- Issued:
- 2008-05-21
- Updated:
- 2008-05-21
RHBA-2008:0347 - Bug Fix Advisory
Synopsis
cman bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated cman packages that fix several bugs and add enhancements are now
available.
Description
The Cluster Manager (cman) utility provides services for managing a Linux
cluster.
These updated packages fix the following bugs:
- IP addresses are no longer used for SCSI reservation keys.
- "fence_ipmilan -h" reported the depreciated "-i" option.
- ccs_tool exited with EXIT_FAILURE, even after successful operations.
- OpenAIS partitions and disallowed cman nodes could have merged, causing
cluster failure.
- openais and cman were required to fence virtual nodes.
- man page updates.
- a potential crash in the fence daemon was removed.
- potential NULL pointer dereferences were removed.
- running "cman_tool leave remove" did not reduce cluster quorum.
- mkqdisk was unable to use devices with a 4KB sector size.
- fence_scsi now accepts the "nodename" parameter.
- strace, SIGSTOP and SIGCONT signals, caused fenced to stop.
- shutting down qdisk may have caused a "dlm: closing connection to node
0" error.
- data corruption may have occurred when using fence_xvm on virtual nodes.
- the output of "group_tool dump" was a fixed length, and padded with NULL
characters.
- the qdisk man page has been updated.
- ccs lookup functions failed to recognize hostnames that did not match
values in cluster.conf.
- the disallowed state could occur if OpenAIS failed to schedule for more
than 10 seconds.
- the resource group status change failed when relocating NFS and GFS
services.
- fencing failed if the last fence action took more than 30 seconds.
- a format string bug, which may have caused fenced to crash, has been
resolved.
- cascade fencing failed.
- "reservation conflict" messages appeared when starting scsi_reserve.
- now, if scsi_reserve fails to register with any device, that device is
left out of the fence domain.
- "locking_type = 0" is now used for all LVM commands in the fence_scsi
and scsi_reserve scripts.
- when fence_scsi failed to un-register a key on a device, it did not
continue to process other devices. An error occurred when removing a key
that was not registered to a device.
- a bug caused output to stderr to go to the wrong file descriptor.
- options that were only relevant to Red Hat Enterprise Linux 4 have been
removed, and a new dump option has been added.
- the cman init script did not start fence_xvmd.
- PowerPC based clusters interfered with clusters on the same subnet,
causing ccsd to consume up to 90% CPU and memory.
- it was not possible to use fence_scsi with LVM mirrors and stripes.
- a "lock_dlm: plock device version mismatch: kernel" error could occur.
- on PowerPC architectures, "gfs_tool" did not recognize GFS file systems.
- qdisk ignored the interval for checking heuristics.
- a logic error caused qdisk master abdication to fail.
- cman failed to start correctly if additional parameters for
network-bridge were added to "xend-config.sxp".
- if failed fencing was overridden, the node was never considered fenced.
- groupd processed messages from nodes that were no longer in a cluster.
- libdlm copied LVB data from an incorrect location, resulting in a
segmentation fault.
- "ip.sh" did not set the correct netmask. Now, "ip.sh" uses the netmask
set in "cluster.conf", instead of "255.255.255.0".
These updated packages add the following enhancements:
- diagnostic output for the cluster suite tools has been improved.
- performance optimization for plocks has been added.
- logging has been improved, and irrelevant options removed.
- fence_ack_manual now uses the fenced_override socket.
- the fence_apc_snmp agent is now included.
