Recommended update for pacemaker

Announcement ID: SUSE-RU-2018:2585-1
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2

An update that has 21 fixes can now be installed.

Description:

This update for pacemaker provides the following fixes:

  • alert: Set SNMP_PERSISTENT_DIR directory for the snmp-trap tool.
  • attrd: Accept connections only after CIB connection is active.
  • attrd: Be consistent about attr/host logging.
  • attrd: Broadcast local overrides of sync'ed attributes.
  • attrd,crmd: Erase attributes at attrd start-up, not first join.
  • attrd: Ensure node name is broadcast at start-up.
  • attrd: Make CIB connection function self-contained.
  • attrd,stonithd: Make the regular expression parsing more efficient.
  • attrd: Synchronize attributes held only on own node.
  • attrd,tools: Avoid memory leaks from the use of crm_itoa().
  • cib: Broadcasts of cib changes should always pass ACLs check. (bsc#1042054)
  • cib: Improve re-sync handling.
  • cib: Improve the warning message when legacy diff fails.
  • cib,libcrmcommon,lrmd: Improve the handling of IP addresses in messages.
  • crmd: Abort transition whenever the quorum is lost.
  • crmd: Ack pending operations that were cancelled due to rsc deletion. (bsc#1035822)
  • crmd: Allow clearing all stonith fail counts.
  • crmd: Assert when an operation can't be created.
  • crmd: Write faked failures to CIB whenever possible.
  • crmd: Do not assert if the LRM query fails.
  • crmd: Fix a core dump if the remote connection does not exist.
  • crmd: Avoid DC sending offer to itself twice.
  • crmd: Fix a memory leak when the node state is unknown.
  • crmd: Fix a use-after-free error when disconnecting from CIB.
  • crmd: Be more resilient when checking an LRM command's "from".
  • crmd: Change of the log level and addition of uuid.
  • crmd: Check for too many stonith failures only when aborting for that reason.
  • crmd: Clean up throttle memory on exit.
  • crmd: Clear failures only for the requested node.
  • crmd: Consider target when checking for stonith failures.
  • crmd: DC should update stonith fail count before aborting transition.
  • crmd: Do not abandon fencing after a "no devices" failure.
  • crmd: Do not abort for v2 diff LRM refresh if actions pending.
  • crmd: Fix a problem that was destroying election structure twice.
  • crmd: Do not fence old DC if it is shutting down as soon-to-be DC joins.
  • crmd: Do not restart transition if no fence devices.
  • crmd: Remove size restriction on node state xpath.
  • crmd: Forget stonith failures when forgetting node.
  • crmd: Hard error if remote start fails due to missing key.
  • crmd: Improve lrmd failure handling.
  • crmd: Increase severity when fencing did not happen. (bsc#1011240)
  • crmd,libcrmcommon,libcluster,tools: Handle PID as string properly.
  • crmd,libcrmcommon: Update throttle when CPUs are hot-plugged.
  • crmd: Log transition ID when aborting.
  • crmd: Match only executed down events.
  • crmd: Quorum gain should always cause new transition.
  • crmd: Remove I/O load checks.
  • crmd: Return rich error codes from get_lrm_resource().
  • crmd: Scale all cib operation timeouts.
  • crmd: Scale timeouts with the number of remotes too.
  • crmd: Skip restart at (not above) stonith-max-attempts.
  • crmd: Track stonith fail counts on all nodes.
  • crmd: Update cache status for guest node whose host is fenced.
  • crmd: Validate CIB diffs better.
  • crm_mon: Canonical casing of Content-Type CGI header field.
  • crm_mon: Exit child with error if execl should return.
  • crm_mon: Make CGI bail out on suspicious arguments.
  • crm_mon: Overcome crm_system_name no longer influenced with argv.
  • crm_mon: Protect against non-standard or failing asctime.
  • crm_resource: Ensure we wait for all messages before exiting.
  • crm_resource: Prevent disconnection from crmd during cleanup.
  • crm_resource: See what cleanup would have done for a saved configuration.
  • cts: Operate pacemaker service on startup to prevent triggering StopWhenUnneeded of corosync service.
  • cts: Update corosync fail patterns.
  • dbus: Prevent lrmd from hanging on DBus calls. (bsc#1015264)
  • doc: Add documentation for new pcmk_delay_base. (bsc#1074039)
  • extra: Correct ClusterMon metadata.
  • fencing: Do not print event twice with stonith_admin --verbose.
  • fencing: Ignore empty 'action' parameter in fence devices.
  • fencing: Fix a memory leak in stonith_admin --env.
  • iso8601: strftime needs fully populated struct tm. (bsc#1058844)
  • libcib: Always use current values when unpacking config.
  • libcib: Fix a memory leak in query_node_uuid().
  • libcib: Fix a use-after-free when deleting CIB connection.
  • libcib: Correctly search for v2 patchset changes.
  • libcluster,libcrmcommon: Improve BZ2 error messages.
  • libcrmcluster: Improve error checking when updating node name.
  • libcrmcommon: Assert if an operation key can't be generated.
  • libcrmcommon: Async connection callback must get negative error codes.
  • libcrmcommon: Avoid evicting IPC client if messages spike briefly.
  • libcrmcommon: Fix a memory leak when the schema transform is not found.
  • libcrmcommon: Correctly compare XML comments to prevent crmd from getting into an infinite election loop. (bsc#1024037)
  • libcrmcommon: Correctly delete XML comments according to their positions. (bsc#1024037)
  • libcrmcommon: Do not delay next flush by more than 5 seconds.
  • libcrmcommon: Ensure filename is not NULL before opening it.
  • libcrmcommon: Filter attributes with '#' from XML fields.
  • libcrmcommon: Fix possible infinite loop in buffer_print.
  • libcrmcommon: Handle schema versions properly.
  • libcrmcommon,liblrmd,lrmd: Validate PCMK_remote_port.
  • libcrmcommon,lrmd: Use meaningful error codes in remote messages and connection callbacks.
  • libcrmcommon,pengine,tools: Pass local node name to resource agents.
  • libcrmcommon,tools: Improve XML write error handling.
  • libcrmservice: Prevent an infinite loop on a bad DBus reply.
  • libcrmservice: Fix a memory leak on DBus errors.
  • libcrmservice: Follow LSB standard for header block more strictly.
  • libcrmservice: List systemd unit files, not only active units.
  • libcrmservice,pacemakerd: Improve privilege dropping.
  • libcrmservice: Parse LSB long description correctly.
  • libcrmservices: Fix an assertion for HB resource with no parameters.
  • libfencing,fencing: Properly remap "action" in configuration.
  • liblrmd: Add a function to create resource info structure.
  • liblrmd: Make sure the operation of a remote resource returns if setup of the key fails. (bsc#1053463)
  • libpengine: Do not double score when adding first allowed node.
  • libpe_status: Fix precedence of operation in meta-attributes.
  • libpe_status: Limit resource type check to primitives.
  • libpe_status: Make sure monitors are rescheduled, not reloaded.
  • libpe_status: Properly detect when nodes should suicide.
  • libpe_status: Recover after failed demote when appropriate.
  • libpe_status: Use correct default timeout for probes.
  • libpe_status: Validate no-quorum-policy=suicide correctly.
  • libservices: Bring DBus code closer to current standards. (bsc#1015264)
  • libservices: Dynamically allocate operation key.
  • libservices: Ensure completed operations are not on blocked operations list.
  • libservices: Ensure recurring actions table is created before using.
  • libservices: Handle in-flight case first when cancelling an operation.
  • libservices: Prevent use-after-free when freeing an operation.
  • libservices: Properly cancel in-flight systemd/upstart op.
  • libservices: Properly detect in-flight systemd/upstart ops when kicking.
  • libservices: Properly watch writable DBus handles.
  • libservices (sync): Ensure no zombie is left behind.
  • libservices(sync): Partially prevent killing foreign process.
  • libservices: Treat systemd service reloading as OK (bsc#1059187)
  • logging: Ensure blackbox gets generated on arithmetic error.
  • lrmd: Always use most recent remote proxy.
  • lrmd: Don't reject protocol 1.0 clients. (bsc#1009076)
  • lrmd: Ensure verbosity options are handled after crm_log_init()
  • lrmd: Have pacemaker-remote reap zombies if it is running as pid 1.
  • lrmd: Prevent double free after unregistering stonith device for monitoring. (bsc#1035822)
  • lrmd: Tweak TLS listener messages.
  • mcp: Correct the differences in access permission setting.
  • mcp,pacemaker_remote: Order after time-sync.
  • pacemaker_remoted: Allow compilation with glib older 2.36.
  • pacemaker-remote: Fix pacemaker_remoted shutdown while unmanaged.
  • pacemaker_remote: Warn if TLS key can't be read at start-up.
  • pacemaker.service: Recommend not to limit tasks (bsc#1028138, bsc#1066710)
  • PE: Allow all resources to stop prior to probes completing.
  • PE: Assume resources on remote nodes do not need to be restarted until absolutely necessary.
  • PE: Bare metal remotes can run resources now and must be probed.
  • PE: Correctly compare a pointer with NULL instead of FALSE.
  • PE: Correctly implement pe_order_implies_first_printed.
  • PE: Detailed resource information should include connection resource state.
  • PE: Do not re-add a node's default score for each location constraint.
  • PE: Ensure remote nodes are fenced when the connection cannot be recovered.
  • PE: Ensure stop operations occur after stopped remote connections have been brought up.
  • PE: Ensure unrecoverable remote nodes are fenced even if no resources can run on them.
  • PE: Exclude resources and nodes from the symmetric_default constraint in some circumstances.
  • PE: Fence unrecoverable remote nodes with no resources.
  • PE: Flag resources that are acting as remote nodes.
  • PE: Ignore optional unfencing events and report the fencing type.
  • PE: Improved fencing logging.
  • PE: Improved logging of reasons for stop/restart actions.
  • PE: Improve logging of node fencing and shutdown.
  • PE: Only allowed nodes need to be considered when ordering resource startup after all recovery.
  • PE: Only retrigger unfencing on nodes that ran operations with the old parameters.
  • PE: Partially restore 62ed004 to ensure remote connections are available before attempting resource recovery.
  • PE: Preferred nodes are only accepted if their scores are equal to the otherwise best candidate.
  • PE: Remote connection resources are safe to require only quorum.
