[ClusterLabs] pcs 0.10.1 released
digimer
lists at alteeve.ca
Fri Dec 28 04:39:09 UTC 2018
On 2018-11-26 12:26 p.m., Tomas Jelinek wrote:
> I am happy to announce the latest release of pcs, version 0.10.1.
>
> Source code is available at:
> https://github.com/ClusterLabs/pcs/archive/0.10.1.tar.gz
> or
> https://github.com/ClusterLabs/pcs/archive/0.10.1.zip
>
> This is the first final release of the pcs-0.10 branch.
> Pcs-0.10 is the new main pcs branch supporting Corosync 3.x and
> Pacemaker 2.x clusters while dropping support for older Corosync and
> Pacemaker versions. Pcs-0.9, being in maintenance mode, continues to
> support Corosync 1.x/2.x and Pacemaker 1.x clusters.
>
> Main changes compared to 0.9 branch:
> * Corosync 3.x and Kronosnet is supported while Corosync 2.x and older
> as well as CMAN are not
> * Node names are now fully supported
> * Pacemaker 2.x is supported while Pacemaker 1.x is not
> * Promotable clone resources replaced master resources; creating master
> resources is no longer possible but managing existing master resources
> is supported
> * Options starting with '-' and '--' are no longer accepted by commands
> for which those options have no effect
> * Obsoleting parameters of resource and fence agents are now supported
> and preferred over deprecated parameters
> * Several deprecated and / or undocumented pcs commands / options have
> been removed
> * Python 3.6+ and Ruby 2.2+ is now required
>
> Complete change log for this release against 0.9.163:
> ## [0.10.1] - 2018-11-23
>
> ### Removed
> - Pcs-0.10 removes support for CMAN, Corosync 1.x, Corosync 2.x and
> Pacemaker 1.x based clusters. For managing those clusters use
> pcs-0.9.x.
> - Pcs-0.10 requires Python 3.6 and Ruby 2.2, support for older Python
> and Ruby versions has been removed.
> - `pcs resource failcount reset` command has been removed as `pcs
> resource cleanup` is doing exactly the same job. ([rhbz#1427273])
> - Deprecated commands `pcs cluster remote-node add | remove` have been
> removed as they were replaced with `pcs cluster node add-guest |
> remove-guest`
> - Ability to create master resources has been removed as they are
> deprecated in Pacemaker 2.x ([rhbz#1542288])
> - Instead of `pcs resource create ... master` use `pcs resource create
> ... promotable` or `pcs resource create ... clone promotable=true`
> - Instead of `pcs resource master` use `pcs resource promotable` or
> `pcs resource clone ... promotable=true`
> - Deprecated --clone option from `pcs resource create` command
> - Ability to manage node attributes with `pcs property set|unset|show`
> commands (using `--node` option). The same functionality is still
> available using `pcs node attribute` command.
> - Undocumented version of the `pcs constraint colocation add` command,
> its syntax was `pcs constraint colocation add <source resource id>
> <target resource id> [score] [options]`
> - Deprecated commands `pcs cluster standby | unstandby`, use `pcs node
> standby | unstandby` instead
> - Deprecated command `pcs cluster quorum unblock` which was replaced by
> `pcs quorum unblock`
> - Subcommand `pcs status groups` as it was not showing a cluster status
> but cluster configuration. The same functionality is still available
> using command `pcs resource group list`
> - Undocumented command `pcs acl target`, use `pcs acl user` instead
>
> ### Added
> - Validation for an unaccessible resource inside a bundle
> ([rhbz#1462248])
> - Options to filter failures by an operation and its interval in `pcs
> resource cleanup` and `pcs resource failcount show` commands
> ([rhbz#1427273])
> - Commands for listing and testing watchdog devices ([rhbz#1578891])
> - Commands for creating promotable clone resources `pcs resource
> promotable` and `pcs resource create ... promotable` ([rhbz#1542288])
> - `pcs resource update` and `pcs resource meta` commands change master
> resources to promotable clone resources because master resources are
> deprecated in Pacemaker 2.x ([rhbz#1542288])
> - Support for the `promoted-max` bundle option replacing the `masters`
> option in Pacemaker 2.x ([rhbz#1542288])
> - Support for OP_NO_RENEGOTIATION option when OpenSSL supports it
> (even with Python 3.6) ([rhbz#1566430])
> - Support for container types `rkt` and `podman` into bundle commands
