The IBM Cloud Manager with Openstack 4.2.0.3 CMWO 4.2.0.3 interim fix 6 Readme

Readme file for:IBM Cloud Manager with OpenStack 4.2 interim fix 6 for fixpack 3
Product/Component Release:4.2.0.3
Update Name:CMWO 4.2.0.3 interim fix 6
Fix ID:4.2.0.3-IBM-CMWO-IF006
Publication Date:2016-08-02
Last modified date:2016-08-02

Online version of the readme file:http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002804
Important: The most current version of the readme file can always be found online.

Contents

Download location
Prerequisites and co-requisites
Known issues
Known limitations

Installation information
   Installing

List of fixes
Copyright and trademark information



Download location

Download updates for IBM Cloud Manager with OpenStack 4.2 from the following location:
http://www.ibm.com/eserver/support/fixes/

Below is a list of components, platforms, and file names that apply to this Readme file.

Fix Download for Linux
Product/Component Name:Platform:Fix:
IBM Cloud Manager with OpenstackLinux 64-bit,x86_64 Linux 64-bit,x86_64
Linux 64-bit,pSeries Linux 64-bit,pSeries
cmwo_fixpack_4.2.0.3.6.tar.gz





Prerequisites and co-requisites

If you are using IBM Cloud Manager with OpenStack to manage z/VM hypervisor, you
need to follow z/VM service guide to apply z/VM APAR VM65753 before install this
fix pack.



Known issues

No known issues have been identified.

Known limitations

No known limitations have been identified.

Installation information

This file contains directions for installing the fix pack on the CMWO
deployment server and additional information not available in the CMWO
Knowledge Center.

If you have already deployed a topology, you will need to update your
deployed topology after following the directions in this file. If the
special instructions in this file do not apply to your environment, you
still must update your deployed topology to apply other fixes contained in
this fix pack.

Directions for updating deployed topologies can be found in the IBM Cloud
Manager with OpenStack Knowledge Center.


Before installing

Be aware that updating a deployed topology will stop CMWO and OpenStack
services on the deployed nodes. Deploying updates should not affect active
virtual machines deployed using the CMWO self-service portal or OpenStack.


Installing

To install the CMWO fix pack, do the following:
1. Download the fix pack archive (e.g. cmwo_fixpack_4.2.0.3.6.tar.gz) to
a temporary directory on the deployment server.
2. Change to that directory and expand the archive:
# tar -zxf cmwo_fixpack_4.2.0.3.6.tar.gz
3. Run the fix pack installer:
# ./install_cmwo_fixpack.sh
4. If the fix pack installed successfully you will see this message:
Installation of fix pack completed successfully.
Otherwise, you will this message:
ERROR: Installation of fix pack failed. See log files for details.
Additional messages will tell you where the log files are stored.


After installing

After installing the fix pack, review the following sections to determine if
there are additional actions that must be performed:
- Update cookbook versions
- Update the deployed topology

Automated environment updates

CMWO includes a tool that can be used to automatically perform certain environment
updates:
- Update cookbook version constraints

To update an environment named 'my-environment' stored in the chef server
use this command:
knife os manage update environment my-environment

To update a JSON environment file named 'my-environment.json' use this
command:
knife os manage update environment my-environment.json

The file name must end with the '.json' extension. If the file refers to an
existing chef environment, the file will also be uploaded to the chef server.

Manual environment updates

If the fix pack requires other environment changes, you can edit the
environment(s) used for your topologies using the following procedure.

Installing the fix pack updates the example environments:
example-ibm-os-allinone
example-ibm-os-single-controller-n-compute
example-ibm-sce
If you have created an environment for your topology, or have created
an environment file, these must be updated manually. If you do not do
this, future deploys or updates will continue to use the original
cookbook.

1. Change to the directory where you have created your topology files.

2. If you do not have your environment file, you can download the
current environment from the chef server:
# knife environment list
_default
example-ibm-os-allinone
example-ibm-os-single-controller-n-compute
example-ibm-sce
test-environment

Identify the environment to change, e.g. test-environment, and download
it:

# knife environment show test-environment -d -F json > test-environment.json

3. Edit the environment file and modify it as required.

4. Save the file.

5. Upload the modified environment to the chef server:
# knife environment from file test-environment.json
Updated Environment test-environment

Update cookbook versions

This fix pack contains cookbook updates which require updates to the chef
environment(s) for your topologies.

