Readme file for:IBM Cloud Manager with OpenStack 4.3 interim fix 2 for pack 4
Product/Component Release:4.3.0.4
Update Name:cmwo 4.3.0.4 interim fix 2
Fix ID:4.3.0.4-IBM-CMWO-IF002
Publication Date:2016-02-29
Last modified date:2016-02-29
Online version of the readme file:http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002536
Important: The most current version of the readme file can always be found online.
Below is a list of components, platforms, and file names that apply to this Readme file.
| Product/Component Name: | Platform: | Fix: |
| IBM Cloud Manager with Openstack | Linux 64-bit,x86_64 Linux 64-bit,x86_64 Linux 64-bit,pSeries Linux 64-bit,pSeries | cmwo_fixpack_4.3.0.4.2.tar.gz |
None.
If you have already deployed a topology, you will need to update your deployed topology after following the directions in this file. If the special instructions in this file do not apply to your environment, you still must update your deployed topology to apply other fixes contained in this fix pack.
Directions for updating deployed topologies can be found in the IBM Cloud Manager with OpenStack Knowledge Center.
# tar -zxf cmwo_fixpack_4.3.0.4.2.tar.gz
# ./install_cmwo_fixpack.sh
Installation of fix pack completed successfully.
Otherwise, you will this message:
ERROR: Installation of fix pack failed. See log files for details.
Additional messages will tell you where the log files are stored.
After installing the fix pack, review the following sections to determine if
there are additional actions that must be performed:
- Update cookbook versions
- Update the environment attributes
- Update the high availability (HA) environment attributes
- Update the high availability (HA) software and configuration
- Update VMWare driver envrionment attributes
- Update the deployed topology
Automated environment updates
IBM Cloud Manager with OpenStack includes a tool that can be used to automatically
perform certain environment updates:
- Update cookbook version constraints
- For HA environments, update the HA attributes
To update an environment named 'my-environment' stored in the chef server
use this command:
knife os manage update environment my-environment
To update a JSON environment file named 'my-environment.json' use this
command:
knife os manage update environment my-environment.json
The file name must end with the '.json' extension. If the file refers to an
existing chef environment, the file will also be uploaded to the chef server.
Manual environment updates
If the fix pack requires other environment changes, you can edit the
environment(s) used for your topologies using the following procedure.
Installing the fix pack updates the example environments:
example-ibm-os-allinone
example-ibm-os-ha-controller-n-compute
example-ibm-os-single-controller-n-compute
example-ibm-sce
If you have created an environment for your topology, or have created
an environment file, these must be updated manually. If you do not do
this, future deploys or updates will continue to use the original
cookbook.
1. Change to the directory where you have created your topology files.
2. If you do not have your environment file, you can download the current environment from the chef server:
# knife environment list
_default
example-ibm-os-allinone
example-ibm-os-ha-controller-n-compute
example-ibm-os-single-controller-n-compute
example-ibm-sce
test-environment
Identify the environment to change, e.g. test-environment, and download it:
# knife environment show test-environment -d -F json > test-environment.json
3. Edit the environment file and modify it as required.
4. Save the file.
5. Upload the modified environment to the chef server:
# knife environment from file test-environment.json
Updated Environment test-environment
Update cookbook versions
This fix pack contains cookbook updates which require updates to the chef
environment(s) for your topologies.
If any of the following conditions are true, no action is required to update
cookbook versions, and you should continue with the next section of this
README file.
- You have not created an environment
- You created your environment after installing fix pack 4.3.0.4 or later.
- You updated the cookbook versions for your environment after installing
fix pack 4.3.0.4 or later.
Use the 'knife os manage update environment' command as described in
'Automated environment updates' to update your environment or
environment files.
This table lists the updated cookbook versions and the fix pack that
includes them.