> ([rhbz#1619620])
> - Support for promotable clone resources in pcsd and web UI
> ([rhbz#1542288])
> - Obsoleting parameters of resource and fence agents are now supported
> and preferred over deprecated parameters ([rhbz#1436217])
> - `pcs status` now shows failed and pending fencing actions and `pcs
> status --full` shows the whole fencing history. Pacemaker supporting
> fencing history is required. ([rhbz#1615891])
> - `pcs stonith history` commands for displaying, synchronizing and
> cleaning up fencing history. Pacemaker supporting fencing history is
> required. ([rhbz#1620190])
> - Validation of node existence in a cluster when creating location
> constraints ([rhbz#1553718])
> - Command `pcs client local-auth` for authentication of pcs client
> against local pcsd. This is required when a non-root user wants to
> execute a command which requires root permissions (e.g. `pcs cluster
> start`). ([rhbz#1554302])
> - Command `pcs resource group list` which has the same functionality as
> removed command `pcs resource show --groups`
>
> ### Fixed
> - Fixed encoding of the CIB_user_groups cookie in communication
> between nodes.
> - `pcs cluster cib-push diff-against=` does not consider an empty diff
> as an error ([ghpull#166])
> - `pcs cluster cib-push diff-against=` exits gracefully with an error
> message if crm_feature_set < 3.0.9 ([rhbz#1488044])
> - `pcs resource update` does not create an empty meta_attributes
> element any more ([rhbz#1568353])
> - `pcs resource debug-*` commands provide debug messages even with
> pacemaker-1.1.18 and newer ([rhbz#1574898])
> - Improve `pcs quorum device add` usage and man page ([rhbz#1476862])
> - Removing resources using web UI when the operation takes longer than
> expected ([rhbz#1579911])
> - Removing a cluster node no longer leaves the node in the CIB and
> therefore cluster status even if the removal is run on the node which
> is being removed ([rhbz#1595829])
> - Possible race condition causing an HTTP 408 error when sending larger
> files via pcs ([rhbz#1600169])
> - Configuring QDevice works even if NSS with the new db format
> (cert9.db, key4.db, pkcs11.txt) is used ([rhbz#1596721])
> - Options starting with '-' and '--' are no longer accepted by commands
> for which those options have no effect ([rhbz#1533866])
> - When a user makes an error in a pcs command, usage for that specific
> command is printed instead of printing the whole usage
> - Show more user friendly error message when testing watchdog device and
> multiple devices are present ([rhbz#1578891])
> - Do not distinguish between supported and unsupported watchdog devices
> as SBD cannot reliably provide such information ([rhbz#1578891])
> - `pcs config` no longer crashes when `crm_mon` prints something to
> stderr ([rhbz#1578955])
> - `pcs resource bundle update` cmd for bundles which are using
> unsupported container backend ([rhbz#1619620])
> - Do not crash if unable to load SSL certificate or key, log errors and
> exit gracefully instead ([rhbz#1638852])
> - Fixed several issues in parsing `pcs constraint colocation add`
> command.
> - All `remove` subcommands now have `delete` aliases and vice versa.
> Previously, only some of them did and it was mostly undocumented.
> - The `pcs acl role delete` command no longer deletes ACL users and
> groups with no ACL roles assigned
>
> ### Changed
> - Authentication has been overhauled ([rhbz#1549535]):
> - The `pcs cluster auth` command only authenticates nodes in a local
> cluster and does not accept a node list.
> - The new command for authentication is `pcs host auth`. It allows to
> specify host names, addresses and pcsd ports.
> - Previously, running `pcs cluster auth A B C` caused A, B and C to be
> all authenticated against each other. Now, `pcs host auth A B C`
> makes the local host authenticated against A, B and C. This allows
> better control of what is authenticated against what.
> - The `pcs pcsd clear-auth` command has been replaced by `pcs pcsd
> deauth` and `pcs host deauth` commands. The new commands allows to
> deauthenticate a single host / token as well as all hosts / tokens.
> - These changes are not backward compatible. You should use the `pcs
> host auth` command to re-authenticate your hosts.
