[ClusterLabs] resource-agents v4.14.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.14.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.14.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - doc: writing-python-agents: add description of is_probe() and distro()
 - all agents: remove -S state/status that are either ignored, or
   give an error message in newer versions of Pacemaker
 - configure: fix "C preprocessor "gcc -E" fails sanity check" error
   caused by autoconf 2.72
 - configure: prepare to not build with -ansi by default in the future
 - docs: writing-python-agents: update required Python version to 3.6+
 - spec: use /usr/sbin paths for Fedora 40+
 - LVM-activate: avoid false positive for VG activation (fail when
   system_id_source and volume_list are set)
 - aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
   parameter and AWS Policy based authentication type
 - azure-lb: support IPv6 with Azure load balancer when using socat
 - db2: fix OCF_SUCESS typo in db2_notify
 - docker: return OCF_NOT_RUNNING when Docker isn't running
 - findif.sh: fix corner cases
 - findif.sh: fix loopback handling
 - findif: check that netmaskbits != EOS in addition to != NULL in all cases
 - galera: allow joiner to report non-Primary during initial IST
 - nfsserver: fix "server scope" functionality for both potentially other
   dropins AND multiple ExecStart
 - ocivip: fix PRIMARY_IFACE variable when it returns two lines
 - openstack-info: ensure no newlines in openstack_ports
 - portblock: accept numeric protocol from iptables (to fix regression in
   iptables 1.8.9 that has shipped in some distros)
 - portblock: remove write to tcp_tw_recycle
 - storage_mon: fix file handler out of scope leak and uninitialized values
 - storage_mon: use memset() to fix "uninitialized value" covscan error,
   as qb_ipcc_recv() will always set a message

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.14.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.14.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.14.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.14.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - all agents: remove -S state/status that are either ignored, or
   give an error message in newer versions of Pacemaker
 - configure: fix "C preprocessor "gcc -E" fails sanity check" error
   caused by autoconf 2.72
 - configure: prepare to not build with -ansi by default in the future
 - docs: writing-python-agents: update required Python version to 3.6+
 - spec: use /usr/sbin paths for Fedora 40+
 - LVM-activate: avoid false positive for VG activation (fail when
   system_id_source and volume_list are set)
 - aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
   parameter and AWS Policy based authentication type
 - azure-lb: support IPv6 with Azure load balancer when using socat
 - db2: fix OCF_SUCESS typo in db2_notify
 - docker: return OCF_NOT_RUNNING when Docker isn't running
 - findif.sh: fix corner cases
 - findif.sh: fix loopback handling
 - findif: check that netmaskbits != EOS in addition to != NULL in all cases
 - galera: allow joiner to report non-Primary during initial IST
 - nfsserver: fix "server scope" functionality for both potentially other
   dropins AND multiple ExecStart
 - ocivip: fix PRIMARY_IFACE variable when it returns two lines
 - openstack-info: ensure no newlines in openstack_ports
 - portblock: accept numeric protocol from iptables (to fix regression in
   iptables 1.8.9 that has shipped in some distros)
 - portblock: remove write to tcp_tw_recycle
 - storage_mon: fix file handler out of scope leak and uninitialized values
 - storage_mon: use memset() to fix "uninitialized value" covscan error,
   as qb_ipcc_recv() will always set a message

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.14.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.14.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.14.0:
4.14.0-rc1: Apr 17.
4.14.0: Apr 24.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.13.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 154 issues and 48 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.14.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.14.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.14.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_ovm (Oracle VM)

- bugfixes and enhancements:
 - all agents: update metadata from I/O to e.g. Power, Network, etc for non-I/O 
agents
 - lib/all agents: use r"" for all regular expressions to avoid SyntaxWarning 
errors
 - fence_aliyun: add credentials file support
 - fence_vmware_rest : report error if the API user has insufficient rights to 
manage
   the fence device
 - fence_zvmip: fix manpage formatting

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.13.1...v4.14.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] deployment of Pacemaker in GCE

[Oyvind Albrigtsen]

On 07/03/24 02:28 +, Ali Shahbazifakhr via Users wrote:

Hello,

I am reaching out to inquire about the usage of Pacemaker on Google Compute 
Engine (GCE), specifically in conjunction with Managed Instance Groups (MIG). 
Our team is currently exploring options for implementing high availability and 
failover solutions within our infrastructure on GCE, and we believe that 
Pacemaker may be a viable option for achieving this.