  • PE: Resources are allowed to stop before their state is known everywhere.
  • PE: Restore the ability to send the transition graph via disk if it gets too big.
  • PE: Unfencing: Correctly detect changes to device definitions.
  • pengine: Avoid fence loop for remote nodes.
  • pengine: Avoid use-of-NULL when unpacking tickets.
  • pengine: Consider guest node unclean if its host is unclean.
  • pengine: Create a pseudo-fence for guest node recovery.
  • pengine: Detect proper clone name at startup.
  • pengine: Do not ignore permanent master scores at startup.
  • pengine: Do not keep unique instances on same node.
  • pengine: Do not schedule reload and restart in same transition.
  • pengine: Guest node fencing doesn't require stonith enabled.
  • pengine: Handle resource migrating behind a migrating remote connection.
  • pengine: Have guest-node connection-resources probed.
  • pengine: If ignoring failure, also ignore migration-threshold.
  • pengine: Improve detection of invalid constraints.
  • pengine: Improve messages when assigning resources to nodes.
  • pengine,libpengine: Avoid potential use of NULL variables.
  • pengine,libpe_status: Don't clear same fail-count twice.
  • pengine,libpe_status: Make failcount clearing messages more helpful.
  • pengine,libpe_status: Revisit fencing messages.
  • pengine: Make checks a little safer.
  • pengine: Make sure calculated resource scores are consistent on different architectures (bsc#1054389)
  • pengine: Fix a memory leak when writing graph to file.
  • pengine: Re-enable unrecoverable remote fencing.
  • pengine: Reset loss-policy from fence to stop if no fencing.
  • pengine,tools,libpe_status: Avoid unnecessary use of pe_find_current.
  • pengine: Use unique ids for meta-attributes of guest-connection.
  • pengine: Unmanaged guest-container puts guest in maintenance.
  • pengine: Use newer Pacemaker Remote terminology.
  • pengine: Validate more function arguments.
  • RA: ClusterMon - Correctly handle "update" parameter.
  • RA: NodeUtilization - Use xl if available. (bsc#1015842)
  • remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)
  • rng: Create resources-2.7.rng to update template class validation.
  • spec: Add gcc to BuildRequires.
  • spec: cts brings an RA that needs python-systemd.
  • spec: Make sure shadow package is installed before adding user and group.
  • spec: Prevent overwriting existing sysconfig files by conditionally running %fillup_only. (bsc#1022807, bsc#980341)
  • stonith: Check for missing params in new device and dup.
  • stonith-ng: Add pcmk_delay_base as static base-delay. (bsc#1074039)
  • stonith-ng: Advertise pcmk_on_action via metadata.
  • stonith-ng: Avoid double-free of pending-ops in free_device.
  • stonith-ng: Make fencing-device reappear properly after re-enabling.
  • stonith-ng: Trigger on constraints added to cib. (bsc#1042374)
  • systemd: Add TasksMax comment to pacemaker_remote unit. (bsc#1028138, bsc#1066710)
  • systemd unit files: Add dependency on resource-agents-deps.
  • systemd unit files: Enable TasksMax=infinity. (bsc#1028138, bsc#1066710)
  • systemd unit files: Restore DBus dependency.
  • TE: Don't bump counters when action or synapse is invalid.
  • tools: Add version options for cibsecret.
  • tools: Allow crm_resource to be called without arguments.
  • Tools: allow crm_resource to operate on anonymous clones in unknown states.
  • tools: Do not fail if already at the latest schema for cibadmin --upgrade.
  • tools: Avoid using deprecated options.
  • tools: Check sscanf return value when parsing failed op list.
  • tools: crm_attribute should prefer node name from environment.
  • tools: crm_resource should free result if re-running function returns one.
  • tools: crm_resource should set OCF_RESKEY_crm_feature_set.
  • tools: Don't expect reply to failed send.
  • tools: Ensure crm_resource data set is initialized.
  • tools: Ensure crm_resource works if no command is specified.
  • tools: Implement clean-up dry-run correctly.
  • tools: Implement crm_failcount command-line options correctly.
  • tools: Improve crm_master and crm_standby option handling.
  • tools: Improve crm_resource help. (bsc#950128)
  • tools: Properly ignore version with crm_diff --no-version. (bsc#888726)
  • tools: Re-enable crm_resource --lifetime option. (bsc#950128)
  • tools: Set meta_timeout env when crm_resource --force-* executes RA.
  • tools: Set the correct OCF_RESOURCE_INSTANCE env when crm_resource --force-* executes RA.
  • tools: Support crm_failcount -q as advertised.
  • tools: Warn if crm_resource --wait called in mixed-version cluster.
  • Prevent notify actions from causing --wait to hang.
  • Fix log showing the node status so that it is easily distinguishable from other logs.
  • Improve recovery when demote fails with OCF_NOT_RUNNING.
  • Install /etc/pacemaker directory for storing authkey file. (bsc#1082883)
  • Replace references to /var/adm/fillup-templates with new %_fillupdir macro. (bsc#1069468)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise High Availability Extension 12 SP2
    zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1820=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1820=1