> - The `pcs cluster setup` command has been overhauled ([rhbz#1158816],
> [rhbz#1183103]):
> - It works with Corosync 3.x only and supports knet as well as
> udp/udpu.
> - Node names are now supported.
> - The number of Corosync options configurable by the command has been
> significantly increased.
> - The syntax of the command has been completely changed to accommodate
> the changes and new features.
> - Corosync encryption is enabled by default when knet is used
> ([rhbz#1648942])
> - The `pcs cluster node add` command has been overhauled
> ([rhbz#1158816], [rhbz#1183103])
> - It works with Corosync 3.x only and supports knet as well as
> udp/udpu.
> - Node names are now supported.
> - The syntax of the command has been changed to accommodate new
> features and to be consistent with other pcs commands.
> - The `pcs cluster node remove` has been overhauled ([rhbz#1158816],
> [rhbz#1595829]):
> - It works with Corosync 3.x only and supports knet as well as
> udp/udpu.
> - It is now possible to remove more than one node at once.
> - Removing a cluster node no longer leaves the node in the CIB and
> therefore cluster status even if the removal is run on the node
> which is being removed
> - Node names are fully supported now and are no longer coupled with node
> addresses. It is possible to set up a cluster where Corosync
> communicates over different addresses than pcs/pcsd. ([rhbz#1158816],
> [rhbz#1183103])
> - Node names are now required while node addresses are optional in the
> `pcs cluster node add-guest` and `pcs cluster node add-remove`
> commands. Previously, it was the other way around.
> - Web UI has been updated following changes in authentication and
> support for Corosync 3.x ([rhbz#1158816], [rhbz#1183103],
> [rhbz#1549535])
> - Commands related to resource failures have been overhauled to support
> changes in pacemaker. Failures are now tracked per resource operations
> on top of resources and nodes. ([rhbz#1427273], [rhbz#1588667])
> - `--watchdog` and `--device` options of `pcs stonith sbd enable` and
> `pcs stonith sbd device setup` commands have been replaced with
> `watchdog` and `device` options respectively
> - Update pacemaker daemon names to match changes in pacemaker-2.0
> ([rhbz#1573344])
> - Watchdog devices are validated against a list provided by sbd
> ([rhbz#1578891])
> - Resource operation option `requires` is no longer accepted to match
> changes in pacemaker-2.0 ([rhbz#1605185])
> - Update pacemaker exit codes to match changes in pacemaker-2.0
> ([rhbz#1536121])
> - `pcs cluster cib-upgrade` no longer exits with an error if the CIB
> schema is already the latest available (this has been changed in
> pacemaker-2.0)
> - Pcs now configures corosync to put timestamps in its log
> ([rhbz#1615420])
> - Option `-V` has been replaced with `--full` and a CIB file can be
> specified only using option `-f` in `pcs cluster verify`
> - Master resources are now called promotable clone resources to match
> changes in pacemaker-2.0 ([rhbz#1542288])
> - Key size of default pcsd self-generated certificates increased from
> 2048b to 3072b ([rhbz#1638852])
> - pcsd.service now depends on network-online.target ([rhbz#1640477])
> - Split command `pcs resource [show]` into two new commands:
> - `pcs resource [status]` - same as `pcs resource [show]`
> - `pcs resource config` - same as `pcs resource [show] --full` or
> resource id specified instead of --full Respective changes have been
> made to `pcs stonith [show]` command.
> - Previously, `pcs cluster sync` synchronized only corosync
> configuration across all nodes configured in the cluster. This command
> will be changed in the future to sync all cluster configuration. New
> subcommand `pcs cluster sync corosync` has been introduced to sync
> only corosync configuration. For now, both commands have the same
> functionality.
>
> ### Security
> - CVE-2018-1086: Debug parameter removal bypass, allowing information
> disclosure ([rhbz#1557366])
> - CVE-2018-1079: Privilege escalation via authorized user malicious REST
> call ([rhbz#1550243])
>
> ### Deprecated
> - The `masters` bundle option is obsoleted by the `promoted-max` option
> in Pacemaker 2.x and therefore in pcs ([rhbz#1542288])
> - `pcs cluster uidgid rm`, use `pcs cluster uidgid delete` or `pcs
> cluster uidgid remove` instead
>
>
> Thanks / congratulations to everyone who contributed to this release,
> including Bruno Travouillon, Ivan Devat, Jan Pokorný, Ondrej Mular and
> Tomas Jelinek.
