Bug 2059500
| Summary: | pcs rebase bz for 8.7 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Tomas Jelinek <tojeline> |
| Component: | pcs | Assignee: | Tomas Jelinek <tojeline> |
| Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> |
| Severity: | high | Docs Contact: | Steven J. Levine <slevine> |
| Priority: | high | ||
| Version: | 8.7 | CC: | cluster-maint, idevat, kmalyjur, mlisik, mmazoure, mpospisi, nhostako, omular, tojeline |
| Target Milestone: | rc | Keywords: | Rebase, Triaged |
| Target Release: | 8.7 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | pcs-0.10.14-1.el8 | Doc Type: | Enhancement |
| Doc Text: |
NOTE: Please document as a rebase.
Rebase package(s) to version:
Highlights, important fixes, or notable enhancements:
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-08 09:14:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Tomas Jelinek
2022-03-01 08:25:21 UTC
Changes in 0.10.13: ### Fixed - Pcs was not automatically enabling corosync-qdevice when adding a quorum device to a cluster (broken since pcs-0.10.9) ([rhbz#2028902]) - `resource update` command exiting with a traceback when updating a resource with a non-existing resource agent ([rhbz#1384485]) - pcs\_snmp\_agent is working again (broken since pcs-0.10.1) ([ghpull#431]) - Skip checking of scsi devices to be removed before unfencing to be added devices ([rhbz#2032997]) - Make `ocf:linbit:drbd` agent pass OCF standard validation ([ghissue#441], [rhbz#2036633]) - Multiple improvements of `pcs resource move --autodelete` command ([rhbz#1990784]) - Pcs no longer creates Pacemaker-1.x CIB when `-f` is used, so running `pcs cluster cib-upgrade` manually is not needed ([rhbz#2022463]) Preliminary changelog: ### Security - CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM auth. ([huntr#220307], [rhbz#2068456]) ### Added - Add support for fence\_mpath to `pcs stonith update-scsi-devices` command ([rhbz#2023845]) - Support for cluster UUIDs. New clusters now get a UUID during setup. Existing clusters can get a UUID by running the new `pcs cluster config uuid generate` command ([rhbz#1950551]) - Add warning regarding move constraints to `pcs status` ([rhbz#1730232]) - Support for output formats `json` and `cmd` to `pcs resource config` and `pcs stonith config` commands ([rhbz#1874624], [rhbz#1909904]) ### Fixed - Agents not conforming to OCF standard are processed as if they conformed to OCF 1.0 - in the same way as before pcs-0.10.12 ([rhbz#2050274]) - OCF 1.0 agents not conforming to the schema are processed anyway ([rhbz#2050274]) - Booth ticket name validation ([rhbz#1791661]) - Adding booth ticket doesn't report 'mode' as an unknown option anymore ([rhbz#1786964]) - Preventing fence-loop caused when stonith-watchdog-timeout is set with wrong value ([rhbz#1954099]) ### Deprecated - Agents not complying with OCF 1.0 schema are processed, incompatibilities are listed as warnings. In pcs-0.11, they will be reported as errors and prevent pcs from working with such agents. ([rhbz#2050274]) Changes in 0.10.14: ### Security - CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM auth. ([huntr#220307], [rhbz#2068456]) - Pcsd does not expose the server name in HTTP headers anymore ([rhbz#2058278]) - Set `Strict-Transport-Security: max-age=63072000` HTTP header for all responses ([rhbz#2097392]) - Set HTTP headers to prevent caching everything except static files ([rhbz#2097383]) - Set HTTP headers to prevent sending referrer ([rhbz#2097391]) - Set cookie option SameSite to Lax ([rhbz#2097393]) ### Added - Add support for fence\_mpath to `pcs stonith update-scsi-devices` command ([rhbz#2023845]) - Support for cluster UUIDs. New clusters now get a UUID during setup. Existing clusters can get a UUID by running the new `pcs cluster config uuid generate` command ([rhbz#1950551]) - Add warning regarding move constraints to `pcs status` ([rhbz#1730232]) - Support for output formats `json` and `cmd` to `pcs resource config` and `pcs stonith config` commands ([rhbz#1874624], [rhbz#1909904]) ### Fixed - Agents not conforming to OCF standard are processed as if they conformed to OCF 1.0 - in the same way as before pcs-0.10.12 ([rhbz#2050274]) - OCF 1.0 agents not conforming to the schema are processed anyway ([rhbz#2050274]) - Booth ticket name validation ([rhbz#1791661]) - Adding booth ticket doesn't report 'mode' as an unknown option anymore ([rhbz#1786964]) - Preventing fence-loop caused when stonith-watchdog-timeout is set with wrong value ([rhbz#1954099]) - Do not allow to create an order constraint for resources in one group as that may block Pacemaker ([ghpull#509]) ### Deprecated - Agents not complying with OCF 1.0 schema are processed, incompatibilities are listed as warnings. In pcs-0.11, they will be reported as errors and prevent pcs from working with such agents. ([rhbz#2050274]) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: pcs security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7447 |