Recommended update for pacemaker

Announcement ID: SUSE-RU-2018:2748-1
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Software Development Kit 12 SP3

An update that has 17 fixes can now be installed.

Description:

This update for pacemaker provides the following fixes:

  • attrd: Accept connections only after CIB connection is active.
  • attrd,crmd: Erase attributes at attrd start-up, not first join.
  • attrd: Ensure node name is broadcast at start-up.
  • attrd: Make CIB connection function self-contained.
  • attrd,stonithd: More efficient regular expression parsing.
  • attrd: Synchronize attributes held only on own node.
  • attrd,tools: Avoid memory leaks from use of crm_itoa().
  • cib: Broadcasts of cib changes should always pass ACLs check. (bsc#1042054)
  • crmd: Abort transition whenever the quorum is lost.
  • crmd: Ack pending operations that were cancelled due to rsc deletion. (bsc#1035822)
  • crmd: Assert when operation can't be created.
  • crmd: Write faked failures to CIB whenever possible.
  • crmd: Do not assert if LRM query fails.
  • crmd: Do not core dump if remote connection does not exist.
  • crmd: DC should update stonith fail count before aborting transition.
  • crmd: Do not abort for v2 diff LRM refresh if actions are pending.
  • crmd: Eliminate size restriction on node state xpath.
  • crmd: Hard error if remote start fails due to missing key.
  • crmd: Improve lrmd failure handling.
  • crmd,libcrmcommon,libcluster,tools: Handle PID as string properly.
  • crmd,liblrmd,libcrmcommon: Improve remote node disconnection logs.
  • crmd: Match only executed down events.
  • crmd: Quorum gain should always cause new transition.
  • crmd: Return rich error codes from get_lrm_resource().
  • crmd: Scale all cib operation timeouts.
  • crmd: Scale timeouts with the number of remotes too.
  • crmd: Validate CIB diffs better.
  • crm_mon: Make CGI bail out on suspicious arguments.
  • crm_mon: Overcome crm_system_name no longer influenced with argv.
  • crm_resource: Ensure waiting for all messages before exiting.
  • crm_resource: Prevent disconnection from crmd during cleanup.
  • cts: Adjust pacemaker service on startup to prevent triggering StopWhenUnneeded of corosync service.
  • Doc: Add documentation for new pcmk_delay_base. (bsc#1074039)
  • extra: Correct ClusterMon metadata.
  • fencing: Do not print events twice when stonith_admin --verbose is used.
  • fencing: Fix a memory leak in stonith_admin --env.
  • iso8601: strftime needs a fully populated struct tm. (bsc#1058844)
  • libcib: Always use current values when unpacking config.
  • libcib: Correctly search for v2 patchset changes.
  • libcib: Ensure xpath result is not empty.
  • libcib: Get remoteness correctly from node status.
  • libcluster,libcrmcommon: Improve BZ2 error messages.
  • libcrmcluster: Improve error checking when updating node name.
  • libcrmcluster: Use crm_strdup_printf() instead of calloc().
  • libcrmcommon: Make sure async connection callback uses negative error codes.
  • libcrmcommon: Avoid memory leak when the schema transform is not found.
  • libcrmcommon: Fix a possible infinite loop in buffer_print.
  • libcrmcommon: Handle schema versions properly.
  • libcrmcommon: Improve user lookup messages.
  • libcrmcommon,liblrmd: Improve remote connection messages.
  • libcrmcommon,liblrmd,lrmd: Improve messages for failed remote sends.
  • libcrmcommon,liblrmd,lrmd: Validate PCMK_remote_port.
  • libcrmcommon,liblrmd: Report meaningful async connection errors.
  • libcrmcommon: Lower watchdog messages when default.
  • libcrmcommon,lrmd: Use meaningful error codes when sending remote messages.
  • libcrmcommon: Return meaningful error codes to connection callbacks.
  • libcrmcommon,tools: Improve XML write error handling.
  • libcrmservice: Prevent an infinite loop on a bad DBus reply.
  • libcrmservice: Avoid memory leak on DBus error.
  • libcrmservice: Follow LSB standard for header block more strictly.
  • libcrmservice,pacemakerd: Improve privilege dropping.
  • libcrmservice: Parse LSB long description correctly.
  • libcrmservices: Avoid assert for HB resource with no parameters.
  • liblrmd: Make sure the operation of a remote resource returns if the setup of the key fails. (bsc#1053463)
  • libpe_status: Always log startup-fencing value.
  • libpe_status: Fix precedence of operation in meta-attributes.
  • libpe_status: Limit resource type check to primitives.
  • libpe_status: Make sure monitors are rescheduled, not reloaded.
  • libpe_status: Properly detect when nodes should suicide.
  • libpe_status: Recover after failed demote when appropriate.
  • libpe_status: Use correct default timeout for probes.
  • libpe_status: Validate no-quorum-policy=suicide correctly.
  • libservices: Handle systemd service reloading as OK. (bsc#1059187)
  • logging: Ensure blackbox gets generated on arithmetic error.
  • lrmd: Always use most recent remote proxy.
  • lrmd: Do not reject protocol 1.0 clients. (bsc#1009076)
  • lrmd: Prevent double free after unregistering stonith device for monitoring. (bsc#1035822)
  • lrmd: Tweak TLS listener messages.
  • pacemaker_remote: Warn if TLS key can't be read at start-up.
  • pacemaker.service: Recommend not to limit tasks. (bsc#1028138, bsc#1066710)
  • PE: Allow all resources to stop prior to probes completing.
  • PE: Make sure bare metal remotes are probed as now they can run resources.
  • PE: Correctly implement pe_order_implies_first_printed.
  • PE: Detailed resource information should include connection resource state.
  • PE: Do not re-add a node's default score for each location constraint.
  • PE: Ensure stop operations occur after stopped remote connections have been brought up.
  • PE: Ensure unrecoverable remote nodes are fenced even if no resources can run on them.
  • PE: Exclude resources and nodes from the symmetric_default constraint in some circumstances.
  • PE: Flag resources that are acting as remote nodes.
  • PE: Ignore optional unfencing events and report the fencing type.
  • PE: Improved logging of reasons for stop/restart actions.
  • pengine: Avoid fence loop for remote nodes.
  • pengine: Fix a null pointer dereference when unpacking tickets.
  • pengine: Detect proper clone name at startup.
  • pengine: Do not ignore permanent master scores at startup.
  • pengine: Do not keep unique instances on same node.
  • pengine: Schedule reload and restart in separate transition.
  • pengine: Handle resource migrating behind a migrating remote connection.
  • pengine: If ignoring failure, also ignore migration-threshold.
  • pengine: Improve messages when assigning resources to nodes.
  • pengine: Make sure calculated resource scores are consistent on different architectures. (bsc#1054389)
  • pengine: Fix a memory leak when writing graph to file.
  • pengine: Re-enable unrecoverable remote fencing.
  • pengine: Reset loss-policy from fence to stop if no fencing.
  • pengine,tools,libpe_status: Avoid unnecessary use of pe_find_current.
  • pengine: Use newer Pacemaker Remote terminology.
  • pengine: Validate more function arguments.
  • pengine: Fix swapped warning message arguments leading to segfault. (bsc#1090538)
  • PE: Only allowed nodes need to be considered when ordering resource startup after all recovery.
  • PE: Only re-trigger unfencing on nodes that ran operations with the old parameters.
  • PE: Remote connection resources are safe to require only quorum.
  • PE: Resources are allowed to stop before their state is known everywhere.
  • PE: Restore the ability to send the transition graph via the disk if it gets too big.
  • PE: Unfencing: Correctly detect changes to device definitions.
