Recommended update for pacemaker
Announcement ID: | SUSE-RU-2018:2585-1 |
---|---|
Rating: | moderate |
References: | |
Affected Products: |
|
An update that has 21 fixes can now be installed.
Description:
This update for pacemaker provides the following fixes:
- alert: Set SNMP_PERSISTENT_DIR directory for the snmp-trap tool.
- attrd: Accept connections only after CIB connection is active.
- attrd: Be consistent about attr/host logging.
- attrd: Broadcast local overrides of sync'ed attributes.
- attrd,crmd: Erase attributes at attrd start-up, not first join.
- attrd: Ensure node name is broadcast at start-up.
- attrd: Make CIB connection function self-contained.
- attrd,stonithd: Make the regular expression parsing more efficient.
- attrd: Synchronize attributes held only on own node.
- attrd,tools: Avoid memory leaks from the use of crm_itoa().
- cib: Broadcasts of cib changes should always pass ACLs check. (bsc#1042054)
- cib: Improve re-sync handling.
- cib: Improve the warning message when legacy diff fails.
- cib,libcrmcommon,lrmd: Improve the handling of IP addresses in messages.
- crmd: Abort transition whenever the quorum is lost.
- crmd: Ack pending operations that were cancelled due to rsc deletion. (bsc#1035822)
- crmd: Allow clearing all stonith fail counts.
- crmd: Assert when an operation can't be created.
- crmd: Write faked failures to CIB whenever possible.
- crmd: Do not assert if the LRM query fails.
- crmd: Fix a core dump if the remote connection does not exist.
- crmd: Avoid DC sending offer to itself twice.
- crmd: Fix a memory leak when the node state is unknown.
- crmd: Fix a use-after-free error when disconnecting from CIB.
- crmd: Be more resilient when checking an LRM command's "from".
- crmd: Change of the log level and addition of uuid.
- crmd: Check for too many stonith failures only when aborting for that reason.
- crmd: Clean up throttle memory on exit.
- crmd: Clear failures only for the requested node.
- crmd: Consider target when checking for stonith failures.
- crmd: DC should update stonith fail count before aborting transition.
- crmd: Do not abandon fencing after a "no devices" failure.
- crmd: Do not abort for v2 diff LRM refresh if actions pending.
- crmd: Fix a problem that was destroying election structure twice.
- crmd: Do not fence old DC if it is shutting down as soon-to-be DC joins.
- crmd: Do not restart transition if no fence devices.
- crmd: Remove size restriction on node state xpath.
- crmd: Forget stonith failures when forgetting node.
- crmd: Hard error if remote start fails due to missing key.
- crmd: Improve lrmd failure handling.
- crmd: Increase severity when fencing did not happen. (bsc#1011240)
- crmd,libcrmcommon,libcluster,tools: Handle PID as string properly.
- crmd,libcrmcommon: Update throttle when CPUs are hot-plugged.
- crmd: Log transition ID when aborting.
- crmd: Match only executed down events.
- crmd: Quorum gain should always cause new transition.
- crmd: Remove I/O load checks.
- crmd: Return rich error codes from get_lrm_resource().
- crmd: Scale all cib operation timeouts.
- crmd: Scale timeouts with the number of remotes too.
- crmd: Skip restart at (not above) stonith-max-attempts.
- crmd: Track stonith fail counts on all nodes.
- crmd: Update cache status for guest node whose host is fenced.
- crmd: Validate CIB diffs better.
- crm_mon: Canonical casing of Content-Type CGI header field.
- crm_mon: Exit child with error if execl should return.
- crm_mon: Make CGI bail out on suspicious arguments.
- crm_mon: Overcome crm_system_name no longer influenced with argv.
- crm_mon: Protect against non-standard or failing asctime.
- crm_resource: Ensure we wait for all messages before exiting.
- crm_resource: Prevent disconnection from crmd during cleanup.
- crm_resource: See what cleanup would have done for a saved configuration.
- cts: Operate pacemaker service on startup to prevent triggering StopWhenUnneeded of corosync service.
- cts: Update corosync fail patterns.
- dbus: Prevent lrmd from hanging on DBus calls. (bsc#1015264)
- doc: Add documentation for new pcmk_delay_base. (bsc#1074039)
- extra: Correct ClusterMon metadata.
- fencing: Do not print event twice with stonith_admin --verbose.
- fencing: Ignore empty 'action' parameter in fence devices.
- fencing: Fix a memory leak in stonith_admin --env.