Could you kindly provide some insights into how Pacemaker is utilized within 
the GCE environment, particularly in scenarios involving Managed Instance 
Groups? We are interested in understanding the design considerations and best 
practices for implementing Pacemaker with MIG instances.

Additionally, if there are any documentation resources available that explain 
the design and implementation of Pacemaker with MIG instances on GCE, we would 
greatly appreciate it if you could point us in the right direction

I dont have any experience with MIG, but from a quick look it seems
like it can be used to replace and/or autoscale, so I would suggest
not replacing the nodes (as Pacemaker takes care of badly behaving
nodes), and you will have to use "pcs host auth " and "pcs
cluster node add "/"pcs cluster node remove " to
add/remove nodes if you use the autoscale functionality.

You can use fence_gce to fence (reboot) badly behaving nodes:
https://github.com/ClusterLabs/fence-agents/blob/main/agents/gce/fence_gce.py

and the gcp-* agents handle IPs, routes, disks, or load balancer(s):
https://github.com/ClusterLabs/resource-agents/tree/main/heartbeat

There is metadata/desc sections in the code of the agents, so you can
find all the info without having to install the packages.

If you're new to Pacemaker this is a good introduction:
https://www.clusterlabs.org/pacemaker/doc/2.1/Clusters_from_Scratch/singlehtml/

For software that doesnt have a resource agent you can let Pacemaker handle it
via it's systemd or init services/scripts, or make your own agent if
you need e.g. additional monitoring to check that the service is still
alive:
https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc


Oyvind


Looking forward to your response.


[CN100]
Ali Shahbazi
Specialist Enterprise Architecture | IoT Industrial, Solutions System 
Engineering |
T:  | C: 403-702-3093
What's New at CN | Quoi de neuf au 
CN





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Questionsabout GCP VIP setup

[Oyvind Albrigtsen]

On 28/02/24 22:26 +, Strahil Nikolov wrote:

Hi Oyvind
I found your e-mail in my spam folder.It seems 'gcloud-ra' doesn't exits and 
it's not needed for the fence agent or the gcp-vpc-move-vip.

Yeah. It was needed in earlier RHELs before we replaced the agents
with Python agents using libraries instead of the CLI tool.

You might still have to install gcloud from the link below if it's
needed to setup your credentials for the agent.

gcloud-ra was just included version that was needed for the agents to
work, and also could be used to setup your credentials. The binary was
simply renamed to gcloud-ra to allow customers to install newer
version alongside it if they needed some newer features.


Oyvind


Best Regards,Strahil Nikolov

 On Wed, Feb 7, 2024 at 13:26, Oyvind Albrigtsen wrote:   
On 07/02/24 11:15 +, Strahil Nikolov via Users wrote:

Hi All,
This is my first cluster in the cloud and I have 2 questions that I'm hoping to 
get a clue.
1. Where I can find the 'gcloud-ra' binary on EL9 system ? I have installed 
resource-agents-cloud but I can't find it.

You need to install gcloud from Google's repository: 
https://cloud.google.com/sdk/gcloud

2. Is gcp-vpc-move-vip a good approach to setup the VIP ?

It should be, yeah. Run "pcs resource describe gcp-vpc-move-vip" for
more info. There's also gcp-vpc-move-route to move a floating IP by
changing an entry in the routing table.


