[ClusterLabs] pcs 0.10.1 released

Ivan Devát idevat at redhat.com
Wed Jan 9 07:15:34 UTC 2019



On 12/28/18 5:39 AM, digimer wrote:
> On 2018-11-26 12:26 p.m., Tomas Jelinek wrote:
>> I am happy to announce the latest release of pcs, version 0.10.1.
>>
>> Source code is available at:
>> https://github.com/ClusterLabs/pcs/archive/0.10.1.tar.gz
>> or
>> https://github.com/ClusterLabs/pcs/archive/0.10.1.zip
>>
>> This is the first final release of the pcs-0.10 branch.
>> Pcs-0.10 is the new main pcs branch supporting Corosync 3.x and
>> Pacemaker 2.x clusters while dropping support for older Corosync and
>> Pacemaker versions. Pcs-0.9, being in maintenance mode, continues to
>> support Corosync 1.x/2.x and Pacemaker 1.x clusters.
>>
>> Main changes compared to 0.9 branch:
>> * Corosync 3.x and Kronosnet is supported while Corosync 2.x and older
>>   as well as CMAN are not
>> * Node names are now fully supported
>> * Pacemaker 2.x is supported while Pacemaker 1.x is not
>> * Promotable clone resources replaced master resources; creating master
>>   resources is no longer possible but managing existing master resources
>>   is supported
>> * Options starting with '-' and '--' are no longer accepted by commands
>>   for which those options have no effect
>> * Obsoleting parameters of resource and fence agents are now supported
>>   and preferred over deprecated parameters
>> * Several deprecated and / or undocumented pcs commands / options have
>>   been removed
>> * Python 3.6+ and Ruby 2.2+ is now required
>>
>> Complete change log for this release against 0.9.163:
>> ## [0.10.1] - 2018-11-23
>>
>> ### Removed
>> - Pcs-0.10 removes support for CMAN, Corosync 1.x, Corosync 2.x and
>>   Pacemaker 1.x based clusters. For managing those clusters use
>>   pcs-0.9.x.
>> - Pcs-0.10 requires Python 3.6 and Ruby 2.2, support for older Python
>>   and Ruby versions has been removed.
>> - `pcs resource failcount reset` command has been removed as `pcs
>>   resource cleanup` is doing exactly the same job. ([rhbz#1427273])
>> - Deprecated commands `pcs cluster remote-node add | remove` have been
>>   removed as they were replaced with `pcs cluster node add-guest |
>>   remove-guest`
>> - Ability to create master resources has been removed as they are
>>   deprecated in Pacemaker 2.x ([rhbz#1542288])
>>   - Instead of `pcs resource create ... master` use `pcs resource create
>>     ... promotable` or `pcs resource create ... clone promotable=true`
>>   - Instead of `pcs resource master` use `pcs resource promotable` or
>>     `pcs resource clone ... promotable=true`
>> - Deprecated --clone option from `pcs resource create` command
>> - Ability to manage node attributes with `pcs property set|unset|show`
>>   commands (using `--node` option). The same functionality is still
>>   available using `pcs node attribute` command.
>> - Undocumented version of the `pcs constraint colocation add` command,
>>   its syntax was `pcs constraint colocation add <source resource id>
>>   <target resource id> [score] [options]`
>> - Deprecated commands `pcs cluster standby | unstandby`, use `pcs node
>>   standby | unstandby` instead
>> - Deprecated command `pcs cluster quorum unblock` which was replaced by
>>   `pcs quorum unblock`
>> - Subcommand `pcs status groups` as it was not showing a cluster status
>>   but cluster configuration. The same functionality is still available
>>   using command `pcs resource group list`
>> - Undocumented command `pcs acl target`, use `pcs acl user` instead
>>
>> ### Added
>> - Validation for an unaccessible resource inside a bundle
>>   ([rhbz#1462248])
>> - Options to filter failures by an operation and its interval in `pcs
>>   resource cleanup` and `pcs resource failcount show` commands
>>   ([rhbz#1427273])
>> - Commands for listing and testing watchdog devices ([rhbz#1578891])
>> - Commands for creating promotable clone resources `pcs resource
>>   promotable` and `pcs resource create ... promotable` ([rhbz#1542288])
>> - `pcs resource update` and `pcs resource meta` commands change master
>>   resources to promotable clone resources because master resources are
>>   deprecated in Pacemaker 2.x ([rhbz#1542288])
>> - Support for the `promoted-max` bundle option replacing the `masters`
>>   option in Pacemaker 2.x ([rhbz#1542288])
>> - Support for OP_NO_RENEGOTIATION option when OpenSSL supports it
>>   (even with Python 3.6) ([rhbz#1566430])
>> - Support for container types `rkt` and `podman` into bundle commands
>>   ([rhbz#1619620])
>> - Support for promotable clone resources in pcsd and web UI
>>   ([rhbz#1542288])
>> - Obsoleting parameters of resource and fence agents are now supported
>>   and preferred over deprecated parameters ([rhbz#1436217])
>> - `pcs status` now shows failed and pending fencing actions and `pcs
>>   status --full` shows the whole fencing history. Pacemaker supporting
>>   fencing history is required. ([rhbz#1615891])
>> - `pcs stonith history` commands for displaying, synchronizing and
>>   cleaning up fencing history. Pacemaker supporting fencing history is
>>   required. ([rhbz#1620190])
>> - Validation of node existence in a cluster when creating location
>>   constraints ([rhbz#1553718])
>> - Command `pcs client local-auth` for authentication of pcs client
>>   against local pcsd. This is required when a non-root user wants to
>>   execute a command which requires root permissions (e.g. `pcs cluster
>>   start`). ([rhbz#1554302])
>> - Command `pcs resource group list` which has the same functionality as
>>   removed command `pcs resource show --groups`
>>
>> ### Fixed
>> - Fixed encoding of the CIB_user_groups cookie in communication
>>   between nodes.
