Meta bug for tracking OpenStack 2012.2.4 Stable Update

Hello Adam, or anyone else affected,

Accepted quantum into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/quantum/2012.2.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Adam, or anyone else affected,

Accepted nova into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nova/2012.2.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Adam, or anyone else affected,

Accepted keystone into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/keystone/2012.2.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Adam, or anyone else affected,

Accepted horizon into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/horizon/2012.2.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Adam, or anyone else affected,

Accepted glance into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/glance/2012.2.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Adam, or anyone else affected,

Accepted cinder into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/cinder/2012.2.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Note, nova will need to be rebased for the security fix for bug #1177830. I'm working on updates now.

Keystone will also need to be rebased for the security fix for bug #1166670. I'm working on updates now.

Confirming that Nova and Keystone have been rebased on a security update, and accepted into quantal-proposed.

Thanks.

Nova has been re-based once again to 2012.2.4-0ubuntu3, and accepted into quantal-proposed.

Hello Adam, or anyone else affected,

Accepted keystone into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/keystone/2012.2.4-0ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, the OpenStack components have been deployed and configured across multiple nodes using quantal-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

These proposed packages were deployed and tested in several different configurations. Attached are tarballs with various test logs from each configuration. In addition to the base components, variables in deployments include:

quantal_folsom.tar: nova-network (FlatDHCP), glance (Ceph backend), cinder (Ceph backend),
quantal_folsom_nova-volume.tar: nova-network (FlatDHCP), glance (local file), nova-volume (iSCSI backend)
quantal_folsom_quantum.tar: quantum (OVS plugin), glance (Ceph backend), nova-volume (Ceph backend)

Please note the versions_tested file in each tarball, which contains details about relevant package versions installed and tested.

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Test coverage log.

Test coverage log.

Test coverage log.

This bug was fixed in the package keystone - 2012.2.4-0ubuntu3

---------------
keystone (2012.2.4-0ubuntu3) quantal-proposed; urgency=low

  * debian/patches/update_certs.patch: Fix FTBFS. Original SSL certs
    for test suite expired May 18 2013. Cherry-picked regenerated certs
    from stable/folsom commit c14f2789.

keystone (2012.2.4-0ubuntu2) quantal-proposed; urgency=low

  * Rebase on latest security fixes.
  * SECURITY UPDATE: delete user token immediately upon delete when using v2
    API
    - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
      token_api.delete_token() during delete. Also update test suite.
    - CVE-2013-2059
    - LP: #1166670

keystone (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1865.patch: [255b1d4]
    - debian/patches/CVE-2013-0282.patch: [f0b4d30]
    - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
  * Resynchronize with stable/folsom (09f28020) (LP: #1179707):
    - [5ea4fcf] V2 API reported at Beta LP: 1135230
    - [1889299] PKI-signed token hash saved as token ID for SQL backend only
      LP: 1073272
    - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
      LP: 1073343
    - [b3ce6a7] Use the right subprocess based on os monkeypatch
    - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
    - [9e0a97d] Temporary network outage results in connection refused and
      invalid token LP: 1150299
    - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
    - [8690166] PKI tokens are broken after 24 hours LP: 1074172
    - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
    - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
      LP: 1121494
    - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
 -- James Page <email address hidden> Wed, 29 May 2013 20:59:34 +0100

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package nova - 2012.2.4-0ubuntu3

---------------
nova (2012.2.4-0ubuntu3) quantal-proposed; urgency=low

  * Rebase again with latest security update, which fixes regression
    introduced with original fix for CVE-2013-2096:
    - Regression fix. Nova fails to launch non-cached images (LP: #1183606)
       * debian/patches/lp1183606.patch: call prepare_template() before
         performing QCOW2 image size check

nova (2012.2.4-0ubuntu2) quantal-proposed; urgency=low

  * Rebase with latest security updates.
  * SECURITY UPDATE: verify virtual size of QCOW2 images
    - CVE-2013-2096.patch: update nova/virt/libvirt/imagebackend.py to
      check QCOW2 image size during root disk creation
    - CVE-2013-2096

