RHBA-2014:1562 - Bug Fix Advisory

Topic

Updated fence-agents packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

Description

Red Hat fence agents are a collection of scripts for handling remote power
management for cluster devices. They allow failed or unreachable nodes to be
forcibly restarted and removed from the cluster.

This update fixes the following bugs:

• Previously, timeout options could not be entered to the fence_brocade agent.

In addition, issued commands were not persistent, which could lead to problems
if fencing hardware was rebooted. Also, when invalid password was entered, the
fence agent was terminated as a stale process without any error message being
reported to the user. This update provides a new implementation of fence agents
that solves the aforementioned bugs. (BZ#641632, BZ#642232, BZ#841556,
BZ#1114528)

• Previously, users of the fence_ilo agent were not able to enter password that

contained the quotation mark character ("). This update allows users to enter
any character in the password as expected. (BZ#990537)

• If the user name to log in to the fence_vmware_soap device does not have the

correct privileges set, a python exception is thrown. Prior to this update, the
fence_vmware_soap agent terminated the exception when the user did not have
privileges for required operations. With this update, the user is informed by an
error message that these privileges are not sufficient. (BZ#1018263)

• Previously, fence agents could use key-based authentication over SSH even if

the user wanted to use password authentication. As a consequence, the user was
unable to log in. This update ensures that proper authentication is used, and
the user can now log in using password authentication. (BZ#1048842)

• Previously, using the fence_scsi_check.pl watchdog script failed to induce

soft or clean reboot. But when Global File System 2 (GFS2) or other file systems
were used, unmounting file systems could be blocked. This update provides a new
fence_scsi_check_reboot.pl script, which ensures hard reboot, and problems with
unmounting no longer occur. (BZ#1050022)

• Prior to this update, the fence_vmware_soap fencing agent did not support the

"--delay" option, which is indispensable for avoiding fence races. This update
adds the "--delay" option, which delays start of fence agents for a given amount
of seconds, and thus prevents fence races from occurring. (BZ#1051159)

• Previously, the fence_apc utility was hard-coded with SSH1 connectivity. As a

consequence, fence_apc was unable to connect to power distribution units that
required SSH2 connectivity. This update introduces the "--ssh-options" option,
which makes it possible to specify SSH connectivity options in fence_apc. Thus,
all fencing agents that support SSH can now be adjusted to meet the SSH
requirements of the fencing device. (BZ#1069618)

• Previously, the fence_rsb agent was unable to work with certain versions of

firmware. As a consequence, fence_rsb failed after an outlet powered off.
However, fence_rsb kept on issuing the command to power the outlet back on. With
this update, new firmware versions are supported, and fence_rsb succeeds in
turning off and on the outlet. (BZ#1110428)

• Prior to this update, fence agents that connected using the SSH protocol

failed on login if an identity file was used as the method of authentication.
The bug has been fixed, and these fence agents now successfully authenticate
through an identity file. (BZ#1075683)

Users of fence-agents are advised to upgrade to these updated packages, which
fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386

Fixes

• BZ - 917675 - Please remove static non-generated FA part from cluster schema template
• BZ - 990537 - iLO2: Unable to login when password contains "
• BZ - 1048842 - Fence agent uses key authentication when it should use password
• BZ - 1069618 - fence_apc does not work with APC AP8965 with SSH
• BZ - 1075683 - Fence-agent (ssh) fails on login if identity file was used
• BZ - 1079291 - fence_wti do not support --delay when using telnet
• BZ - 1114528 - Action 'monitor' is not working for fence agents without list

CVEs

(none)

References

(none)