Bug 1199106

The Compute service has been rebased to version: 2014.1.4 Important fixes and enhancements include: * Security fixes. The websocket proxy of the Compute service console now verify the origin HTTP header to block cross-site attacks. CVE 2013-2255: Local CAs are now verified by default. By default, SSL certificate verifications are disabled. A new attestation_insecure_ssl option was added to enable verification by setting the option to False. * Block device mapping retries are now configurable, with two new configuration options: block_device_allocate_retries (the number of block device mapping retries) and block_device_allocate_retries_interval (the time interval between consecutive retries). * Two new configuration options have been added to control keep-alive and client connection timeout: wsgi_keep_alive option (default=True), client_socket_timeout option (default=0). * Fixed issue with the Compute service not doing Image service server certificate validation. * Fixed instance root-disk size restriction with QCOW2 images. * Fixed the initialization sequence of nova-compute service to handle binding failures of virtual interface. Failures are now logged when nova-compute starts. Before, nova-compute failed to start. * Set a check for minimum disk and RAM when booting from a volume. Previously, the minimum attributes were ignored. * Fixed a multipath iSCSI sessions issue when connecting or disconnecting a volume. * Fixed a race condition in the creation of security groups. * Fixed the resource tracking and now updates the number of instance during delete instance. * Fixed a Compute service evacuate issue with RDB. * Fixed nova-compute start issue after evacuate. * Fixed denial-of-service issue in instance-list IP filter. * Now retry on closing of LUKS-encrypted volume in case device is busy. * Now share OpenStack Networking admin authentication tokens resizing. * Fixed a bug in cell management which prevented the start of the nova-cells service. * Fixed instance cross-AZ check when attaching volumes. * Now ignore errors when deleting non-existing VIFs so that instances are not left in the state of "Error(deleting)".