Oyvind

Best Regards,Strahil Nikolov



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] ocf:heartbeat:IPsrcaddr generated failed probe "[findif] failed" on inactive nodes

[Oyvind Albrigtsen]

On 07/02/24 14:57 +0100, Adam Cecile wrote:

On 2/7/24 09:49, Oyvind Albrigtsen wrote:

On 07/02/24 09:35 +0100, Adam Cecile wrote:

Hello,


Crm_mon show these errors on my cluster, while everything is 
working as expected:


Failed Resource Actions:
  * Default-Public-IPv4-Is-Default-Src probe on gw-3.domain 
returned 'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 
after 49ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-1.domain 
returned 'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 
after 48ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-2.domain 
returned 'error' ([findif] failed) at Wed Feb  7 08:02:31 2024 
after 64ms


I think pacemaker is unable to check default source address on 
node which are not currently owning the IP addresses, which is 
expected. However Default-Public-IPv4-Is-Default-Src is +INF 
colocated with public IP addresses, so I do not understand why 
such errors are generated on inactive nodes.

This is the probe-action, which will check whether the resource has
the expected status (e.g. stopped for nodes where it's not running).

You can either setup another IP on the same network on the interface
to avoid these errors, or setting cidr_netmask and interface might help.

IPsrcaddr doesnt advertise the interface parameter, so you probably
have to do e.g. "pcs resource update -f
Default-Public-IPv4-Is-Default-Src nic=" to set it anyways,
so findif will be able to use it.

Thanks ! You got it, it was indeed related to that. I tried setting up 
"nic" but it told me the parameter did not exist so I guessed it was 
not possible.


Is that normal to use "private" attribute with --force ?

Nice. It should be announced, so --force is just a way to override it.

I'll make a patch to add it, so the parameters are listed for others
who might use it without another IP in the IP-range on the NIC.




Oyvind Albrigtsen


Here are some config extracts:

primitive Default-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.1 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive IPSEC-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.2 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

primitive Public-IPv4-Gateway Route \
    params destination="0.0.0.0/0" device=eth1 gateway=1.1.1.254 \
    op monitor interval=30 \
    op reload interval=0s timeout=20s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive Default-Public-IPv4-Is-Default-Src IPsrcaddr \
    params cidr_netmask=24 ipaddress=1.1.1.1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

colocation colocation-Default-Public-IPv4-Is-Default-Src-Default-Public-IPv4-INFINITY 
+inf: Default-Public-IPv4-Is-Default-Src Default-Public-IPv4
colocation 
colocation-Default-Public-IPv4-Public-IPv4-Gateway-INFINITY +inf: 
Default-Public-IPv4 Public-IPv4-Gateway
colocation 
colocation-IPSEC-Public-IPv4-Public-IPv4-Gateway-INFINITY +inf: 
IPSEC-Public-IPv4 Public-IPv4-Gateway


order order-Default-Public-IPv4-Default-Public-IPv4-Is-Default-Src-mandatory 
Default-Public-IPv4:start Default-Public-IPv4-Is-Default-Src:start
order order-Default-Public-IPv4-IPSEC-Public-IPv4-mandatory 
Default-Public-IPv4:start IPSEC-Public-IPv4:start
order order-Default-Public-IPv4-Public-IPv4-Gateway-mandatory 
Default-Public-IPv4:start Public-IPv4-Gateway:start



Any hint would be greatly appreciated !

Best regards, Adam.



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Questionsabout GCP VIP setup

[Oyvind Albrigtsen]

On 07/02/24 11:15 +, Strahil Nikolov via Users wrote:

Hi All,
This is my first cluster in the cloud and I have 2 questions that I'm hoping to 
get a clue.
1. Where I can find the 'gcloud-ra' binary on EL9 system ? I have installed 
resource-agents-cloud but I can't find it.

You need to install gcloud from Google's repository: 
https://cloud.google.com/sdk/gcloud

2. Is gcp-vpc-move-vip a good approach to setup the VIP ?

It should be, yeah. Run "pcs resource describe gcp-vpc-move-vip" for
more info. There's also gcp-vpc-move-route to move a floating IP by
changing an entry in the routing table.


