RHBA-2015:0415 - Bug Fix Advisory

Topic

Updated pcs packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

This update fixes the following bugs:

• Previously, when the user created a resource without specifying the mandatory parameters, pcs only printed a warning message. Consequently, it was relatively easy to create a misconfigured resource that could not be started by the cluster. Now, pcs prints an error message and does not create the resource if the mandatory parameters are missing, unless you specify the "--force" option. (BZ#1081242)
• Previously, pcs updated the Cluster Information Base (CIB) by supplying the string of resources or constraints using the "--xml-text" option. If the string length exceeded the maximum allowed on the command line, the update failed. With this update, the update uses the "--xml-pipe" option to retrieve the XML from the standard input (stdin) stream, and pcs is able to update CIB in this situation. (BZ#1081243)
• When the user entered an invalid or complex rule in the "pcs constraint location" command, pcs could either terminate with a traceback error or produce an invalid rule or invalid CIB. A new rule parser supporting complex rules and providing explanatory error messages in case the user entered an invalid rule has been implemented. Now, pcs saves valid rules into the CIB correctly and exits gracefully with a helpful error message after entering an invalid rule. (BZ#1104656)
• The "pcs cluster stop -all" command did not stop all cluster nodes at once as expected. This could cause services to be moved around the cluster unnecessarily and the cluster to lose quorum as soon as a sufficient amount of nodes stopped. With this update, pcs stops all nodes in parallel to prevent services from being moved. Now, quorum is only lost at a time when Pacemaker and all resources are stopped. (BZ#1180506)

This update also adds the following enhancements:

• Added an easy way to back up and restore cluster configuration on all nodes across the cluster. (BZ#1024492)
• Added support for creating, editing, and viewing Pacemaker Access Control Lists (ACLs), enabling you to control user and group access. (BZ#1054490)
• Added the "--disabled" option to the pcs utility for creating resources that are initially disabled. (BZ#1067514)
• Added the "pcs config checkpoint" command that enables restoring a previous revision of the CIB. (BZ#1085100)
• Added support for creating the STONITH levels in the pcs GUI when multiple fence devices are used in a cluster. (BZ#1098858)
• The "pcs resource cleanup" command can now be used with no arguments, cleaning up all resources at once. (BZ#1102115)
• Clusters cannot start resources when they are inquorate. When the user sets up a cluster with the "wait_for_all" option set to "1", and some nodes remain unavailable, a "pcs cluster quorum unblock" command can now temporarily cancel "wait_for_all". If a sufficient number of nodes are running, the cluster becomes quorate and starts the resources as expected. (BZ#1127878)
• The new "--after" and "--before" options accepted by the "pcs resource create --group" and "pcs resource group add" commands allow specifying the position of a resource within a group when adding this resource to the group. (BZ#1115853)
• With this update, the "pcs resource" command accepts the "--wait" option that instructs pcs to wait until resources start or move, and then to report to the user which nodes the resource started or moved, as well as which nodes it failed to start or move. (BZ#1156311)

Users of pcs are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux High Availability for x86_64 7 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 7.7 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 7.6 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 7.5 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 7.3 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 7 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 7.7 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 7.6 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 7.5 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 7.3 x86_64
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 7 x86_64
• Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 7 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 7.7 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 7.6 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 7.4 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 7.3 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle Support 7 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle Support 7 x86_64

Fixes

• BZ - 886232 - no stonith resource agents available
• BZ - 1024492 - pcs should handle full cluster config backup/restore
• BZ - 1054490 - RFE: Users & group functionality in pcs
• BZ - 1054491 - RFE: Users & group functionality in pcsd GUI (pacemaker ACL support & non hacluster user login)
• BZ - 1072415 - pcs GUI should support creating dual-ring clusters (RRP)
• BZ - 1080591 - pcs.8: .TP macro issue
• BZ - 1081242 - pcs should abort if required parameter is not present while creating a resource
• BZ - 1081243 - pcs should use pipes instead of command line inputs internally
• BZ - 1098466 - adding invalid score for location constraints results in invalid CIB dump
• BZ - 1099077 - resource update on a clone ID returns error
• BZ - 1099881 - move/ban of a stopped resource gives an error when node is not specified
• BZ - 1102115 - PCS doesn't provide way to cleanup all resources
• BZ - 1103639 - creating a resource with invalid name results in invalid CIB dump
• BZ - 1104359 - If IPv6 is disabled, then pcsd fails to start
• BZ - 1104656 - support for complex rules and better handling of invalid rules
• BZ - 1108319 - cloned group resource ignores 'constraint avoids node'
• BZ - 1108538 - [RFE] Add support for corosync totem.token_coefficient setting
• BZ - 1110166 - [RFE] allow user to specify constraint id on its creation
• BZ - 1111368 - PCS Rebase bug for 7.1
• BZ - 1111369 - Support Pacemaker ACLs
• BZ - 1112695 - pcs tracebacks when ocf resource provides invalid metadata xml
• BZ - 1115537 - [RFE] 'pcs cluster cib': implement --scope as cibadmin does
• BZ - 1115608 - Colocating Sets of Resources: 'setoptions' is invalid
• BZ - 1126998 - pacemaker uses 'uname -n' if no nodename defined, which is confusing
• BZ - 1127878 - support corosync's ability to unblock quorum
• BZ - 1133897 - [RFE] pcs should be able to import cluster.conf and convert it into a pacemaker configuration
• BZ - 1145560 - Resource configuration page clutter
• BZ - 1149677 - 'pcs resource clear' does not work on cloned group
• BZ - 1153701 - pcsd: removing all nodes at once leaves the cluster in broken state
• BZ - 1156311 - Need ability to start resource and wait until it finishes starting before returning (and show error information if it fails)
• BZ - 1156597 - Pcs should not generate tarballs that "tar" complains about when unpacking
• BZ - 1158227 - pcsd should not accept SSLv2 and v3
• BZ - 1163983 - Support for crm_resource --restart with pcs resource restart
• BZ - 1170150 - pcsd gui does not show any info when a globally-unique clone resource is present in a cluster
• BZ - 1179023 - pcs needs to be able to set resource-discovery option of location constraints
• BZ - 1180390 - issue deleting resources with constraint
• BZ - 1180506 - pcs cluster stop behavior is not optimal and can lead to fencing nodes
• BZ - 1184162 - pcs resource create --clone/--group/--master should create the resource and clone in one step

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal