RHBA-2010:0477 - Bug Fix Advisory

Topic

Updated fence-agents packages that fix several bugs and add support for
further power management hardware, such as the HP iLO MP, are now
available.

Description

Red Hat fence agents are a collection of scripts to handle remote power
management for several devices. They allow failed or unreachable nodes to
be forcibly restarted and removed from the cluster. These specific packages
provide the fence agent scripts included with the Red Hat Cluster Suite
(RHCS) for use with Red Hat Enterprise Virtualization (RHEV).

This update re-bases the packages from version 3.0.6 to the current
upstream version, 3.0.11. (BZ#525716, BZ#583780)

These updated packages also address the following issues:

• updated firmware used by the IBM Remote Supervisor Adapter II (RSA II)

included a changed login screen. The text "login:" was changed to "login
:". This caused the fence agent to fail when RSA II logins were attempted.
As well, the RSA II takes longer to respond to login requests and the three
second login-timeout value used by the fence agent was too short to allow
successful logins. With this update, the RSA fence agent supports both
"login:" and "login :" at the RSA login screen (allowing logins to RSA and
RSA II adapters) and the login-timeout has been increased from three to ten
seconds (ensuring the fence agent does not timeout a login request before
the RSA II has responded). (BZ#549835)

• the "-k" or "--identity-file=[filename]" switch allows ssh-capable

fencing agents to specify an identify file instead of supplying a password
for public key authentication. Previously, this switch was not available to
all ssh-capable fencing agents. With this update, all ssh-capable fencing
agents (including, for example, the Sun Advanced Lights Out Manager) can
now take advantage of the "-k" switch. (BZ#549832)

• a previously released cman errata, RHBA-2010-0266, included a fix for

BZ#506928 which improved support for using TCP ports other than the
defaults for services such as SSH, SSL and Telnet. This fix included
changes to several fence agent scripts that caused the APC power switch
fence agent, fence_apc_snmp, to fail with a Traceback. This update corrects
those changes and fence_apc_snmp once again works as expected. (BZ#527844)

• the default timeout settings for several fence agents (eg ipmilan, the

Intelligent Platform Management Interface fence agent) were too low to work
with the Virtual Desktop Server Manager (VDSM). With this update, these
default values were increased (eg the ipmilan default timeout is now 20
seconds rather than 10) and, consequently, work with VDSM. (BZ#526506)

• new Dell blade servers, including the PowerEdge R710 & PowerEdge R910,

incorporate a new iDRAC6 (for Integrated Dell Remote Access Controller 6)
interface. These have been tested and found to work with the IPMI agent,
fence_ipmilan. (BZ#516548)

• if the SNMP fence agent with password option (for use with SNMP v3) was

used and a password shorter than eight characters was entered, the fence
agent returned "off" in all cases, even if the host did not exist or did
exist but was on. As of this update, snmpget/snmpwalk are now called and if
an error string presents (as it will if too short a password is used) that
error is returned rather than the invalid "off" value returned previously.
(BZ#574059)

As well, this update adds the following enhancement:

• fence agent support within RHEV was extended to encompass all the remote

power management hardware currently supported by RHCS. (BZ#545216)

All RHEV users also using fence-agents should install these updated
packages which address these issues and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Virtualization 3 for RHEL 5 x86_64

Fixes

CVEs

(none)

References

(none)