| Fix pack | Cookbook | Current version |
|---|---|---|
| 4.3.0.1 | db2 | 2.0.3 |
| 4.3.0.1 | ibm-openstack-perf-tuning | 11.0.1 |
| 4.3.0.1 | ibm-openstack-zvm-driver | 11.0.6 |
| 4.3.0.1 | openstack-block-storage | 11.1.0 |
| 4.3.0.2 | apache2 | 3.1.0 |
| 4.3.0.2 | galera | 0.4.1 |
| 4.3.0.2 | ibm-openstack-network | 11.1.0 |
| 4.3.0.2 | ibm-openstack-simple-token | 11.0.1 |
| 4.3.0.2 | ibm-sce | 11.0.6 |
| 4.3.0.2 | openstack-common | 11.5.1 |
| 4.3.0.2 | openstack-compute | 11.1.0 |
| 4.3.0.2 | openstack-identity | 11.1.0 |
| 4.3.0.2 | pacemaker | 1.1.4 |
| 4.3.0.3 | htpasswd | 0.2.4 |
| 4.3.0.3 | ibm-cls | 1.0.1 |
| 4.3.0.3 | ibm-openstack-apache-proxy | 11.1.2 |
| 4.3.0.3 | ibm-openstack-common | 11.3.0 |
| 4.3.0.3 | ibm-openstack-dr | 11.0.3 |
| 4.3.0.3 | ibm-openstack-ha | 11.1.0 |
| 4.3.0.3 | ibm-openstack-iptables | 11.0.6 |
| 4.3.0.3 | ibm-openstack-migration | 11.0.31 |
| 4.3.0.3 | ibm-openstack-powervc-driver | 11.0.2 |
| 4.3.0.3 | ibm-openstack-prs | 11.1.0 |
| 4.3.0.3 | ibm-openstack-roles | 11.0.4 |
| 4.3.0.3 | ibm-openstack-vmware-driver | 11.0.5 |
| 4.3.0.3 | ibm-spectrum-scale | 11.0.12 |
| 4.3.0.3 | mariadb | 0.3.1 |
| 4.3.0.3 | openstack-ops-messaging | 11.1.0 |
| 4.3.0.3 | rabbitmq | 4.1.2 |
| 4.3.0.3 | rsyslog | 2.0.0 |
| 4.3.0.4 | openstack-compute | 11.2.0 |
| 4.3.0.4 | openstack-network | 11.1.0 |
| 4.3.0.4 | opentack-dashboard | 11.1.0 |
| 4.3.0.4 | openstack-orchestration | 11.1.0 |
| 4.3.0.4 | ibm-openstack-common | 11.4.0 |
| 4.3.0.4 | ibm-openstack-ha | 11.1.1 |
| 4.3.0.4 | ibm-openstack-roles | 11.0.5 |
| 4.3.0.4 | ibm-openstack-network | 11.1.1 |
Update the environment attributes
If any of the following conditions are true, no action is required to update
the HA environments, and you should continue with the next section of this
README file.
- You have not created an HA environment
- You created your HA environment after installing fix pack 4.3.0.4 or later.
- You updated the HA attributes for your environment after installing
fix pack 4.3.0.4 or later.
If you have not already done so, use the 'knife os manage update environment'
command as described in 'Automated environment updates' to update your
HA environment or HA environment files.
This table lists the new HA attributes in Fix Pack 4:
openstack.block-storage.rpc_backend = 'cinder.openstack.common.rpc.impl_kombu'
openstack.block-storage.rpc_thread_pool_size = 64
openstack.block-storage.rpc_conn_pool_size = 30
openstack.block-storage.rpc_response_timeout = 60
openstack.orchestration.platform.heat_common_packages = 'openstack-heat'
openstack.orchestration.platform.heat_api_packages = 'python-heatclient'
openstack.orchestration.platform.heat_api.cfn_packages = 'python-heatclient'
openstack.orchestration.platform.heat_api_cloudwatch_packages = 'python-heatclient'
openstack-orchestration.platform.heat_engine_packages = 'openstack-heat'
openstack.config.block_device_allocate_retries = 60
openstack.config.block_device_allocate_retries_interval = 3
ibm-openstack.first_region = true
Update the high availability (HA) environment attributes
If any of the following conditions are true, no action is required to update
the HA environments, and you should continue with the next section of this
README file.
- You have not created an HA environment
- You created your HA environment after installing fix pack 4.3.0.4 or later.
- You updated the HA attributes for your environment after installing
fix pack 4.3.0.4 or later.
If you have not already done so, use the 'knife os manage update environment'
command as described in 'Automated environment updates' to update your
HA environment or HA environment files.