>> - `pcs cluster cib-push diff-against=` does not consider an empty diff
>>   as an error ([ghpull#166])
>> - `pcs cluster cib-push diff-against=` exits gracefully with an error
>>   message if crm_feature_set < 3.0.9 ([rhbz#1488044])
>> - `pcs resource update` does not create an empty meta_attributes
>>   element any more ([rhbz#1568353])
>> - `pcs resource debug-*` commands provide debug messages even with
>>   pacemaker-1.1.18 and newer ([rhbz#1574898])
>> - Improve `pcs quorum device add` usage and man page ([rhbz#1476862])
>> - Removing resources using web UI when the operation takes longer than
>>   expected ([rhbz#1579911])
>> - Removing a cluster node no longer leaves the node in the CIB and
>>   therefore cluster status even if the removal is run on the node which
>>   is being removed ([rhbz#1595829])
>> - Possible race condition causing an HTTP 408 error when sending larger
>>   files via pcs ([rhbz#1600169])
>> - Configuring QDevice works even if NSS with the new db format
>>   (cert9.db, key4.db, pkcs11.txt) is used ([rhbz#1596721])
>> - Options starting with '-' and '--' are no longer accepted by commands
>>   for which those options have no effect ([rhbz#1533866])
>> - When a user makes an error in a pcs command, usage for that specific
>>   command is printed instead of printing the whole usage
>> - Show more user friendly error message when testing watchdog device and
>>   multiple devices are present ([rhbz#1578891])
>> - Do not distinguish between supported and unsupported watchdog devices
>>   as SBD cannot reliably provide such information ([rhbz#1578891])
>> - `pcs config` no longer crashes when `crm_mon` prints something to
>>   stderr ([rhbz#1578955])
>> - `pcs resource bundle update` cmd for bundles which are using
>>   unsupported container backend ([rhbz#1619620])
>> - Do not crash if unable to load SSL certificate or key, log errors and
>>   exit gracefully instead ([rhbz#1638852])
>> - Fixed several issues in parsing `pcs constraint colocation add`
>>   command.
>> - All `remove` subcommands now have `delete` aliases and vice versa.
>>   Previously, only some of them did and it was mostly undocumented.
>> - The `pcs acl role delete` command no longer deletes ACL users and
>>   groups with no ACL roles assigned
>>
>> ### Changed
>> - Authentication has been overhauled ([rhbz#1549535]):
>>   - The `pcs cluster auth` command only authenticates nodes in a local
>>     cluster and does not accept a node list.
>>   - The new command for authentication is `pcs host auth`. It allows to
>>     specify host names, addresses and pcsd ports.
>>   - Previously, running `pcs cluster auth A B C` caused A, B and C to be
>>     all authenticated against each other. Now, `pcs host auth A B C`
>>     makes the local host authenticated against A, B and C. This allows
>>     better control of what is authenticated against what.
>>   - The `pcs pcsd clear-auth` command has been replaced by `pcs pcsd
>>     deauth` and `pcs host deauth` commands. The new commands allows to
>>     deauthenticate a single host / token as well as all hosts / tokens.
>>   - These changes are not backward compatible. You should use the `pcs
>>     host auth` command to re-authenticate your hosts.
