RHBA-2011:1599 - Bug Fix Advisory

Topic

An updated fence-agents package that fixes various bugs and adds several
enhancements is now available for Red Hat Enterprise Linux 6.

Description

Red Hat fence agents are a collection of scripts to handle remote power
management for cluster devices. They allow failed or unreachable cluster nodes
to be forcibly restarted and removed from the cluster.

The fence-agents package has been upgraded to upstream version 3.1.5, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#707123)

This update also fixes the following bugs:

• Due to a change in REST API, the fence_rhevm utility incorrectly reported

status "UP" as "RUNNING". Consequently, the "fence_rhevm -o status" command
always reported "OFF". This bug has been fixed, and fence_rhevm now reports
status correctly. (BZ#731166)

• The fence_drac5 agent failed to clear its SSH sessions on exit as expected by

firmware. Consequently, the fence agent appeared to be still connected to the
device, and once the connection limit was reached, further logins to the device
were not allowed. This bug has been fixed, and fence_drac5 now clears its SSH
sessions properly. (BZ#718924)

• The "monitor" and "status" commands of the fence_ipmilan agent returned

chassis status instead of the fence device status. As a result, when a server
chassis was powered off, the fence_ipmilan agent exited with the incorrect
result code "2" when passed one of these commands. Now, fence_ipmilan returns
the correct result code "0" in the described scenario. (BZ#693428)

• When a blade server was removed from a blade chassis and was fenced via the

fence_bladecenter utility with the "--missing-as-off" option enabled, and was
scheduled with the "reboot" action, the fence failed. This bug has been fixed,
and fence_bladecenter no longer returns an error if a blade server is missing.
(BZ#708052)

• A list operation on fence_drac5 agents resulted in unexpected termination of

fence agents. A patch has been provided to address this issue, and fence_drac5
agents now work correctly in the described scenario. (BZ#718196)

• When the pyOpenSSL package was not present in the system, when an error

occurred, the fence_ilo agent terminated with a generic error message, making it
difficult to debug the problem. Now, fence_ilo reports that a dependent package
is missing in the described scenario, thus fixing this bug. (BZ#718207)

• The verbose mode of the fence_ipmilan agent exposed user passwords when the

whole command was logged by an IPMI tool. Now, the fence_ipmilan output has been
changed, and passwords remain undisclosed in the described scenario. (BZ#732372)

• During simultaneous unfencing operations performed via the fence_scsi agent,

all nodes launched their reservation commands at the same time. Consequently,
some of the commands failed. Now, fence_scsi retries to unfence a node until its
reservation command succeeds. (BZ#738384)

• A null dereference was discovered in the fence_kdump agent, when the strchr()

function returned the NULL value. With this update, the dereference has been
fixed in the code and no longer occurs. (BZ#734429)

This update adds the following enhancements:

• With this update, the new fence_vmware_soap() function has been provided to

enable fencing of VMware guests in ESX environments. (BZ#624673)

• The fence_kdump utility has been updated to integrate fencing with the kernel

dump environment. (BZ#461948)

• With this update, the RelaxNG schema generation for fence-agents has been

updated with the rha:description and rha:name attributes in its output to fence
attribute group elements. (BZ#698365)

• The fence_ipmilan agent has been updated to support the -L option of the

ipmilan daemon, thus supporting fencing with user session privileges level.
(BZ#726571)

Users of fence-agents are advised to upgrade to this updated package, which
fixes these bugs and adds these enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux High Availability for x86_64 6 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 6 i386
• Red Hat Enterprise Linux Resilient Storage for x86_64 6 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 6 i386
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 6 x86_64
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 6 i386
• Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 6 x86_64
• Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 6 i386

Fixes

• BZ - 461948 - Provide a method to wait for kdump to complete from fencing
• BZ - 624673 - Rework fence_vmware fence agent to use SOAP API to connect to Virtual Center instead of VMware Perl API
• BZ - 693428 - fence_ipmilan returns incorrect status on monitor op if chassis is powered off
• BZ - 698365 - RFE: add rha:description="fence_name" attribute to fence attribute group elements
• BZ - 707123 - fence-agents rebase
• BZ - 708052 - fence_bladecenter --missing_as_off reboot action fails on missing blade
• BZ - 718196 - Dell Drac CMC is not working correctly as fence device
• BZ - 718207 - fence_ilo fails silently when pyOpenSSL is not installed
• BZ - 731166 - fence_rhevm needs to change "UP" status to "up" state as the REST-API has changed.
• BZ - 732372 - fence_ipmi exposes user password on verbose mod
• BZ - 738384 - fix scsi unfencing to allow simultaneous unfences

CVEs

(none)

References

(none)