8.42. fence-agents

Bug Fixes

BZ#872308

Previously, the fence agents documentation did not mention how to use the fence_ipmilan agent for fence device HP iLO 3. This update adds this information to the fence_ipmilan(8) manual page.

BZ#896603

Previously, the fence agent fence_cisco_ucs did not respect the "delay" attribute. This bug has now been fixed and fence_cisco_ucs waits the appropriate amount of time, as expected.

BZ#978325

Previously, the fence agent fence_cisco_ucs did not use a proper timeout during the login process, which could have an impact on a successful login. With this update, this timeout is set properly and can be customized by users through the standard configuration methods.

BZ#978326

Previously, the fence agent fence_cisco_ucs failed with a traceback error when the hostname could not be resolved to an IP address. With this update, fence_cisco_ucs exits with an appropriate error message.

BZ#978328

Previously, the fence agent fence_scsi did not provide the correct metadata for the pacemaker "unfence" operation. With this update, an "unfence" operation can be run only on local node.

BZ#912773, BZ#994186

Previously, the fence agent fence_scsi did not respect the "delay" attribute. This bug has been fixed and fence_scsi now waits the appropriate amount of time. As a result, nodes in a 2-node cluster can no longer fence each other.

BZ#959490

Previously, when using the fence_bladecenter agent with the "--ssh" option, the fence agent required also the "--password" or "--identity-file" options. However, this behavior was not documented. As a consequence, when using fence_bladecenter with the "--ssh" option only, fence_bladecenter failed with an error message which was too generic. This bug has been fixed and a more specific error message is now displayed if fence_bladecenter fails to connect.

BZ#887349

Previously, the fence_scsi(8) manual page did not mention the "unfence" operation which is required for fence_scsi to properly function in a cluster environment. With this update, a comment with information about "unfence" in cluster environment has been added to the fence_scsi(8) manual page.

BZ#902404

Previously, when fencing a Red Hat Enterprise Linux cluster node with the fence_soap_vmware fence agent, the agent terminated unexpectedly with a traceback if it was not possible to resolve a hostname of an IP address. With this update, a proper error message is displayed in the described scenario.

BZ#905478

Due to incorrect detection on newline characters during an SSH connection, the fence_drac5 agent could terminate the connection with a traceback when fencing a Red Hat Enterprise Linux cluster node. Only the first fencing action completed successfully but the status of the node was not checked correctly. Consequently, the fence agent failed to report successful fencing. When the "reboot" operation was called, the node was only powered off. With this update, the newline characters are correctly detected and the fencing works as expected.

BZ#981086

Previously, the description of the fence_ipmilan "lanplus" option in the fence_ipmilan(8) manual page was incomplete. This update improves the description of the "lanplus" option and includes information on its impact on security.

BZ#1014000

Previously, an insecure temporary directory was used by the VMware fence agent, which could be used by a local attacker to overwrite an arbitrary local file by the victim running fence agent. This update removes a dependency on the python-suds library, which is vulnerable to a symbolic link attack (CVE-2013-2217), and the VMware fence agent now uses mkdtemp to create a unique temporary directory.

Enhancements

BZ#870269

Previously, users of the HP Integrated Lights-Out (iLO) 4 fence device had to use the fence_ipmilan fence agent. This update adds support for the iLO fence device to the fence-agents packages.

BZ#886614

This update adds support for the firmware for APC power switches, version 5. This update also adds changes to the fence agent command line interface.