>> - The `pcs cluster setup` command has been overhauled ([rhbz#1158816],
>>   [rhbz#1183103]):
>>   - It works with Corosync 3.x only and supports knet as well as
>>     udp/udpu.
>>   - Node names are now supported.
>>   - The number of Corosync options configurable by the command has been
>>     significantly increased.
>>   - The syntax of the command has been completely changed to accommodate
>>     the changes and new features.
>>   - Corosync encryption is enabled by default when knet is used
>>     ([rhbz#1648942])
>> - The `pcs cluster node add` command has been overhauled
>>   ([rhbz#1158816], [rhbz#1183103])
>>   - It works with Corosync 3.x only and supports knet as well as
>>     udp/udpu.
>>   - Node names are now supported.
>>   - The syntax of the command has been changed to accommodate new
>>     features and to be consistent with other pcs commands.
>> - The `pcs cluster node remove` has been overhauled ([rhbz#1158816],
>>   [rhbz#1595829]):
>>   - It works with Corosync 3.x only and supports knet as well as
>>     udp/udpu.
>>   - It is now possible to remove more than one node at once.
>>   - Removing a cluster node no longer leaves the node in the CIB and
>>     therefore cluster status even if the removal is run on the node
>>     which is being removed
>> - Node names are fully supported now and are no longer coupled with node
>>   addresses. It is possible to set up a cluster where Corosync
>>   communicates over different addresses than pcs/pcsd. ([rhbz#1158816],
>>   [rhbz#1183103])
>> - Node names are now required while node addresses are optional in the
>>   `pcs cluster node add-guest` and `pcs cluster node add-remove`
>>   commands. Previously, it was the other way around.
>> - Web UI has been updated following changes in authentication and
>>   support for Corosync 3.x ([rhbz#1158816], [rhbz#1183103],
>>   [rhbz#1549535])
>> - Commands related to resource failures have been overhauled to support
>>   changes in pacemaker. Failures are now tracked per resource operations
>>   on top of resources and nodes. ([rhbz#1427273], [rhbz#1588667])
>> - `--watchdog` and `--device` options of `pcs stonith sbd enable` and
>>   `pcs stonith sbd device setup` commands have been replaced with
>>   `watchdog` and `device` options respectively
>> - Update pacemaker daemon names to match changes in pacemaker-2.0
>>   ([rhbz#1573344])
>> - Watchdog devices are validated against a list provided by sbd
>>   ([rhbz#1578891])
>> - Resource operation option `requires` is no longer accepted to match
>>   changes in pacemaker-2.0 ([rhbz#1605185])
>> - Update pacemaker exit codes to match changes in pacemaker-2.0
>>   ([rhbz#1536121])
>> - `pcs cluster cib-upgrade` no longer exits with an error if the CIB
>>   schema is already the latest available (this has been changed in
>>   pacemaker-2.0)
>> - Pcs now configures corosync to put timestamps in its log
>>   ([rhbz#1615420])
>> - Option `-V` has been replaced with `--full` and a CIB file can be
>>   specified only using option `-f` in `pcs cluster verify`
>> - Master resources are now called promotable clone resources to match
>>   changes in pacemaker-2.0 ([rhbz#1542288])
>> - Key size of default pcsd self-generated certificates increased from
>>   2048b to 3072b ([rhbz#1638852])
>> - pcsd.service now depends on network-online.target ([rhbz#1640477])
>> - Split command `pcs resource [show]` into two new commands:
>>   - `pcs resource [status]` - same as `pcs resource [show]`
>>   - `pcs resource config` - same as `pcs resource [show] --full` or
>>     resource id specified instead of --full Respective changes have been
>>     made to `pcs stonith [show]` command.
>> - Previously, `pcs cluster sync` synchronized only corosync
>>   configuration across all nodes configured in the cluster. This command
>>   will be changed in the future to sync all cluster configuration. New
>>   subcommand `pcs cluster sync corosync` has been introduced to sync
>>   only corosync configuration. For now, both commands have the same
>>   functionality.
>>
>> ### Security
>> - CVE-2018-1086: Debug parameter removal bypass, allowing information
>>   disclosure ([rhbz#1557366])
>> - CVE-2018-1079: Privilege escalation via authorized user malicious REST
>>   call ([rhbz#1550243])
>>
>> ### Deprecated
>> - The `masters` bundle option is obsoleted by the `promoted-max` option
>>   in Pacemaker 2.x and therefore in pcs ([rhbz#1542288])
>> - `pcs cluster uidgid rm`, use `pcs cluster uidgid delete` or `pcs
>>   cluster uidgid remove` instead
>>
>>
>> Thanks / congratulations to everyone who contributed to this release,
>> including Bruno Travouillon, Ivan Devat, Jan Pokorný, Ondrej Mular and
>> Tomas Jelinek.