- iso8601: strftime needs fully populated struct tm. (bsc#1058844)
- libcib: Always use current values when unpacking config.
- libcib: Fix a memory leak in query_node_uuid().
- libcib: Fix a use-after-free when deleting CIB connection.
- libcib: Correctly search for v2 patchset changes.
- libcluster,libcrmcommon: Improve BZ2 error messages.
- libcrmcluster: Improve error checking when updating node name.
- libcrmcommon: Assert if an operation key can't be generated.
- libcrmcommon: Async connection callback must get negative error codes.
- libcrmcommon: Avoid evicting IPC client if messages spike briefly.
- libcrmcommon: Fix a memory leak when the schema transform is not found.
- libcrmcommon: Correctly compare XML comments to prevent crmd from getting into an infinite election loop. (bsc#1024037)
- libcrmcommon: Correctly delete XML comments according to their positions. (bsc#1024037)
- libcrmcommon: Do not delay next flush by more than 5 seconds.
- libcrmcommon: Ensure filename is not NULL before opening it.
- libcrmcommon: Filter attributes with '#' from XML fields.
- libcrmcommon: Fix possible infinite loop in buffer_print.
- libcrmcommon: Handle schema versions properly.
- libcrmcommon,liblrmd,lrmd: Validate PCMK_remote_port.
- libcrmcommon,lrmd: Use meaningful error codes in remote messages and connection callbacks.
- libcrmcommon,pengine,tools: Pass local node name to resource agents.
- libcrmcommon,tools: Improve XML write error handling.
- libcrmservice: Prevent an infinite loop on a bad DBus reply.
- libcrmservice: Fix a memory leak on DBus errors.
- libcrmservice: Follow LSB standard for header block more strictly.
- libcrmservice: List systemd unit files, not only active units.
- libcrmservice,pacemakerd: Improve privilege dropping.
- libcrmservice: Parse LSB long description correctly.
- libcrmservices: Fix an assertion for HB resource with no parameters.
- libfencing,fencing: Properly remap "action" in configuration.
- liblrmd: Add a function to create resource info structure.
- liblrmd: Make sure the operation of a remote resource returns if setup of the key fails. (bsc#1053463)
- libpengine: Do not double score when adding first allowed node.
- libpe_status: Fix precedence of operation in meta-attributes.
- libpe_status: Limit resource type check to primitives.
- libpe_status: Make sure monitors are rescheduled, not reloaded.
- libpe_status: Properly detect when nodes should suicide.
- libpe_status: Recover after failed demote when appropriate.
- libpe_status: Use correct default timeout for probes.
- libpe_status: Validate no-quorum-policy=suicide correctly.
- libservices: Bring DBus code closer to current standards. (bsc#1015264)
- libservices: Dynamically allocate operation key.
- libservices: Ensure completed operations are not on blocked operations list.
- libservices: Ensure recurring actions table is created before using.
- libservices: Handle in-flight case first when cancelling an operation.
- libservices: Prevent use-after-free when freeing an operation.
- libservices: Properly cancel in-flight systemd/upstart op.
- libservices: Properly detect in-flight systemd/upstart ops when kicking.
- libservices: Properly watch writable DBus handles.
- libservices (sync): Ensure no zombie is left behind.
- libservices(sync): Partially prevent killing foreign process.
- libservices: Treat systemd service reloading as OK (bsc#1059187)
- logging: Ensure blackbox gets generated on arithmetic error.
- lrmd: Always use most recent remote proxy.
- lrmd: Don't reject protocol 1.0 clients. (bsc#1009076)
- lrmd: Ensure verbosity options are handled after crm_log_init()
- lrmd: Have pacemaker-remote reap zombies if it is running as pid 1.
- lrmd: Prevent double free after unregistering stonith device for monitoring. (bsc#1035822)
- lrmd: Tweak TLS listener messages.
- mcp: Correct the differences in access permission setting.
- mcp,pacemaker_remote: Order after time-sync.
- pacemaker_remoted: Allow compilation with glib older 2.36.
- pacemaker-remote: Fix pacemaker_remoted shutdown while unmanaged.
- pacemaker_remote: Warn if TLS key can't be read at start-up.
- pacemaker.service: Recommend not to limit tasks (bsc#1028138, bsc#1066710)
- PE: Allow all resources to stop prior to probes completing.
- PE: Assume resources on remote nodes do not need to be restarted until absolutely necessary.
- PE: Bare metal remotes can run resources now and must be probed.
- PE: Correctly compare a pointer with NULL instead of FALSE.
- PE: Correctly implement pe_order_implies_first_printed.
- PE: Detailed resource information should include connection resource state.
- PE: Do not re-add a node's default score for each location constraint.
- PE: Ensure remote nodes are fenced when the connection cannot be recovered.
- PE: Ensure stop operations occur after stopped remote connections have been brought up.
- PE: Ensure unrecoverable remote nodes are fenced even if no resources can run on them.
- PE: Exclude resources and nodes from the symmetric_default constraint in some circumstances.
- PE: Fence unrecoverable remote nodes with no resources.
- PE: Flag resources that are acting as remote nodes.
- PE: Ignore optional unfencing events and report the fencing type.
- PE: Improved fencing logging.
- PE: Improved logging of reasons for stop/restart actions.
- PE: Improve logging of node fencing and shutdown.
- PE: Only allowed nodes need to be considered when ordering resource startup after all recovery.
- PE: Only retrigger unfencing on nodes that ran operations with the old parameters.
- PE: Partially restore 62ed004 to ensure remote connections are available before attempting resource recovery.
- PE: Preferred nodes are only accepted if their scores are equal to the otherwise best candidate.
- PE: Remote connection resources are safe to require only quorum.
- PE: Resources are allowed to stop before their state is known everywhere.
- PE: Restore the ability to send the transition graph via disk if it gets too big.
- PE: Unfencing: Correctly detect changes to device definitions.
- pengine: Avoid fence loop for remote nodes.
- pengine: Avoid use-of-NULL when unpacking tickets.
- pengine: Consider guest node unclean if its host is unclean.
- pengine: Create a pseudo-fence for guest node recovery.
- pengine: Detect proper clone name at startup.
- pengine: Do not ignore permanent master scores at startup.
- pengine: Do not keep unique instances on same node.
- pengine: Do not schedule reload and restart in same transition.
- pengine: Guest node fencing doesn't require stonith enabled.
- pengine: Handle resource migrating behind a migrating remote connection.
- pengine: Have guest-node connection-resources probed.
- pengine: If ignoring failure, also ignore migration-threshold.
- pengine: Improve detection of invalid constraints.
- pengine: Improve messages when assigning resources to nodes.
- pengine,libpengine: Avoid potential use of NULL variables.
- pengine,libpe_status: Don't clear same fail-count twice.
- pengine,libpe_status: Make failcount clearing messages more helpful.
- pengine,libpe_status: Revisit fencing messages.
- pengine: Make checks a little safer.
- pengine: Make sure calculated resource scores are consistent on different architectures (bsc#1054389)
- pengine: Fix a memory leak when writing graph to file.
- pengine: Re-enable unrecoverable remote fencing.
- pengine: Reset loss-policy from fence to stop if no fencing.
- pengine,tools,libpe_status: Avoid unnecessary use of pe_find_current.
- pengine: Use unique ids for meta-attributes of guest-connection.
- pengine: Unmanaged guest-container puts guest in maintenance.
- pengine: Use newer Pacemaker Remote terminology.
- pengine: Validate more function arguments.
- RA: ClusterMon - Correctly handle "update" parameter.
- RA: NodeUtilization - Use xl if available. (bsc#1015842)
- remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)
- rng: Create resources-2.7.rng to update template class validation.
- spec: Add gcc to BuildRequires.
- spec: cts brings an RA that needs python-systemd.
- spec: Make sure shadow package is installed before adding user and group.
- spec: Prevent overwriting existing sysconfig files by conditionally running %fillup_only. (bsc#1022807, bsc#980341)
- stonith: Check for missing params in new device and dup.
- stonith-ng: Add pcmk_delay_base as static base-delay. (bsc#1074039)
- stonith-ng: Advertise pcmk_on_action via metadata.
- stonith-ng: Avoid double-free of pending-ops in free_device.
- stonith-ng: Make fencing-device reappear properly after re-enabling.
- stonith-ng: Trigger on constraints added to cib. (bsc#1042374)
- systemd: Add TasksMax comment to pacemaker_remote unit. (bsc#1028138, bsc#1066710)
- systemd unit files: Add dependency on resource-agents-deps.
- systemd unit files: Enable TasksMax=infinity. (bsc#1028138, bsc#1066710)
- systemd unit files: Restore DBus dependency.
- TE: Don't bump counters when action or synapse is invalid.
- tools: Add version options for cibsecret.
- tools: Allow crm_resource to be called without arguments.
- Tools: allow crm_resource to operate on anonymous clones in unknown states.