  • portability: The difference of time_t values is given by difftime().
  • RA: ClusterMon: Correctly handle "update" parameter.
  • RA: NodeUtilization RA is now shipped by resource-agents package. (bsc#1070347)
  • remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)
  • spec: Make sure shadow package is installed before adding user and group.
  • spec: Prevent overwriting existing sysconfig files by conditionally running %fillup_only. (bsc#1022807, bsc#980341)
  • stonith-ng: Add pcmk_delay_base as static base-delay. (bsc#1074039)
  • stonith-ng: Advertise pcmk_on_action via metadata.
  • stonith-ng: Avoid double-free of pending-ops in free_device.
  • stonith-ng: Make fencing-device reappear properly after reenabling.
  • systemd: Add TasksMax comment to pacemaker_remote unit. (bsc#1028138, bsc#1066710)
  • systemd unit files: Enable TasksMax=infinity. (bsc#1028138, bsc#1066710)
  • systemd unit files: Restore DBus dependency.
  • TE: Don't bump counters when action or synapse is invalid.
  • tools: Add version options for cibsecret.
  • tools: Allow crm_resource to be called without arguments.
  • tools: allow crm_resource to operate on anonymous clones in unknown states.
  • tools: Do not fail if already at the latest schema in cibadmin --upgrade.
  • tools: Differentiate trace log level for RAs.
  • tools: Do not expect reply to failed send.
  • tools: Ensure the crm_resource data set is initialized.
  • tools: Ensure that crm_resource works if no command is specified.
  • tools: Implement clean-up dry-run correctly.
  • tools: Improve crm_master and crm_standby option handling.
  • tools: Improve crm_resource help. (bsc#950128)
  • tools: Add missing break statement in attrd_updater.
  • tools: Re-enable crm_resource --lifetime option. (bsc#950128)
  • tools: Set meta_timeout env when crm_resource --force-* executes RA.
  • tools: Set the correct OCF_RESOURCE_INSTANCE env when crm_resource --force-* executes RA.
  • tools: Fix a use-after-free error in crm_diff.
  • tools: Warn if crm_resource --wait is called in mixed-version cluster.
  • Prevent notify actions from causing --wait to hang.
  • Install /etc/pacemaker directory for storing authkey file. (bsc#1082883)
  • Replace references to /var/adm/fillup-templates with new %_fillupdir macro. (bsc#1069468)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
    zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1917=1
  • SUSE Linux Enterprise High Availability Extension 12 SP3
    zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1917=1
  • SUSE Linux Enterprise Software Development Kit 12 SP3
    zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1917=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
    • pacemaker-cli-1.1.16-6.5.1
    • pacemaker-cts-debuginfo-1.1.16-6.5.1
    • libpacemaker3-1.1.16-6.5.1
    • pacemaker-remote-debuginfo-1.1.16-6.5.1
    • pacemaker-debuginfo-1.1.16-6.5.1
    • pacemaker-cts-1.1.16-6.5.1
    • pacemaker-cli-debuginfo-1.1.16-6.5.1
    • pacemaker-1.1.16-6.5.1
    • pacemaker-remote-1.1.16-6.5.1
    • libpacemaker3-debuginfo-1.1.16-6.5.1
    • pacemaker-debugsource-1.1.16-6.5.1
  • SUSE Linux Enterprise High Availability Extension 12 SP3 (ppc64le s390x x86_64)
    • pacemaker-cli-1.1.16-6.5.1
    • pacemaker-cts-debuginfo-1.1.16-6.5.1
    • libpacemaker3-1.1.16-6.5.1
    • pacemaker-remote-debuginfo-1.1.16-6.5.1
    • pacemaker-debuginfo-1.1.16-6.5.1
    • pacemaker-cts-1.1.16-6.5.1
    • pacemaker-cli-debuginfo-1.1.16-6.5.1
    • pacemaker-1.1.16-6.5.1
    • pacemaker-remote-1.1.16-6.5.1
    • libpacemaker3-debuginfo-1.1.16-6.5.1
    • pacemaker-debugsource-1.1.16-6.5.1
  • SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
    • libpacemaker-devel-1.1.16-6.5.1
    • pacemaker-cts-debuginfo-1.1.16-6.5.1
    • pacemaker-debuginfo-1.1.16-6.5.1
    • pacemaker-cts-1.1.16-6.5.1
    • pacemaker-debugsource-1.1.16-6.5.1

References: