Details - 1.1.11 - final
Changesets | 795 |
Diff | 195 files changed, 13772 insertions(+), 6176 deletions(-) |
Highlights
- ACLs are now on by default
- Thanks to a new algorithm, the CIB is now two orders of magnitude faster.
Resulting in less CPU usage by the cluster itself and faster failover times
Features added since Pacemaker-1.1.11
- Changes to the ACL schema to support nodes and unix groups
- cib: Check ACLs prior to making the update instead of parsing the diff afterwards
- cib: Default ACL support to on
- cib: Enable the more efficient xml patchset format
- cib: Implement zero-copy status update
- cib: Send all r/w operations via the cluster connection and have all nodes process them
- crmd: Set "cluster-name" property to corosync's "cluster_name" by default for corosync-2
- crm_mon: Display brief output if "-b/--brief" is supplied or 'b' is toggled
- crm_report: Allow ssh alternatives to be used
- crm_ticket: Support multiple modifications for a ticket in an atomic operation
- extra: Add logrotate configuration file for /var/log/pacemaker.log
- Fencing: Add the ability to call stonith_api_time() from stonith_admin
- logging: daemons always get a log file, unless explicitly set to configured 'none'
- logging: allows the user to specify a log level that is output to syslog
- PE: Automatically re-unfence a node if the fencing device definition changes
- pengine: cl#5174 - Allow resource sets and templates for location constraints
- pengine: Support cib object tags
- pengine: Support cluster-specific instance attributes based on rules
- pengine: Support id-ref in nvpair with optional "name"
- pengine: Support per-resource maintenance mode
- pengine: Support site-specific instance attributes based on rules
- tools: Allow crm_shadow to create older configuration versions
- tools: Display pending state in crm_mon/crm_resource/crm_simulate if --pending/-j is supplied (cl#5178)
- xml: Add the ability to have lightweight schema revisions
- xml: Enable resource sets in location constraints for 1.2 schema
- xml: Support resources that require unfencing
Changes since Pacemaker-1.1.11
- acl: Authenticate pacemaker-remote requests with the node name as the client
- acl: Read access must be explicitly granted
- attrd: Ensure attribute dampening is always observed
- attrd: Remove offline nodes from node cache for "peer-remove" requests
- Bug cl#5055 - Improved migration support.
- Bug cl#5184 - Ensure pending probes that ultimately fail are correctly updated
- Bug cl#5196 - pengine: Check values after expanding templates
- Bug cl#5212 - Do not promote instances when quorum is lots and no-quorum-policy=freeze
- Bug cl#5213 - Ensure role colocation with -INFINITY is enforced
- Bug cl#5213 - Limit the scope of the previous commit to the masters role
- Bug cl#5219 - pengine: Allow unrelated resources with a common colocation target to remain promoted
- Bug cl#5222 - cib: Repair rolling update capability
- Bug cl#5222 - Enable legacy mode whenever a broadcast update is detected
- Bug rhbz#1036631 - Stop members of cloned groups when dependancies are stopped
- Bug rhbz#1054307 - cname pattern match should be more restrictive in init script
- Bug rhbz#1057697 - Use native DBus library for systemd/upstart support to avoid problematic use of threads
- Bug rhbz#1097457 - Limit the scope of the previous fix and include a helpful comment
- Bug rhbz#1097457 - Prevent invalid transition when resource are ordered to start after the container they're started in
- cib: allow setting permanent remote-node attributes
- cib: Auto-detect which patchset format to use
- cib: Determine the best value of validate-with if one is not supplied
- cib: Do not disable cib disk writes if on-disk cib is corrupt
- cib: Ensure 'cibadmin -R/--replace' commands get replies
- cib: Erasing the cib is an admin action, bump the admin_epoch instead
- cib: Fix remote cib based on TLS
- cib: Ingore patch failures if we already have their contents
- cib: Validate that everyone still sees the same configuration once all updates have completed
- cibadmin: Allow priviliged clients to perform tasks as unpriviliged users
- cibadmin: Remove dangerous commands that exposed unnecessary implementation internal details
- cluster: Fix segfault on removing a node
- cluster: Prevent search of unames from attempting to create node entries for unknown nodes
- cluster: Remove unknown offline nodes with conflicting unames from node cache
- controld: Do not consider the dlm up until the address list is present
- controld: handling startup fencing within the controld agent, not the dlm
- controld: Return OCF_ERR_INSTALLED instead of OCF_NOT_INSTALLED
- crmd: Ack pending operations that were cancelled due to rsc deletion
- crmd: Actions can only be executed if their pre-requisits completed successfully
- crmd: avoid double free caused by nested hash table removal
- crmd: Avoid spamming the cib by triggering a transition only once per non-status change
- crmd: Correctly react to successful unfencing operations
- crmd: Correctly recognise operation cancellations we initiated
- crmd: Do not erase the status section for unfenced nodes
- crmd: Do not overwrite existing node state when fencing completes
- crmd: Do not start timers for already completed operations
- crmd: Ensure crm_config options are re-read on updates
- crmd: Fenced nodes that return prior to an election do not need to have their status section reset
- crmd: make lrm_state hash table not case sensitive
- crmd: make node_state erase correctly
- crmd: Only write fence_averride if open() returns a positive file descriptor
- crmd: Prevent manual fencing confirmations from attempting to create node entries for unknown nodes
- crmd: Prevent SIGPIPE when notifying CMAN about fencing operations
- crmd: Remove state of unknown nodes with conflicting unames from CIB
- crmd: Remove unknown nodes with conflicting unames from CIB
- crmd: Report unsuccessful unfencing operations
- crm_diff: Allow the generation of xml patchsets without digests
- crm_mon: Allow the file created by --as-html to be world readable
- crm_mon: Ensure resource attributes have been unpacked before displaying connectivity data
- crm_node: Only remove the named resource from the cib
- crm_report: Gracefully handle rediculously large logfiles
- crm_report: Only gather dlm data if dlm_controld is running
- crm_resource: Gracefully handle -EACCESS when querying the cib
- crm_verify: Perform a full set of calculations whenever the status section is present
- fencing: Advertise support for reboot/on/off in the metadata for legacy agents
- fencing: Automatically switch from 'list' to 'status' to 'static-list' if those actions are not advertised in the metadata
- fencing: Cache metadata lookups to avoid repeated blocking during device registration
- fencing: Correctly record which peer performed the fencing operation
- fencing: default to 'off' when agent does not advertise 'reboot' in metadata
- fencing: Do not unregister/register all stonith devices on every resource agent change
- fencing: Execute all required fencing devices regardless of what topology level they are at
- fencing: Fence using all required devices
- fencing: Pass the correct options when looking up the history by node name
- fencing: Update stonith device list only if stonith is enabled
- get_cluster_type: failing concurrent tool invocations on heartbeat
- ignore SIGPIPE when gnutls is in use
- iso8601: Different logic is needed when logging and calculating durations
- iso8601: Fix memory leak in duration calculation
- Logging: Bootstrap daemon logging before processing arguments but configure it afterwards
- lrmd: Cancel recurring operations before stop action is executed
- lrmd: Expose logging variables expected by OCF agents
- lrmd: Handle systemd reporting 'done' before a resource is actually stopped/started
- lrmd: Merge duplicate recurring monitor operations
- lrmd: Prevent OCF agents from logging to random files due to "value" of setenv() being NULL
- lrmd: Provide stderr output from agents if available, otherwise fall back to stdout
- mainloop: Better handle the killing of processes in the act of exiting
- mainloop: Canceling in-flight operations should not fail if child process has already exited.
- mainloop: Fixes use after free in process monitor code
- mcp: Tell systemd not to respawn us if we exit with rc=100
- membership: Avoid duplicate peer entries in the peer cache
- pengine: Allow container nodes to migrate with connection resource
- pengine: avoid assert by searching for stop action on correct node during LogActions
- pengine: Block restart of resources if any dependent resource in a group is unmanaged
- pengine: cl#5186 - Avoid running rsc on two nodes when node is fenced during migration
- pengine: cl#5187 - Prevent resources in an anti-colocation from even temporarily running on a same node
- pengine: cl#5200 - Before migrating utilization-using resources to a node, take off the load that will no longer run there if it's not introducing transition loop
- pengine: Correctly handle origin offsets in the future
- pengine: Correctly observe requires=nothing
- pengine: Default sequential to TRUE for resource sets for consistency with colocation sets
- pengine: Delay unfencing until after we know the state of all resources that require unfencing
- pengine: Do not initiate fencing for unclean nodes when fencing is disabled
- pengine: Ensure instance numbers are preserved for cloned templates
- pengine: Ensure unfencing only happens once, even if the transition is interrupted
- pengine: Fencing devices default to only requiring quorum in order to start
- pengine: fixes invalid transition caused by clones with more than 10 instances
- pengine: Force record pending for migrate_to actions
- pengine: handles edge case where container order constraints are not honored during migration
- pengine: Ignore failure-timeout only if the failed operation has on-fail="block"
- pengine: Mark unrunnable stop actions as "blocked" and show the correct current locations
- pengine: Memory leaks
- pengine: properly handle fencing of container remote-nodes when the container is orphaned
- pengine: properly place resource within a container when container is a remote-node.
- pengine: Unfencing is based on device probes, there is no need to unfence when normal resources are found active
- pengine: Use "#cluster-name" in rules for setting cluster-specific instance attributes
- pengine: Use "#site-name" in rules for setting site-specific instance attributes
- remote: Allow baremetal remote-node connection resources to migrate
- remote: clear remote-node status correctly
- remote: Enable migration support for baremetal connection resources by default
- remote: Handle request/response ipc proxy correctly
- services: Correctly reset the nice value for lrmd's children
- services: Do not allow duplicate recurring op entries
- services: Do not block synced service executions
- services: Fixes segfault associated with cancelling in-flight recurring operations.
- services: Remove cancelled recurring ops from internal lists as early as possible
- services: Remove file descriptors from mainloop as soon as we have drained them
- services: Reset the scheduling policy and priority for lrmd's children without replying on SCHED_RESET_ON_FORK
- services_action_cancel: Interpret return code from mainloop_child_kill() correctly
- stonith_admin: Ensure pointers passed to sscanf() are properly initialized
- stonith_api_time_helper now returns when the most recent fencing operation completed
- systemd: Prevent use-of-NULL when determining if an agent exists
- systemd: Try to handle dbus actions that complete prior to configuring a callback
- Tools: Non-daemons shouldn't abort just because xml parsing failed
- Upstart: Allow comilation with glib versions older than 2.28
- Upstart: Do not attempt upstart jobs if we cannot connect to dbus
- When data was old, it fixed so that the newest cib might not be acquired.
- xml: Check all available schemas when doing upgrades
- xml: Correctly determine the lowest allowed schema version
- xml: Correctly enforce ACLs after a replace operation
- xml: Correctly infer attribute changes after a replace operation
- xml: Create the correct diff when only part of a document is changed
- xml: Detect attribute ordering changes
- xml: Detect content that is added and removed in the same update
- xml: Do not prune meaningful leaves from v1 patchsets
- xml: Empty patchsets are considered to have applied cleanly
- xml: Ensure patches always have version details set
- xml: Find the minimal set of changes when part of a document is replaced
- xml: If validate-with is missing, we find the most recent schema that accepts it and go from there
- xml: Introduce a 'move' primitive for v2 patch sets
- xml: Preserve the attribute order in the patch for subsequent digest validation
- xml: Resolve memory leak when logging xml blobs
- xml: Update xml validation to allow ''