This table lists the new HA attributes in Fix Pack 2:
openstack.mq.rabbitmq.heartbeat_timeout_threshold = '60'
openstack.mq.rabbitmq.heartbeat_rate = '2'
This table lists the new HA attributes in Fix Pack 3:
rabbitmq.clustering.use_auto_clustering = true
ibm-openstack.ha.pacemaker.cluster.resource.rabbitmq-meta.migration-threshold = '1'
ibm-openstack.ha.pacemaker.cluster.resource.rabbitmq-meta.failure-timeout = '160'
This table lists the new HA attributes in Fix Pack 4:
ibm-openstack.ha.use_external_db = false
Update the high availability (HA) software and configuration from Fix Pack 1
If you deployed high availability (HA) topologies using Fix Pack 1 and have
not updated them to Fix Pack 2 or later then perform the actions in this section.
Otherwise, you should continue with the next section of this README file.
Fix Pack 2 and later contains an updated version of the RabbitMQ messaging software
used in HA topologies. The fix pack also contains a change to the Pacemaker
DB2 HADR agent configuration to fix a problem where Pacemaker repeatedly
tries to restart DB2 HADR on a failing node and never promotes another node
to become the master.
Special steps are required to upgrade RabbitMQ and update the DB2 HADR agent
configuration on the HA controller nodes. Perform the following commands on
the HA controllers under root authority:
1. On any HA controller node, run these commands:
"pcs resource update ibm-os-db2hadr-master meta migration-threshold=3 failure-timeout=5m"
"pcs resource update ibm-os-rabbitmq meta migration-threshold=1 failure-timeout=160"
2. On any HA controller node, run this command:
"pcs resource disable ibm-os-rabbitmq --wait=450"
3. Since the previous command takes variable time to complete, and may return
a timeout error, you should run the following command until you see that
ibm-os-rabbitmq is stopped on all the HA controller nodes:
"pcs resource | grep -A1 ibm-os-rabbitmq-clone"
4. On each HA controller node, run these commands:
"yum clean expire-cache"
"yum update rabbitmq-server"
"yum update python-oslo-messaging"
5. On any HA controller node, run this command:
"pcs resource enable ibm-os-rabbitmq --wait=450"
6. Since the previous command takes variable time to complete, and may return
a timeout error, you should run the following command until you see that
ibm-os-rabbitmq is started on all the HA controller nodes:
"pcs resource | grep -A1 ibm-os-rabbitmq-clone"
Update the high availability (HA) configuration from Fix Pack 2
If you deployed high availability (HA) topologies using Fix Pack 2 and have not updated
them to Fix Pack 3 or later, then perform the actions in this section.
Otherwise, you should continue with the next section of this README file.
1. On any HA controller node, run this command:
"pcs resource update ibm-os-rabbitmq meta migration-threshold=1 failure-timeout=160"
Update VMWare driver envrionment attributes
In FP2, we have changed 2 attributes' default value for vmware cookbook:
ibm-openstack.vmware-driver.discovery.common.allow_instance_deletion=true
ibm-openstack.vmware-driver.discovery.common.allow_template_deletion=true
In FP3, We have 2 attributes newly added:
ibm-openstack.vmware-driver.vcenter_connection.http_pool_size=50
ibm-openstack.vmware-driver.discovery.common.vm_ignore_regex=''
If you are using VMware as the nova compute driver and deployed a cloud prior
to installing FP2 or FP3, you should update these attributes according to the
fix pack version in the Chef environment and then update the deployed topology.
For example, if you upgrade ICM from GM to FP2, you should update the attributes
related to FP2; If you upgrade ICM from GM to FP3, you should update the
attributes related to both FP2 and FP3; If you are upgrade ICM from FP2 to
FP3, then you only need to update the attributes related to FP3.
Update the deployed topology
After making the changes described above, update your deployed topology to
apply the fixes contained in this fix pack.
If you did not deploy a topology prior to installing this fix pack, no
further action is required.
The IBM Cloud Manager with OpenStack Knowledge Center has more information
on updating a deployed topology.
Update log (02/29/2016):
IBM Cloud Manager with OpenStack 4.3 ifix 4.3.0.4.2 includes:
Resolve security issue: CVE-2015-7575 CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466
Update log (01/21/2016):
IBM Cloud Manager with OpenStack 4.3 ifix 4.3.0.4.1 includes:
Resolve security issue: CVE-2015-7713 CVE-2015-5286
SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT, REGARDING THE PTF.
By furnishing this document, IBM grants no licenses to any related patents or copyrights.
The applicable license agreement may have been provided to you in printed form and/or may be viewed at http://www-03.ibm.com/software/sla/sladb.nsf/viewbla/.
Copyright © IBM Corporation 2016