- Prior to this update, when a new cluster was being created with luci, and luci tried to list, install or update cluster packages, the installation process could become unresponsive and could not finish. With this update, the bug has been fixed, and the creation of a new cluster now completes successfully in the described scenario.
- CVE-2010-1104, CVE-2011-1948
- Multiple cross-site scripting (XSS) flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session.
- Previously, due to incorrect permissions from libvirt, the
riccidaemon failed to detect if a host was capable of running a virtual machine. As a consequence, the Add a Virtual Machine Service tab was not displayed under Services when using the luci tool. With this update, calling the virsh program is now avoided, and the Add a Virtual Machine Service tab is now displayed under Services.
- If the user modified in luci the attribute of a shared resource that was attached to an existing service, the attribute for the shared resource in the
cluster.conffile was not updated. With this update, luci is modified so that the attribute in
cluster.confis correctly updated to reflect the new name of the resource.
- Previously, luci did not allow users to modify the
__restart_expire_timeattributes for independent subtrees, but only for non-critical resources. If the user tried to set values for "Maximum number of restart failures before giving up (applies only for non-critical resources)" and "Restart expire time (applies only for non-critical resources)", these values were not added for the resource in the
cluster.conffile. This update modifies luci so that users are now able to modify the aforementioned values in luci.
- Prior to this update, execution of external programs (such as
/usr/sbin/clustat) from within the
modclusterddaemon or ricci's helper program, modcluster, could make these unresponsive. In such a case, processes depending on them could also become unresponsive or indicate an error. For example, in tools like luci, the affected node could be listed as having communications problems, or the cluster creation could become unresponsive. Patches have been applied to address this issue, and deadlocks no longer occur when executing external programs.
- When adding a resource to a service, luci only checked to verify that the name of the resource did not match the name of a resource in the resources stanza. The luci tool did not check to see if any resources in other services shared the same name, and therefore allowed users to create two services with the resources of the same name. This led to unique attribute collisions. With this update, luci's name validation is improved, and adding a resource to a service no longer leads to collisions. In addition, certain error messages have been modified to display more verbose information.
- Previously, users were able to insert the quote character (") with NFS resources in the "resources" section of the cluster configuration in conga. The resource data submitted for this service was not properly formed and converted into the
cluster.conffile. With this update, if the user inserts the quote character, the following error message appears:
The resource data submitted for this service is not properly formed
- Previously, the
luci_admin restorecommand did not fully restore a database to the original state. This was because the
luci_adminscript only added items contained in the previously generated backup XML file. This update adds new options,
--replace), that are used to either keep or remove existing configuration when restoring a database.
fence_ipmilanagent has been updated to support the "-L" option of the
ipmilandaemon, thus supporting fencing with user session privileges level.
service luci restart) for the update to take effect.