Spinal Stack I-1.3.0

OpenStack version and supported distros

  • Red Hat Enterprise Linux 7: OSP5 - Icehouse 2014.1.3
  • Debian Wheezy: Icehouse 2014.1.2

Note: this is the last version supporting Icehouse.

New features

Bugs fixed since I.1.2.1

Redhat

  • Fix openstack-ceilometer-central with Pacemaker/Systemd

Debian

  • None

Security fixes

  • Redhat
    • CVE-2014-9322: privilege escalation through #SS segment
    • CVE-2014-9295: ntp remote code execution
    • CVE-2014-3566: nss fixes for POODLE
    • CVE-2014-7821: Neutron DoS through invalid DNS configuration
    • Still vulnerable to
      • CVE-2014-8124: Horizon denial of service attack through login page
      • No CVE yet (OSSA 2014-041): Glance v2 API unrestricted path traversal: fixed in Puppet by changing policy.json by default. It may affect some Glance features.
  • Debian
    • CVE-2014-9295: ntp remote code execution

Components in this release

  • edeploy-roles-I.1.3.0.tar.gz source code of the eDeploy roles built in this release.
  • install-server-D7-I.1.3.0.edeploy binary eDeploy role for the installation server (puppet master, logging server, monitoring server, edeploy server, dnsmasq, serverspec).
  • openstack-full-{D7;RH7.0}-I.1.3.0.edeploy binaries eDeploy roles for OpenStack and Ceph nodes.
  • puppet-openstack-cloud-I.1.3.0.tgz puppet modules used to configure the OpenStack and Ceph nodes.
  • serverspec-I.1.3.0.tgz serverspec tests to validate deployments.

All the sources have been tagged with the tag I.1.3.0 in their respective repositories. Upgrade is supported from I.1.2.0 or I.1.2.1 to I.1.3.0 on Debian and Red Hat systems.

Documentation can be found on http://spinalstack.enovance.com/en/latest/, fixes are welcome at https://github.com/enovance/spinalstack-doc