- tools: Do not fail if already at the latest schema for cibadmin --upgrade.
- tools: Avoid using deprecated options.
- tools: Check sscanf return value when parsing failed op list.
- tools: crm_attribute should prefer node name from environment.
- tools: crm_resource should free result if re-running function returns one.
- tools: crm_resource should set OCF_RESKEY_crm_feature_set.
- tools: Don't expect reply to failed send.
- tools: Ensure crm_resource data set is initialized.
- tools: Ensure crm_resource works if no command is specified.
- tools: Implement clean-up dry-run correctly.
- tools: Implement crm_failcount command-line options correctly.
- tools: Improve crm_master and crm_standby option handling.
- tools: Improve crm_resource help. (bsc#950128)
- tools: Properly ignore version with crm_diff --no-version. (bsc#888726)
- tools: Re-enable crm_resource --lifetime option. (bsc#950128)
- tools: Set meta_timeout env when crm_resource --force-* executes RA.
- tools: Set the correct OCF_RESOURCE_INSTANCE env when crm_resource --force-* executes RA.
- tools: Support crm_failcount -q as advertised.
- tools: Warn if crm_resource --wait called in mixed-version cluster.
- Prevent notify actions from causing --wait to hang.
- Fix log showing the node status so that it is easily distinguishable from other logs.
- Improve recovery when demote fails with OCF_NOT_RUNNING.
- Install /etc/pacemaker directory for storing authkey file. (bsc#1082883)
- Replace references to /var/adm/fillup-templates with new %_fillupdir macro. (bsc#1069468)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise High Availability Extension 12 SP2
zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1820=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1820=1
Package List:
-
SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
- libpacemaker3-debuginfo-1.1.15-23.3.2
- pacemaker-1.1.15-23.3.2
- pacemaker-remote-debuginfo-1.1.15-23.3.2
- pacemaker-cli-debuginfo-1.1.15-23.3.2
- pacemaker-cts-1.1.15-23.3.2
- pacemaker-debuginfo-1.1.15-23.3.2
- pacemaker-remote-1.1.15-23.3.2
- libpacemaker3-1.1.15-23.3.2
- pacemaker-cts-debuginfo-1.1.15-23.3.2
- pacemaker-debugsource-1.1.15-23.3.2
- pacemaker-cli-1.1.15-23.3.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- libpacemaker3-debuginfo-1.1.15-23.3.2
- pacemaker-1.1.15-23.3.2
- pacemaker-remote-debuginfo-1.1.15-23.3.2
- pacemaker-cli-debuginfo-1.1.15-23.3.2
- pacemaker-cts-1.1.15-23.3.2
- pacemaker-debuginfo-1.1.15-23.3.2
- pacemaker-remote-1.1.15-23.3.2
- libpacemaker3-1.1.15-23.3.2
- pacemaker-cts-debuginfo-1.1.15-23.3.2
- pacemaker-debugsource-1.1.15-23.3.2
- pacemaker-cli-1.1.15-23.3.2
References:
- https://bugzilla.suse.com/show_bug.cgi?id=1009076
- https://bugzilla.suse.com/show_bug.cgi?id=1011240
- https://bugzilla.suse.com/show_bug.cgi?id=1015264
- https://bugzilla.suse.com/show_bug.cgi?id=1015842
- https://bugzilla.suse.com/show_bug.cgi?id=1022807
- https://bugzilla.suse.com/show_bug.cgi?id=1024037
- https://bugzilla.suse.com/show_bug.cgi?id=1028138
- https://bugzilla.suse.com/show_bug.cgi?id=1035822
- https://bugzilla.suse.com/show_bug.cgi?id=1042054
- https://bugzilla.suse.com/show_bug.cgi?id=1042374
- https://bugzilla.suse.com/show_bug.cgi?id=1053463
- https://bugzilla.suse.com/show_bug.cgi?id=1054389
- https://bugzilla.suse.com/show_bug.cgi?id=1058844
- https://bugzilla.suse.com/show_bug.cgi?id=1059187
- https://bugzilla.suse.com/show_bug.cgi?id=1066710
- https://bugzilla.suse.com/show_bug.cgi?id=1069468
- https://bugzilla.suse.com/show_bug.cgi?id=1074039
- https://bugzilla.suse.com/show_bug.cgi?id=1082883
- https://bugzilla.suse.com/show_bug.cgi?id=888726
- https://bugzilla.suse.com/show_bug.cgi?id=950128
- https://bugzilla.suse.com/show_bug.cgi?id=980341