Oyvind

Best Regards,Strahil Nikolov



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] ocf:heartbeat:IPsrcaddr generated failed probe "[findif] failed" on inactive nodes

[Oyvind Albrigtsen]

On 07/02/24 09:35 +0100, Adam Cecile wrote:

Hello,


Crm_mon show these errors on my cluster, while everything is working 
as expected:


Failed Resource Actions:
  * Default-Public-IPv4-Is-Default-Src probe on gw-3.domain returned 
'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 after 49ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-1.domain returned 
'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 after 48ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-2.domain returned 
'error' ([findif] failed) at Wed Feb  7 08:02:31 2024 after 64ms


I think pacemaker is unable to check default source address on node 
which are not currently owning the IP addresses, which is expected. 
However Default-Public-IPv4-Is-Default-Src is +INF colocated with 
public IP addresses, so I do not understand why such errors are 
generated on inactive nodes.

This is the probe-action, which will check whether the resource has
the expected status (e.g. stopped for nodes where it's not running).

You can either setup another IP on the same network on the interface
to avoid these errors, or setting cidr_netmask and interface might help.

IPsrcaddr doesnt advertise the interface parameter, so you probably
have to do e.g. "pcs resource update -f
Default-Public-IPv4-Is-Default-Src nic=" to set it anyways,
so findif will be able to use it.


Oyvind Albrigtsen


Here are some config extracts:

primitive Default-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.1 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive IPSEC-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.2 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

primitive Public-IPv4-Gateway Route \
    params destination="0.0.0.0/0" device=eth1 gateway=1.1.1.254 \
    op monitor interval=30 \
    op reload interval=0s timeout=20s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive Default-Public-IPv4-Is-Default-Src IPsrcaddr \
    params cidr_netmask=24 ipaddress=1.1.1.1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

colocation colocation-Default-Public-IPv4-Is-Default-Src-Default-Public-IPv4-INFINITY 
+inf: Default-Public-IPv4-Is-Default-Src Default-Public-IPv4
colocation colocation-Default-Public-IPv4-Public-IPv4-Gateway-INFINITY 
+inf: Default-Public-IPv4 Public-IPv4-Gateway
colocation colocation-IPSEC-Public-IPv4-Public-IPv4-Gateway-INFINITY 
+inf: IPSEC-Public-IPv4 Public-IPv4-Gateway


order 
order-Default-Public-IPv4-Default-Public-IPv4-Is-Default-Src-mandatory 
Default-Public-IPv4:start Default-Public-IPv4-Is-Default-Src:start
order order-Default-Public-IPv4-IPSEC-Public-IPv4-mandatory 
Default-Public-IPv4:start IPSEC-Public-IPv4:start
order order-Default-Public-IPv4-Public-IPv4-Gateway-mandatory 
Default-Public-IPv4:start Public-IPv4-Gateway:start



Any hint would be greatly appreciated !

Best regards, Adam.



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] ocf test IPaddr2

[Oyvind Albrigtsen]

It would fail if the find interface function doesnt find the
interface for the IP, but in this case you've specified netmask and
nic, so it wont fail that test.

You can use it with the ocf:pacemaker:ping agent which will fail if
the IP is unreachable.


Oyvind

On 24/11/23 17:09 +, Fabrizio Lombardozzi wrote:

Hi all,
is it normal that test is always passed even with a non used IP?

[root@...~]# ping 10.10.62.87
PING 10.10.62.87 (10.10.62.87) 56(84) bytes of data.
From 10.10.62.83 icmp_seq=1 Destination Host Unreachable
From 10.10.62.83 icmp_seq=2 Destination Host Unreachable
From 10.10.62.83 icmp_seq=3 Destination Host Unreachable
^C
--- 10.10.62.87 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3067ms
pipe 4
[root@rmslv-sam-cs9-coll01 ~]# arp 10.10.62.87
Address  HWtype  HWaddress   Flags MaskIface
10.10.62.87  (incomplete)  
ens192

is this the right syntax?
[root@... ~]# ocf-tester  -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 -o 
nic=ens192  /usr/lib/ocf/resource.d/heartbeat/IPaddr2
Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
* Your agent does not support the notify action (optional)
* Your agent does not support the demote action (optional)
* Your agent does not support the promote action (optional)
* Your agent does not support promotable clones (optional)
* Your agent does not support the reload action (optional)
/usr/lib/ocf/resource.d/heartbeat/IPaddr2 passed all tests


here is the verbose output:

[root@... ~]# ocf-tester -v  -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 
-o nic=ens192  /usr/lib/ocf/resource.d/heartbeat/IPaddr2
Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
Testing permissions with uid nobody
Testing: meta-data
Testing: meta-data



1.0


This Linux-specific resource manages IP alias IP addresses.
It can add an IP alias, or remove one.
In addition, it can implement Cluster Alias IP functionality
if invoked as a clone resource.

