SUSE-RU-2017:3083-1: moderate: Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

sle-updates at sle-updates at
Fri Nov 24 13:09:40 MST 2017

   SUSE Recommended Update: Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack

Announcement ID:    SUSE-RU-2017:3083-1
Rating:             moderate
References:         #1020922 #1046616 #1047881 #1049153 #1051298 
                    #1055669 #1056750 #1057233 #1058876 #1059532 
                    #1059733 #1059790 #1060421 #1060628 #1060687 
                    #1061777 #1063772 #1064057 
Affected Products:
                    SUSE OpenStack Cloud 7
                    SUSE Enterprise Storage 4

   An update that has 18 recommended fixes can now be


   This update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack
   fixes the following issues:

   - crowbar-core:
     + ohai: don't up interfaces
     + crowbar_framework:fix filtered nodes in apply_role
     + ohai: Remove useless assignment
     + ohai: Coding style fixes
     + ohai: Code cleanup for static variables
     + provisioner: Use also permanent addresses for dhcp
     + ohai: Collect permanent address of NICs
     + Show IPMI links earlier
     + crowbar_framework: fix skip_unchanged_nodes
     + ohai: Do not fail dealing with UEFI config with invalid CurrentBoot
     + crowbar: Add ability to skip chef run on node when applying
     + crowbar_framework: add experimental option for skip_unchanged_nodes
     + Allow setting NVMe drive in ceph (bsc#1051298)
     + crowbar: Don't store invalid locks (bsc#1055669)
     + Increase default chef_splay
     + Prefetch all roles during node listing
     + network: keep ovs secure fail-mode (bsc#1063772)
     + Get role data directly from CouchDB
     + utils: Add systemd override LWRP
     + schema_migration: Provide a hook into ServiceObject (bsc#1058876)
     + Get 'all' nodes directly from CouchDB
     + crowbar: Forward protocol to rails (bsc#1059733)
     + utils: Fix restart flag removal
     + crowbar: use pre_cached_nodes on the deployment queue
     + crowbar: remove unready nodes from deployment
     + crowbar: Add skip_unready_nodes experimental option
     + Add experimental.yml file as %config(noreplace)
     + utils: fix data bag loading on RestartManager
     + crowbar: Do not save applied proposal as role too early in apply_role
     + utils: override the service provider to allow for no-restart of
     + crowbar: Introduce a config for experimental options
     + crowbar_framework: Add the RestartManagementController
     + network: Partly revert 3d24a0f4cb - do not add Restart= for ovs
     + upgrade: Don't fail without openstack db (bsc#1061777)
     + nfs-server: Revert systemd Restart= bits for nfs services
     + Mark crowbar_framework/config/database.yml as config (bsc#1056750)
     + all: Make systemd restart services on failures
     + Add chef_splay to allowed time without update
     + provisioner: Make chef splay configurable
     + Add json version of /clusters endpoint
     + utils: Add utils_systemd_service_restart LWRP
     + apache2: Use new utils_systemd_service_restart LWRP
     + ipmi: Read-only mode
     + ipmi: Option to disable BMC NAT
     + Disable upgrade API in Cloud7
     + Switch to admin-server-upgrading for apache config check

   - crowbar-ha:
     + corosync: remove nonsensical ring default
     + crowbar-pacemaker: Reset sync-marks for all nodes
     + Fix for pacemaker proposal migration failure
     + crowbar-pacemaker:fix migration number
     + Add support for multiple Corosync rings
     + pacemaker: provide a option to configure migrate-threshold
     + crowbar-framework: fix is_pacemaker flag for RestartManager
     + crowbar-pacemaker: allow to skip restart if disallow_restart flag is
     + crowbar-pacemaker: hide output for #cib_up_for_node?
     + crowbar-pacemaker: Update apache override for systemd restart LWRP
     + hawk: Make systemd restart hawk service on failures
     + pacemaker: Add option to stop managing stateless active/active services
     + Fix the translation label for the clone_stateless_services hint
     + crowbar: Save founder name in the proposal role
     + crowbar-pacemaker: Reimplement sync marks with pacemaker attributes
     + crowbar-pacemaker: Deprecate usage of revisions in sync marks
     + pacemaker: Add missing  operations to the parser
     + ipmi: Use discovered IP in read-only mode
     + haproxy: Add location contraint to VIP directly
     + haproxy: provide a option to ratelimit frontends
     + pacemaker: Use --wait with crm configure command
     + haproxy: Fix VIP creation for haproxy
     + haproxy: Make sure that systemd kills haproxy service on restart

   - crowbar-init:
     + Fix endless loop when waiting for crowbar (bsc#1059790)