If any of the following conditions are true, no action is required to update
cookbook versions, and you should continue with the next section of this
README file.
- You have not created an environment
- You created your environment after installing fix pack 4.2.0.3 or later.
- You updated the cookbook versions for your environment after installing
fix pack 4.2.0.3 or later.

Use the 'knife os manage environment update' command as described in
'Automated environment updates' to update your environment or
environment files.

This table lists the updated cookbook versions and the fix pack that
includes them.
Fix pack Cookbook Current version
4.2.0.3 ibm-openstack-zvm-driver 10.2.3

Update the deployed topology

After making the changes described above, update your deployed topology to
apply the fixes contained in this fix pack.

If you did not deploy a topology prior to installing this fix pack, no
further action is required.

The IBM Cloud Manager with OpenStack Knowledge Center has more information on
updating a deployed topology.


Uninstalling

This interim fix cannot be uninstalled.


List of fixes

Update log (07/25/2016):
IBM Cloud Manager with OpenStack 4.2 ifix 4.2.0.3.6 includes:
- IBM SmartCloud Entry JRE update forPSIRT for SCE/ICM "IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU + 3 IBM CVEs CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3425 CVE-2016-3422 CVE-2016-0695 CVE-2016-3426 CVE-2016-0636 CVE-2016-0363 CVE-2016-0376 CVE-2016-0264"
- IBM Cloud Manager with OpenStack Chef OpenSSL update for PSIRT for ICM: "OpenSource OpenSSL Vuln." (CVE-2016-0701 CVE-2015-3197 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-2842 CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176)
- OpenStack Juno ifixes for PSIRT for ICM/SCE Appliance "opensource openstack vuln." (CVE-2015-8749 CVE-2015-7548 CVE-2015-8466 CVE-2015-5295 CVE-2015-5306 CVE-2015-1850 CVE-2015-8749 CVE-2015-7548 CVE-2015-8466 CVE-2015-5295 CVE-2015-5306 CVE-2015-1850)

Update log (02/29/2016):
IBM Cloud Manager with OpenStack 4.2 ifix 4.2.0.3.5 includes:
- Fix PSIRT for SCE/ICM "EXPEDITED Java specific SLOTH - Weak MD5 Signature Hash - CVE-2015-7575"
- Fix PSIRT for SCE/ICM "IBM SDK, Java Technology Edition Quarterly CPU - Jan 2016 - Includes Oracle Jan 2016 CPU + CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466"
- Fix PSIRT for ICM "opensource openstack vuln." (CVE-2015-5240 CVE-2015-3280)
- Fix PSIRT for "OpenSource Openstack Glance Vuln." ()
- Fix PSIRT for "OpenSource OpenStack Vuln" (CVE-2015-7713 CVE-2015-5286)

Update log (01/29/2016):
IBM Cloud Manager with OpenStack 4.2 ifix 4.2.0.3.4 includes:
- Fix PSIRT for "EXPEDITED GSKit and Hash Selection Vulnerability" (CVE-2016-0201)
- Fix PSIRT for SCE/ICM "IBM SDK, Java Technology Edition Quarterly CPU - Oct 2015 - Includes Oracle Oct 2015 CPU + CVE-2015-5006"

Update log (01/19/2016):
IBM Cloud Manager with OpenStack 4.2 ifix 4.2.0.3.3 includes:
- QPID Disable SSLv3 support.

Update log (11/04/2015):
IBM Cloud Manager with OpenStack 4.2 ifix 4.2.0.3.2 includes:
- Fix PSIRT issue for "Malformed ECParameters causes infinite loop " (CVE-2015-1788).

Update log (10/26/2015):
IBM Cloud Manager with OpenStack 4.2 ifix 4.2.0.3.1 includes:
Resolve security issue: CVE-2015-2687 CVE-2015-4000

Update log (9/29/2015):
IBM Cloud Manager with OpenStack 4.2 Fix Pack 3 includes:


4.2.0.3:

Contents of Fix/Service Pack build:



Copyright and trademark information

This fix is subject to the terms of the license agreement which accompanied, or was contained in, the Program for which you are obtaining the fix. You are not authorized to install or use the fix except as part of a Program for which you have a valid Proof of Entitlement.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT, REGARDING THE PTF.

By furnishing this document, IBM grants no licenses to any related patents or copyrights.

The applicable license agreement may have been provided to you in printed form and/or may be viewed at http://www-03.ibm.com/software/sla/sladb.nsf/viewbla/

Copyright © IBM Corporation 2014, 2016 IBM Corp.
All Rights Reserved.