Users of cman are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 248715 - Remove use of IP address as basis for SCSI reservation keys
- BZ - 249616 - fence_ipmilan -h suggests self for deprecated option "-i"
- BZ - 249781 - Most ccs_tool commands always exit with EXIT_FAILURE
- BZ - 251966 - merge of openais partitions and disallowed cman nodes
- BZ - 253587 - old and missing man pages
- BZ - 258141 - Use-after-free bug in fenced
- BZ - 267441 - Possible NULL pointer deferences in cman
- BZ - 271701 - cman_tool leave remove doesn't reduce quorum
- BZ - 272861 - mkqdisk cannot use device with 4kb sector size
- BZ - 277781 - conga passes fence_scsi nodename, where as it accepts only node
- BZ - 314091 - tracing fenced kills the process
- BZ - 315711 - dlm: closing connection to node 0
- BZ - 317561 - Clarify qdisk man page
- BZ - 323711 - Add ccs_lookup_nodename function from libccs in HEAD to RHEL5 libccs
- BZ - 323931 - disallowed nodes and inconsistent cluster views
- BZ - 327721 - failed RG status change while relocating to preferred failover node
- BZ - 354421 - fenced fails to execute the fence agent again if the first attempt fails and it takes more than 30 seconds to complete
- BZ - 359271 - gfs_controld - make un-contended plocks faster by implementing an ownership mechanism
- BZ - 362351 - [RFE] make fence_xvmd not need a cluster for 1-node operation
- BZ - 373491 - scsi_reserve causes "reservation conflict" messages
- BZ - 373511 - scsi_reserve should leave fence domain upon failure
- BZ - 373541 - Use locking_type = 0 for LVM queries in fence_scsi, scsi_reserve
- BZ - 373571 - fence_scsi should not exit after failing for single device
- BZ - 394721 - gfs_controld ASSERT prints to stderr
- BZ - 404451 - minor updates/fixes for RHEL5.2
- BZ - 410361 - fence_xvmd will never be started by the cman init script
- BZ - 418541 - RFE: Make fence_ack_manual in RHEL5 branch talk to manual override socket
- BZ - 418741 - Mixed endian clusters on same subnet can cause ccsd to consume 90+% memory and cpu during startup.
- BZ - 429033 - fence_scsi is broken with lvm stripes and mirrors
- BZ - 429546 - lock_dlm: plock device version mismatch: kernel (1.1.0), user (16777216.16777216.0)
- BZ - 429633 - gfs_tool doesn't recognize GFS file sytem
- BZ - 429927 - qdisk does not check the heuristics
- BZ - 430264 - qdisk master abdication does not work correctly in all cases
- BZ - 434790 - cman doesn't start correctly when additional params are given to network-bridge in /etc/xen/xend-config.sxp
- BZ - 435189 - fenced admin override does not update cman, preventing rgmanager recovery
- BZ - 436984 - groupd processes message from dead node
- BZ - 437496 - libdlm copies lvb from bad address
- BZ - 438905 - fence_apc_snmp is missing in cman rpm
- BZ - 441737 - [fence] fence_node broken in RHEL5.2
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
cman-2.0.84-2.el5.src.rpm | SHA-256: e1091121b010219b8ede0b9a75f53c5038f05cd7fea21b96b55c9d1b44fbdd0a |
x86_64 | |
cman-2.0.84-2.el5.x86_64.rpm | SHA-256: aca59b28a8a8b035ed098fb712d19f3fc31beb20dafcea8b6983a3dd7213a35b |