   - crowbar-openstack:
     + Hide MySQL SSL options from the UI
     + neutron: Fixes for ACI integration - updates for Newton
     + Revert "rabbitmq: Fix HA service management"
     + Revert "database: Fix HA service management"
     + mariadb: Make HA op timeouts configurable
     + neutron: use service account for neutron-l3-ha service
     + mariadb: Drop unneeded root users (bsc#1060628)
     + ceilometer: add configurable API timeout attribute (bsc#1064060)
     + crowbar: add timeout parameter to wsgi resource
     + database: Add resource limit control (bsc#1020922)
     + rabbitmq: Add resource_limits option (bsc#1020922)
     + apache: Add resource_limits controls (bsc#1020922)
     + cinder: Add resource limit controls (bsc#1020922)
     + neutron: fix fwaas_v1 configuration (bsc#1064057)
     + nova: get pub key from file instead of stdin
     + barbican: reorder config creation and initial db sync
     + database: Fix schema migrations for backend specific attributes
     + neutron: add HA rate limiting options to raw template
     + cinder: add HA rate limiting options to raw template
     + memcached: increase max connections limit
     + mariadb: Add expire_logs_days config option
     + mysql: Use increased timeout for promote operation
     + mariadb: Move pacemaker op arguments to chef attributes
     + neutron: Wait longer for database sync to complete (bsc#1060421)
     + nova: Raise timeouts for nova db sync to complete (bsc#1060421)
     + neutron-l3-ha-service: Introduce log_file
     + neutron-l3-ha-service: Enable log to file
     + neutron-l3-ha-service: Set default log path
     + neutron-l3-ha-service: fixed hound issues
     + neutron: fix HA neutron-agents_before_ha timeout
     + neutron: fix neutron_default_networks HA timeout error
     + neutron, nova: Revert use of Restart= for ovs and nfs
     + nova: respect image_cache_manager_interval set in proposal
     + nova: enable cache manager by default (bsc#1057233)
     + keystone: Fix updated password check (bsc#1060687)
     + mysql: tune innodb log size / writeback
     + mysql: Use fqdn for database hostname when using SSL
     + nova: reduce excessive node searches on compute role nodes
     + database: Let MariaDB search for user's presence.
     + mysql: Correctly delete all anonymous users
     + horizon: Explicit set REST_API_REQUIRED_SETTINGS (bsc#1046616)
     + database: Expose max_connections and slow_query_logging in UI
     + neutron: enable dns extension
     + magnum: Use credential env to setup domain role
     + database: Show Insecure SSL flag in the UI
     + nova: stop using the passwd ohai tree
     + ceilometer: fix hypervisor_inspector value for 'vmware' to be 'vsphere'
     + mysql: Added SSL configuration for client-server traffic
     + crowbar-openstack: Update database connection string for SSL setup
     + crowbar-openstack: Add require_ssl option to database_user resource
     + database: Return hostname for listen address in case of SSL setup.
     + rabbitmq: Increase timeouts for start/promote actions (bsc#1059532)
     + all: Make systemd restart services on failures
     + postgresql, rabbitmq: Re-use existing variable for clarity
     + nova: use the proper vars for serialproxy
     + mysql: Set the current node as non-backup server in haproxy config
     + rabbitmq: Set "clone-max" for the ms-rabbitmq resource
     + barbican: Remove unused barbican_service definition
     + heat: Run "heat-manage db_sync" before defining and starting services
     + all: Use new pacemaker option to stop managing stateless a/a services
     + heat, neutron, nova: Make hound happy
     + nova: add HA rate limiting options to raw template
     + keystone: Switch memcache backend to oslo_cache.memcache_pool
     + neutron: Increase inotify max user instances
     + mysql: Make sure galera resources are started on controller nodes only
     + rabbitmq: Remove remaining references to old cluster recipe
     + trove: Remove unused chef node searches
     + rabbitmq: Enable deploying rabbitmq with clustering when doing HA
     + rabbitmq: More robust check for rabbit
     + rabbitmq: dont let the template changes restart if in cluster mode
     + swift: disable ceilometer middleware when using durable queues
     + rabbitmq: prevent template changes
     + Always wait for the cluster to be started
     + rabbitmq: sync nodes before pacemaker resources
     + manila, ha: fix bind_host in HA case
     + ceilometer: Allow enabling SSL with HA (bsc#1049153)
     + neutron: Switch data center IDs to start at 1 for Infoblox
     + neutron: Switch to systemd for Infoblox (bsc#1047881)
     + keystone: Set an origin flag on apache2 restart
     + Stop exposing passwords in the process table
     + openstack: Fetch HA resource name for rabbitmq from rabbitmq settings
     + trove: rename template variable to rabbit_settings
     + openstack: make rabbitmq durable_queues/ha_queues setting configurable
     + trove: move retrieval of rabbit url to common openstack cookbook
     + rabbitmq: remove unused cluster.rb recipe
     + rabbitmq: prevent configuration changes for backport
     + mysql: Add a timeout to galera bootstrapping

Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1915=1

   - SUSE Enterprise Storage 4:

      zypper in -t patch SUSE-Storage-4-2017-1915=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):


   - SUSE OpenStack Cloud 7 (noarch):


   - SUSE Enterprise Storage 4 (aarch64 x86_64):


   - SUSE Enterprise Storage 4 (noarch):



More information about the sle-updates mailing list