Package List:

  • SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
    • libpacemaker3-debuginfo-1.1.15-23.3.2
    • pacemaker-1.1.15-23.3.2
    • pacemaker-remote-debuginfo-1.1.15-23.3.2
    • pacemaker-cli-debuginfo-1.1.15-23.3.2
    • pacemaker-cts-1.1.15-23.3.2
    • pacemaker-debuginfo-1.1.15-23.3.2
    • pacemaker-remote-1.1.15-23.3.2
    • libpacemaker3-1.1.15-23.3.2
    • pacemaker-cts-debuginfo-1.1.15-23.3.2
    • pacemaker-debugsource-1.1.15-23.3.2
    • pacemaker-cli-1.1.15-23.3.2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
    • libpacemaker3-debuginfo-1.1.15-23.3.2
    • pacemaker-1.1.15-23.3.2
    • pacemaker-remote-debuginfo-1.1.15-23.3.2
    • pacemaker-cli-debuginfo-1.1.15-23.3.2
    • pacemaker-cts-1.1.15-23.3.2
    • pacemaker-debuginfo-1.1.15-23.3.2
    • pacemaker-remote-1.1.15-23.3.2
    • libpacemaker3-1.1.15-23.3.2
    • pacemaker-cts-debuginfo-1.1.15-23.3.2
    • pacemaker-debugsource-1.1.15-23.3.2
    • pacemaker-cli-1.1.15-23.3.2

References: