RHBA-2015:1405 - Bug Fix Advisory

Topic

Updated ricci packages that fix several bugs and add one enhancement are now
available for Red Hat Enterprise Linux 6.

Description

The ricci packages contain a daemon and a client for remote configuring and
managing of clusters.

This update fixes the following bugs:

• Previously, the luci application server and the ccs cluster configuration

command in some cases displayed incorrect information about certain aspects of
the cluster, such as the daemon status or specific management tasks. With this
update, replies to clients' requests against service modules included with the
ricci daemon are composed correctly again. As a result, luci and ccs now provide
correct information about the cluster. (BZ#1187745)

• Previously, using the rgmanager utility to disable guest virtual machines

(VMs) forced the guests off after 2 minutes. However, when Microsoft Windows
guests download system upgrades, they install them during operating system (OS)
shutdown. Consequently, if rgmanager forced the Windows guest off during this
process, the guest OS could be damaged or destroyed. This update gives the
server more time to shut down, and the guest OS can now safely install updates
before the shutdown. (BZ#1079032)

• Prior to this update, the ricci daemon accepted deprecated and insecure SSLv2

connections, which could lead to security issues. With his update, SSLv2
connections are refused, thus fixing this bug. (BZ#1156157)

• Once authenticated, the ccs utility previously ignored any attempts to

re-authenticate. Consequently, the user attempting to re-authenticate with a
password did not get an error message even if they used an incorrect password.
With this update, ccs verifies the password even if it is already authenticated
by ricci, and if the password is not valid, ccs returns an error. (BZ#1084991)

• Prior to this update, the ccs utility did not properly ignore the SIGPIPE

signal. When piping the output of ccs into another program, a traceback could
occur if the other program closed the pipe before the ccs process was resolved.
Now, ccs properly ignores SIGPIPE, and ccs no longer issues a traceback in the
described situation. (BZ#1125954)

• Previously, the ccs utility did not properly handle comments in the

cluster.conf file if they were located in the services section. As a
consequence, tracebacks could occur in ccs when listing services. With this
update, ccs ignores any comments in the services or resources sections of
cluster.conf instead of trying to parse them, thus fixing this bug. (BZ#1126872)

• The ccs utility did not prevent multiple syncs or activations from executing

in one ccs command. Consequently, it was possible to issue a command using
multiple options that caused multiple syncs and activations. This update allows
only one sync or activation per command, thus fixing this bug. (BZ#1166589)

In addition, this update adds the following enhancement:

• The cluster schema in the ricci packages, used by the ccs utility for offline

validation, has been updated. This update includes new options in resource and
fence agents packages, and in the rgmanager utility and fenced cluster daemons.
(BZ#1210679)

Users of ricci are advised to upgrade to these updated packages, which fix these
bugs and add this enhancement.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux High Availability for x86_64 6 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 6 i386
• Red Hat Enterprise Linux Resilient Storage for x86_64 6 x86_64
• Red Hat Enterprise Linux Resilient Storage for x86_64 6 i386
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 6 x86_64
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 6 i386
• Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 6 x86_64
• Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 6 i386

Fixes

• BZ - 1079032 - Unable to add '<action name="stop" timeout="10m" />' child element to a <vm .../> service using 'ccs'
• BZ - 1125954 - Piping ccs --getschema results in IOError: [Errno 32] Broken pipe
• BZ - 1125957 - ccs --setconf doesn't check for missing hostname
• BZ - 1126872 - ccs list services displays traceback (Comment instance has no attribute 'tagName')
• BZ - 1126876 - ccs --getversion gives result even if cluster.conf doesn't exist on target node
• BZ - 1156157 - ricci still agrees on SSLv3 connections by default (if for some esoteric reason forced to)
• BZ - 1166589 - ccs should trigger config activation/propagation across the nodes no more than once
• BZ - 1187745 - Regression caused by [bug 1044122] fix: modules cannot return values due to bug in Module::empty_response
• BZ - 1210679 - sync cluster.rng schema with latest updates from all cluster packages

CVEs

(none)

References

(none)