cman-devel-2.0.84-2.el5.i386.rpm | SHA-256: 2724395839244d16d39fece67545c67087466832e021a07700252fcb8b6b9ee8 |
cman-devel-2.0.84-2.el5.x86_64.rpm | SHA-256: 38012fd896c8c93d3dadd9167934acb23c8e7b2a4656265d23601f999d664bd3 |
ia64 | |
cman-2.0.84-2.el5.ia64.rpm | SHA-256: e7fcfc15482d5286b5a2db1d2f226b8b23378469fb178c0531649e4c5789c9fa |
cman-devel-2.0.84-2.el5.ia64.rpm | SHA-256: 8556ad8c00c95e83cfa8495e694e1b017dd306cfc883bb350f1c913c30de5218 |
i386 | |
cman-2.0.84-2.el5.i386.rpm | SHA-256: 887de78718a5feff4f91db5f0649c52110bd352cc22b2e757b72b1dfd34518f3 |
cman-devel-2.0.84-2.el5.i386.rpm | SHA-256: 2724395839244d16d39fece67545c67087466832e021a07700252fcb8b6b9ee8 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
cman-2.0.84-2.el5.src.rpm | SHA-256: e1091121b010219b8ede0b9a75f53c5038f05cd7fea21b96b55c9d1b44fbdd0a |
x86_64 | |
cman-2.0.84-2.el5.x86_64.rpm | SHA-256: aca59b28a8a8b035ed098fb712d19f3fc31beb20dafcea8b6983a3dd7213a35b |
cman-devel-2.0.84-2.el5.i386.rpm | SHA-256: 2724395839244d16d39fece67545c67087466832e021a07700252fcb8b6b9ee8 |
cman-devel-2.0.84-2.el5.x86_64.rpm | SHA-256: 38012fd896c8c93d3dadd9167934acb23c8e7b2a4656265d23601f999d664bd3 |
i386 | |
cman-2.0.84-2.el5.i386.rpm | SHA-256: 887de78718a5feff4f91db5f0649c52110bd352cc22b2e757b72b1dfd34518f3 |
cman-devel-2.0.84-2.el5.i386.rpm | SHA-256: 2724395839244d16d39fece67545c67087466832e021a07700252fcb8b6b9ee8 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
cman-2.0.84-2.el5.src.rpm | SHA-256: e1091121b010219b8ede0b9a75f53c5038f05cd7fea21b96b55c9d1b44fbdd0a |
s390x | |
cman-2.0.84-2.el5.s390x.rpm | SHA-256: 209a8fc714cde542206abbb66cd4a522617a511aa72345def4c99fdcb18bef21 |
cman-devel-2.0.84-2.el5.s390.rpm | SHA-256: 58a22cde4c78db99e604e16b2f1bbdb43e29640d8173b25f6e1ad5cecaf59685 |
cman-devel-2.0.84-2.el5.s390x.rpm | SHA-256: e68d85d81dadcf7a740e9ba5244b826ce12e314d05262191f2772a6e109f3334 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
cman-2.0.84-2.el5.src.rpm | SHA-256: e1091121b010219b8ede0b9a75f53c5038f05cd7fea21b96b55c9d1b44fbdd0a |
ppc | |
cman-2.0.84-2.el5.ppc.rpm | SHA-256: 45e97fd42d0a3f0acca10963cbf174c4d1ba6908bf5f32e4513ee3104e1fb7dd |
cman-devel-2.0.84-2.el5.ppc.rpm | SHA-256: fb8ff9a59f610daf26a95378c8e8c650976f4900b1b947fb12378d8854ca1e00 |
cman-devel-2.0.84-2.el5.ppc64.rpm | SHA-256: 3d845256d4f5fcb9e28ee0993eafe4c99e8b1249b2742a16b238eda31da5758d |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
cman-2.0.84-2.el5.src.rpm | SHA-256: e1091121b010219b8ede0b9a75f53c5038f05cd7fea21b96b55c9d1b44fbdd0a |
x86_64 | |
cman-2.0.84-2.el5.x86_64.rpm | SHA-256: aca59b28a8a8b035ed098fb712d19f3fc31beb20dafcea8b6983a3dd7213a35b |
cman-devel-2.0.84-2.el5.i386.rpm | SHA-256: 2724395839244d16d39fece67545c67087466832e021a07700252fcb8b6b9ee8 |
cman-devel-2.0.84-2.el5.x86_64.rpm | SHA-256: 38012fd896c8c93d3dadd9167934acb23c8e7b2a4656265d23601f999d664bd3 |
i386 | |
cman-2.0.84-2.el5.i386.rpm | SHA-256: 887de78718a5feff4f91db5f0649c52110bd352cc22b2e757b72b1dfd34518f3 |
cman-devel-2.0.84-2.el5.i386.rpm | SHA-256: 2724395839244d16d39fece67545c67087466832e021a07700252fcb8b6b9ee8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.