Bug 2059501
Summary: | pcs rebase bz for 9.1 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Tomas Jelinek <tojeline> |
Component: | pcs | Assignee: | Tomas Jelinek <tojeline> |
Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 9.1 | CC: | cluster-maint, idevat, mlisik, mmazoure, mpospisi, nhostako, omular, slevine, tojeline |
Target Milestone: | rc | Keywords: | Rebase, Triaged |
Target Release: | 9.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | pcs-0.11.3-1.el9 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-15 09:49:09 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Jelinek
2022-03-01 08:26:10 UTC
Changes in 0.11.2: ### Fixed - Pcs was not automatically enabling corosync-qdevice when adding a quorum device to a cluster (broken since pcs-0.10.9) ([rhbz#2028902]) - `resource update` command exiting with a traceback when updating a resource with a non-existing resource agent ([rhbz#2019836]) - pcs\_snmp\_agent is working again (broken since pcs-0.10.1) ([ghpull#431]) - Skip checking of scsi devices to be removed before unfencing to be added devices ([rhbz#2033248]) - Make `ocf:linbit:drbd` agent pass OCF standard validation ([ghissue#441], [rhbz#2036633]) - Multiple improvements of `pcs resource move` command ([rhbz#1996062]) - Pcs no longer creates Pacemaker-1.x CIB when `-f` is used, so running `pcs cluster cib-upgrade` manually is not needed ([rhbz#2022463]) ### Deprecated - Usage of `pcs resource` commands for stonith resources and vice versa ([rhbz#1301204]) Preliminary changelog: ### Security - CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM auth. ([huntr#220307], [rhbz#2068457]) ### Added - Add support for fence\_mpath to `pcs stonith update-scsi-devices` command ([rhbz#2024522]) - Support for cluster UUIDs. New clusters now get a UUID during setup. Existing clusters can get a UUID by running the new `pcs cluster config uuid generate` command ([rhbz#2054671]) - Add warning regarding move constraints to `pcs status` ([rhbz#2058247]) - Support for output formats `json` and `cmd` to `pcs resource config` and `pcs stonith config` commands ([rhbz#2058251], [rhbz#2058252]) ### Fixed - Booth ticket name validation ([rhbz#2053177]) - Adding booth ticket doesn't report 'mode' as an unknown option anymore ([rhbz#2058243]) - Preventing fence-loop caused when stonith-watchdog-timeout is set with wrong value ([rhbz#2058246]) Changes in 0.11.3: ### Security - CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM auth. ([huntr#220307], [rhbz#2068457]) - Pcsd does not expose the server name in HTTP headers anymore ([rhbz#2059122]) - Set `Strict-Transport-Security: max-age=63072000` HTTP header for all responses ([rhbz#2097731]) - Set HTTP headers to prevent caching everything except static files ([rhbz#2097733]) - Set HTTP headers to prevent sending referrer ([rhbz#2097732]) - Set cookie option SameSite to Lax ([rhbz#2097730]) - Set `Content-Security-Policy: frame-ancestors 'self'; default-src 'self'` HTTP header for all responses ([rhbz#2097778]) ### Added - Add support for fence\_mpath to `pcs stonith update-scsi-devices` command ([rhbz#2024522]) - Support for cluster UUIDs. New clusters now get a UUID during setup. Existing clusters can get a UUID by running the new `pcs cluster config uuid generate` command ([rhbz#2054671]) - Add warning regarding move constraints to `pcs status` ([rhbz#2058247]) - Support for output formats `json` and `cmd` to `pcs resource config` and `pcs stonith config` commands ([rhbz#2058251], [rhbz#2058252]) ### Fixed - Booth ticket name validation ([rhbz#2053177]) - Adding booth ticket doesn't report 'mode' as an unknown option anymore ([rhbz#2058243]) - Preventing fence-loop caused when stonith-watchdog-timeout is set with wrong value ([rhbz#2058246]) - Do not allow to create an order constraint for resources in one group as that may block Pacemaker ([ghpull#509]) - `pcs quorum device remove` works again ([rhbz#2095695]) - Fixed description of full permission ([rhbz#2059177]) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: pcs security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7935 |