nova (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1838.patch: [9561484]
    - debian/patches/CVE-2013-0335.patch: [05a3374]
    - debian/patches/CVE-2013-1664.patch: [2ae74f8]
  * Resynchronize with stable/folsom (9ecd965e) (LP: #1179707):
    - [975a312] Creating network failed with message handling via REST API
      LP: 1143584
    - [056a7df] live-migration to an invalid host should exist gracefully.
      Currently, it throws a stack trace LP: 1159755
    - [8f8ef21] Add a format_message method to the Exceptions
    - [2dd8f3e] Quantum Hybrid OVS driver does not set STP values correctly
      LP: 1129055
    - [c4c417e] Fixed IPs quota can break upgrades LP: 1161190
    - [c85683e] A default /24 netmask is used by dnsmasq instead of the
      configured netmasks (in netmasks table) LP: 1154929
    - [50dece6] Support external gateways in VLAN mode LP: 1012443
    - [524a5a3] Expected exception on volume attach leaves traceback in the
      logs. LP: 1155315
    - [67eb495] ec2 id mapping can be incorrect during attach volume LP: 1145490
    - [69ba489] PowerVM driver spawn failed due to missing attribute
      supported_instances LP: 1155498
    - [28aacf6] Log statement improperly output in nova-manage LP: 1018431
    - [53626bf] fixed_ips cannot reliably be released on instance termination
      LP: 1103260
    - [f8c5492] libvirt driver connection validation causes unnecessary process
      execution with libvirt/qemu LP: 1100446
    - [5b43cef] comparing datetime to None in update-time handling LP: 1096719
    - [549879d] Quantum: DHCP request fails with IptablesFirewallDriver and
      default rule as DISCARD LP: 1131223
    - [46d2060] soft_reboot followed by hard_reboot can lead to double reboot
      LP: 1046356
    - [cdc2386] libvirt: nova should enable apic setting for xen or kvm guest
      LP: 1086352
    - [9561484] DOS by allocating all fixed ips LP: 1125468
    - [d6b9d33] Affinity filter checks erroneously includes deleted instances
      LP: 1107156
    - [cb843f7] Instance is sometimes shutdown without any operation and report
      the message "Instance shutdown by itself. Calling the stop API"
      LP: 1085771
    - [05a3374] VNC proxy can be made to connect to wrong VM LP: 1125378
    - [889e9c0] nova leaves stale .part files on disk when downloading non raw
      VM images LP: 1125068
    - [2029427] Instanc...

This bug was fixed in the package horizon - 2012.2.4-0ubuntu1

---------------
horizon (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Resynchronize with stable/folsom (525fab26) (LP: #1179707):
    - [c6d6557] Flavors get deleted when reusing an existing name LP: 1133254
    - [6e1d069] Subnet creation (Quantum) defaults to mask /32 LP: 1102504
    - [c157d95] ugettext should be replaced with ugettext_lazy LP: 1124276
    - [e4dcfc3] (Folsom) Better error message when network creation fails
      LP: 1152619
    - [19b19c0] It's too easy to forget to select a keypair when launching an
      instance LP: 1125124
    - [1315b72] Dashboard usability issue with the VNC console. The console
      looks bad - Can't see the console screen properly LP: 1050316
    - [765bd98] Flavor creation falls due to duplicate flavorid LP: 1116913
    - [7d03505] flavor create fails without describing error LP: 1079155
    - [32bdf9b] Folsom unit tests failing with
      UnknownMethodCallError('auth_token') LP: 1161901
    - [1d3ecfc] Needs to accept UUID as ID of Floating IP LP: 1052561
    - [abe2f61] More heplful error message for the default role LP: 1108063
    - [8ece3c7] pin django to 1.4.x stream
    - [aa369b0] Timezones in user settings should indicate the UTC offset
      LP: 1103003
    - [1af5e78] Subnet creation (Quantum) defaults to mask /32 LP: 1102504
 -- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:44:24 -0400