>
> Cheers,
> Tomas
>
>
> [ghpull#166]: https://github.com/ClusterLabs/pcs/pull/166
> [rhbz#1158816]: https://bugzilla.redhat.com/show_bug.cgi?id=1158816
> [rhbz#1183103]: https://bugzilla.redhat.com/show_bug.cgi?id=1183103
> [rhbz#1427273]: https://bugzilla.redhat.com/show_bug.cgi?id=1427273
> [rhbz#1436217]: https://bugzilla.redhat.com/show_bug.cgi?id=1436217
> [rhbz#1462248]: https://bugzilla.redhat.com/show_bug.cgi?id=1462248
> [rhbz#1476862]: https://bugzilla.redhat.com/show_bug.cgi?id=1476862
> [rhbz#1488044]: https://bugzilla.redhat.com/show_bug.cgi?id=1488044
> [rhbz#1533866]: https://bugzilla.redhat.com/show_bug.cgi?id=1533866
> [rhbz#1536121]: https://bugzilla.redhat.com/show_bug.cgi?id=1536121
> [rhbz#1542288]: https://bugzilla.redhat.com/show_bug.cgi?id=1542288
> [rhbz#1549535]: https://bugzilla.redhat.com/show_bug.cgi?id=1549535
> [rhbz#1550243]: https://bugzilla.redhat.com/show_bug.cgi?id=1550243
> [rhbz#1553718]: https://bugzilla.redhat.com/show_bug.cgi?id=1553718
> [rhbz#1554302]: https://bugzilla.redhat.com/show_bug.cgi?id=1554302
> [rhbz#1557366]: https://bugzilla.redhat.com/show_bug.cgi?id=1557366
> [rhbz#1566430]: https://bugzilla.redhat.com/show_bug.cgi?id=1566430
> [rhbz#1568353]: https://bugzilla.redhat.com/show_bug.cgi?id=1568353
> [rhbz#1573344]: https://bugzilla.redhat.com/show_bug.cgi?id=1573344
> [rhbz#1574898]: https://bugzilla.redhat.com/show_bug.cgi?id=1574898
> [rhbz#1578891]: https://bugzilla.redhat.com/show_bug.cgi?id=1578891
> [rhbz#1578955]: https://bugzilla.redhat.com/show_bug.cgi?id=1578955
> [rhbz#1579911]: https://bugzilla.redhat.com/show_bug.cgi?id=1579911
> [rhbz#1588667]: https://bugzilla.redhat.com/show_bug.cgi?id=1588667
> [rhbz#1595829]: https://bugzilla.redhat.com/show_bug.cgi?id=1595829
> [rhbz#1596721]: https://bugzilla.redhat.com/show_bug.cgi?id=1596721
> [rhbz#1600169]: https://bugzilla.redhat.com/show_bug.cgi?id=1600169
> [rhbz#1605185]: https://bugzilla.redhat.com/show_bug.cgi?id=1605185
> [rhbz#1615420]: https://bugzilla.redhat.com/show_bug.cgi?id=1615420
> [rhbz#1615891]: https://bugzilla.redhat.com/show_bug.cgi?id=1615891
> [rhbz#1619620]: https://bugzilla.redhat.com/show_bug.cgi?id=1619620
> [rhbz#1620190]: https://bugzilla.redhat.com/show_bug.cgi?id=1620190
> [rhbz#1638852]: https://bugzilla.redhat.com/show_bug.cgi?id=1638852
> [rhbz#1640477]: https://bugzilla.redhat.com/show_bug.cgi?id=1640477
> [rhbz#1648942]: https://bugzilla.redhat.com/show_bug.cgi?id=1648942
Hi,
Looking at https://src.fedoraproject.org/rpms/pcs/tree/f29, it
appears the last .spec was for 0.10.0.alpha.6. Is there an update for
this release? Alternatively, are srpms available (on instructions for
building srpms) available?
Cheers!
digimer
More information about the Users
mailing list