>>
>> Cheers,
>> Tomas
>>
>>
>> [ghpull#166]: https://github.com/ClusterLabs/pcs/pull/166
>> [rhbz#1158816]: https://bugzilla.redhat.com/show_bug.cgi?id=1158816
>> [rhbz#1183103]: https://bugzilla.redhat.com/show_bug.cgi?id=1183103
>> [rhbz#1427273]: https://bugzilla.redhat.com/show_bug.cgi?id=1427273
>> [rhbz#1436217]: https://bugzilla.redhat.com/show_bug.cgi?id=1436217
>> [rhbz#1462248]: https://bugzilla.redhat.com/show_bug.cgi?id=1462248
>> [rhbz#1476862]: https://bugzilla.redhat.com/show_bug.cgi?id=1476862
>> [rhbz#1488044]: https://bugzilla.redhat.com/show_bug.cgi?id=1488044
>> [rhbz#1533866]: https://bugzilla.redhat.com/show_bug.cgi?id=1533866
>> [rhbz#1536121]: https://bugzilla.redhat.com/show_bug.cgi?id=1536121
>> [rhbz#1542288]: https://bugzilla.redhat.com/show_bug.cgi?id=1542288
>> [rhbz#1549535]: https://bugzilla.redhat.com/show_bug.cgi?id=1549535
>> [rhbz#1550243]: https://bugzilla.redhat.com/show_bug.cgi?id=1550243
>> [rhbz#1553718]: https://bugzilla.redhat.com/show_bug.cgi?id=1553718
>> [rhbz#1554302]: https://bugzilla.redhat.com/show_bug.cgi?id=1554302
>> [rhbz#1557366]: https://bugzilla.redhat.com/show_bug.cgi?id=1557366
>> [rhbz#1566430]: https://bugzilla.redhat.com/show_bug.cgi?id=1566430
>> [rhbz#1568353]: https://bugzilla.redhat.com/show_bug.cgi?id=1568353
>> [rhbz#1573344]: https://bugzilla.redhat.com/show_bug.cgi?id=1573344
>> [rhbz#1574898]: https://bugzilla.redhat.com/show_bug.cgi?id=1574898
>> [rhbz#1578891]: https://bugzilla.redhat.com/show_bug.cgi?id=1578891
>> [rhbz#1578955]: https://bugzilla.redhat.com/show_bug.cgi?id=1578955
>> [rhbz#1579911]: https://bugzilla.redhat.com/show_bug.cgi?id=1579911
>> [rhbz#1588667]: https://bugzilla.redhat.com/show_bug.cgi?id=1588667
>> [rhbz#1595829]: https://bugzilla.redhat.com/show_bug.cgi?id=1595829
>> [rhbz#1596721]: https://bugzilla.redhat.com/show_bug.cgi?id=1596721
>> [rhbz#1600169]: https://bugzilla.redhat.com/show_bug.cgi?id=1600169
>> [rhbz#1605185]: https://bugzilla.redhat.com/show_bug.cgi?id=1605185
>> [rhbz#1615420]: https://bugzilla.redhat.com/show_bug.cgi?id=1615420
>> [rhbz#1615891]: https://bugzilla.redhat.com/show_bug.cgi?id=1615891
>> [rhbz#1619620]: https://bugzilla.redhat.com/show_bug.cgi?id=1619620
>> [rhbz#1620190]: https://bugzilla.redhat.com/show_bug.cgi?id=1620190
>> [rhbz#1638852]: https://bugzilla.redhat.com/show_bug.cgi?id=1638852
>> [rhbz#1640477]: https://bugzilla.redhat.com/show_bug.cgi?id=1640477
>> [rhbz#1648942]: https://bugzilla.redhat.com/show_bug.cgi?id=1648942
> 
> Hi,
> 
>    Looking at https://src.fedoraproject.org/rpms/pcs/tree/f29, it 
> appears the last .spec was for 0.10.0.alpha.6. Is there an update for 
> this release? Alternatively, are srpms available (on instructions for 
> building srpms) available?
> 
> Cheers!
> 
> digimer
> 
Hi,

a package with pcs version 0.10.1 for fedora is prepared now (you can 
look at 
https://koji.fedoraproject.org/koji/packageinfo?packageID=13172). It may 
take a few days before package appears in repo ( 
https://bodhi.fedoraproject.org/updates/?packages=pcs ).

Ivan
> 
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> https://lists.clusterlabs.org/mailman/listinfo/users
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org


More information about the Users mailing list