This bug was fixed in the package cinder - 2012.2.4-0ubuntu1

---------------
cinder (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1664.patch: [fcf249d]
  * Resynchronize with stable/folsom (7916a2f4) (LP: #1179707):
    - [ec46ee0] NetApp: Folsom driver wrongly allows creation of volumes of
      different size from snapshots LP: 1164473
    - [00e8049] Cannot delete snapshot in "error" state LP: 1143661
    - [ce516f6] fanout_cast_to_server in kombu calls wrong method LP: 1074113
    - [cdb72ee] Enable direct testing with nosetests
    - [e63fa95] Netapp: delete_volume leaves qtree behind LP: 1099414
    - [8e702a1] NetApp: Can't delete a volume in error state LP: 1090167
    - [2e7f717] Don't have permission to delete a volume in error state
      LP: 1084273
    - [ad2dddd] Volume can't be deleted if tgt has had a reconnect. LP: 1159948
    - [db0595a] [SRU] There is now a dependency on paramiko v1.8.0
      (LP: #1150720)
    - [a616001] Only use iscsi_helper config option if using ISCSIDriver
    - [cbad3e3] Can not create volume snapshot when using NfsDriver LP: 1097266
    - [95c9f6f] Volume type extra specs update with empty body returns HTTP
      status 422 LP: 1090320
    - [aeece14] ISCSITargetRemoveFailed: Failed to remove iscsi target
      LP: 1101071
    - [fcf249d] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
  * debian/patches/remove_paramiko_req_vers.patch: Remove version bump on
    paramiko requirement that was backported to stable/folsom.
 -- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:29:58 -0400

This bug was fixed in the package glance - 2012.2.4-0ubuntu1

---------------
glance (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  [ Adam Gandelman ]
  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1840.patch: [dd849a9]
  * Resynchronize with stable/folsom (dbd3d3d7) (LP: #1179707):
    - [cfaa2d8] repeated deletion on image member does not result in 404
      LP: 1157427
    - [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
      configured LP: 1157765
    - [dd849a9] v1 api returns location as header for cached images LP: 1135541
    - [04f88c8] 500 error returned when an Admin tries to delete membership of
      image from a non-existent /invalid tenant LP: 1060868
    - [5597697] Fragile Test:
      glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
      LP: 1107768
    - [5183360] filesystem store does not clean up after premature termination
      of image upload LP: 1104924
    - [03dc862] mismatched image size or checksum leaves behind dangling image
      data LP: 1122299
    - [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
      for internal usage LP: 1129445
    - [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
      and 'last modified' fields in human-readable format' LP: 1102334
    - [ee13560] Fix broken JSON schemas in v2 tests

  [ Chuck Short ]
  * debian/patches/disable-swift-tests.patch: Refreshed.
 -- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:39:57 -0400

This bug was fixed in the package quantum - 2012.2.4-0ubuntu1

---------------
quantum (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Resynchronize with stable/folsom (96680c96) (LP: #1179707):
    - [527b5ec] Folsom NEC plugin fails to create a network/port on some version
      of PFC due to too long string LP: 1166077
    - [346aae3] Folsom NEC plugin: Cannot create a tenant on some version of
      OpenFlow controller LP: 1166076
    - [a31069a] Network cannot be created in NEC plugin when OFC network ID is
      unique inside a tenant LP: 1127664
    - [a109f7e] Folsom l3 agent unable to connect to quantum service LP: 1157090
    - [913586b] MyISAM does not perform cascading deletions LP: 1153594
    - [5a2ef81] Openstack quantum, race condition in ip address creation when
      starting 50 VMs on a 5-node cluster LP: 1110807
    - [f94b149] Deleting a subnet that is added to a router leaves behind a port
      that cannot be deleted LP: 1104337
    - [b14824f] Address re-allocation before DHCP lease's expire LP: 1116500
    - [30bb632] file descriptors not closed when executing sub-processes
      LP: 1130735
    - [5d26f41] DHCP agent could take upto a minute to get its IP address
      LP: 1128180
    - [2f32795] dhcp-agent distributes empty domain when dhcp_domain=""
      LP: 1099625
    - [8755cb3] ovs and netns cleanupo utilities do not log LP: 1118517
    - [45baf03] l3_agent destroys all namespaces on init, even if router_id is
      set (LP: #1122206)
 -- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:52:50 -0400

Released in the Ubuntu Cloud Archive:

cinder - 2012.2.4-0ubuntu1~cloud0
glance - 2012.2.4-0ubuntu1~cloud0
horizon - 2012.2.4-0ubuntu1~cloud0
keystone - 2012.2.4-0ubuntu3~cloud0
nova - 2012.2.4-0ubuntu3~cloud0
quantaum - 2012.2.4-0ubuntu1~cloud0