Cloud 3 (noarch) [New Version: 2.17.35,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]:

      crowbar-1.7+git.1393415366.c7d7ed2-0.9.1
      crowbar-barclamp-ceilometer-1.7+git.1397725532.6562e99-0.11.1
      crowbar-barclamp-ceph-1.7+git.1394531703.94bc662-0.7.4
      crowbar-barclamp-cinder-1.7+git.1397563537.c0e3c1f-0.7.4
      crowbar-barclamp-crowbar-1.7+git.1397546986.0138729-0.7.5
      crowbar-barclamp-database-1.7+git.1398437917.4d9d949-0.7.4
      crowbar-barclamp-deployer-1.7+git.1395841488.9bd9b18-0.7.4
      crowbar-barclamp-dns-1.7+git.1395139533.d8065e0-0.7.4
      crowbar-barclamp-glance-1.7+git.1397563542.7f7adbd-0.7.4
      crowbar-barclamp-heat-1.7+git.1397563528.5365573-0.7.4
      crowbar-barclamp-ipmi-1.7+git.1394447661.823417e-0.7.4
      crowbar-barclamp-keystone-1.7+git.1397563548.5e1f6f4-0.7.4
      crowbar-barclamp-logging-1.7+git.1394447795.1352678-0.7.4
      crowbar-barclamp-network-1.7+git.1397462393.b75b4a2-0.7.4
      crowbar-barclamp-neutron-1.7+git.1399280715.7a6d30c-0.7.1
      crowbar-barclamp-nfs_client-1.7+git.1394448673.eec60d0-0.7.4
      crowbar-barclamp-nova-1.7+git.1397563532.b0a2cf3-0.7.4
      crowbar-barclamp-nova_dashboard-1.7+git.1397195786.72f875c-0.7.4
      crowbar-barclamp-ntp-1.7+git.1394526594.bd0925a-0.7.4
      crowbar-barclamp-pacemaker-1.7+git.1399292086.c9d262e-0.7.1
      crowbar-barclamp-provisioner-1.7+git.1398437839.2078a3c-0.7.1
      crowbar-barclamp-rabbitmq-1.7+git.1398437927.2b9a534-0.7.4
      crowbar-barclamp-suse-manager-client-1.7+git.1394449068.c91f840-0.7.4
      crowbar-barclamp-swift-1.7+git.1398348658.e9aadc4-0.7.4
      crowbar-barclamp-updater-1.7+git.1394449074.c15a84e-0.7.4
      openstack-ceilometer-doc-2013.2.4.dev3.gd7b0634-0.9.1
      openstack-keystone-doc-2013.2.4.dev2.ge7c2987-0.7.3
      openstack-neutron-doc-2013.2.3.dev38.g1b9ceaf-0.7.3
      openstack-nova-doc-2013.2.4.dev10.g155262c-0.7.3
      openstack-resource-agents-1.0+git.1392632006.9b9b934-0.7.2
      openstack-suse-sudo-2013.2-0.11.2
      susecloud-admin_en-pdf-3.0-0.34.1
      susecloud-deployment_en-pdf-3.0-0.34.1
      susecloud-manuals_en-3.0-0.34.1
      susecloud-user_en-pdf-3.0-0.34.1
      yast2-crowbar-2.17.35-0.7.2


References:

   http://support.novell.com/security/cve/CVE-2014-0056.html
   http://support.novell.com/security/cve/CVE-2014-0134.html
   http://support.novell.com/security/cve/CVE-2014-0157.html
   http://support.novell.com/security/cve/CVE-2014-0167.html
   http://support.novell.com/security/cve/CVE-2014-2828.html
   https://bugzilla.novell.com/840255
   https://bugzilla.novell.com/847189
   https://bugzilla.novell.com/861551
   https://bugzilla.novell.com/863719
   https://bugzilla.novell.com/865733
   https://bugzilla.novell.com/869078
   https://bugzilla.novell.com/869570
   https://bugzilla.novell.com/870175
   https://bugzilla.novell.com/870898
   https://bugzilla.novell.com/871199
   https://bugzilla.novell.com/871855
   https://bugzilla.novell.com/872116
   https://bugzilla.novell.com/872361
   https://bugzilla.novell.com/872700
   https://bugzilla.novell.com/872915
   https://bugzilla.novell.com/873127
   https://bugzilla.novell.com/874171
   https://bugzilla.novell.com/874611
   https://bugzilla.novell.com/874755
   https://bugzilla.novell.com/876326
   http://download.suse.com/patch/finder/?keywords=6b6c2ab2019cacb05895c4274ff8b7b3



More information about the sle-updates mailing list