If used as a clone, "shared address with a trivial, stateless
(autonomous) load-balancing/mutual exclusion on ingress" mode gets
applied (as opposed to "assume resource uniqueness" mode otherwise).
For that, Linux firewall (kernel and userspace) is assumed, and since
recent distributions are ambivalent in plain "iptables" command to
particular back-end resolution, "iptables-legacy" (when present) gets
prioritized so as to avoid incompatibilities (note that respective
ipt_CLUSTERIP firewall extension in use here is, at the same time,
marked deprecated, yet said "legacy" layer can make it workable,
literally, to this day) with "netfilter" one (as in "iptables-nft").
In that case, you should explicitly set clone-node-max = 2,
and/or clone-max  number of nodes. In case of node failure,
clone instances need to be re-allocated on surviving nodes.
This would not be possible if there is already an instance
on those nodes, and clone-node-max=1 (which is the default).

When the specified IP address gets assigned to a respective interface, the
resource agent sends unsolicited ARP (Address Resolution Protocol, IPv4) or NA
(Neighbor Advertisement, IPv6) packets to inform neighboring machines about the
change. This functionality is controlled for both IPv4 and IPv6 by shared
'arp_*' parameters.


Manages virtual IPv4 and IPv6 addresses (Linux specific 
version)




The IPv4 (dotted quad notation) or IPv6 address (colon hexadecimal notation)
example IPv4 "192.168.1.1".
example IPv6 "2001:db8:DC28:0:0:FC57:D4C8:1FFF".

IPv4 or IPv6 address




The base network interface on which the IP address will be brought
online.
If left empty, the script will try and determine this from the
routing table.

Do NOT specify an alias interface in the form eth0:1 or anything here;
rather, specify the base interface only.
If you want a label, see the iflabel parameter.

Prerequisite:

There must be at least one static IP address, which is not managed by
the cluster, assigned to the network interface.
If you can not assign any static IP address on the interface,
modify this kernel parameter:

sysctl -w net.ipv4.conf.all.promote_secondaries=1 # (or per device)

Network interface





The netmask for the interface in CIDR format
(e.g., 24 and not 255.255.255.0)

If unspecified, the script will also try to determine this from the
routing table.

CIDR netmask





Broadcast address associated with the IP. It is possible to use the
special symbols '+' and '-' instead of the broadcast address. In this
case, the broadcast address is derived by setting/resetting the host
bits of the interface prefix.

Broadcast address





You can specify an additional label for your IP address here.
This label is appended to your interface name.

The kernel allows alphanumeric labels up to a maximum length of 15
characters including the interface name and colon (e.g. eth0:foobar1234)

A label can be specified in nic parameter but it 

Re: [ClusterLabs] IPaddr2 clone deprecated

[Oyvind Albrigtsen]

Hi Damiano,

The clusterip functionality was removed from the kernel, and we havent
currently been able to find a way to use the suggested replacement to
perform the same kind of logic:
https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables#cluster


Oyvind

On 20/10/23 11:49 +0200, Damiano Giuliani wrote:

Hi guys,

im trying to create a IPaddr2 cloned resource for one of my project.
i need some kind of simple but effective loadbalancer for my rabbitmq
cluster managed by pacemaker.
My current SO is Almalinux 8.6.
seems IPaddr2 coned resource is not working / supported anymore, probably
because CLUSTERIP is not viable in the latest releases.
if i remeber well on centos7 no issues related.

could u explain me a little bit more ?

below the errors i got:

ClusterIP_start_0 on pcsnode1 'unknown error' (1): call=40,
status=complete, exitreason='iptables failed',

ERROR: iptables failed
Oct 18 10:18:18 rabbitvm1 pacemaker-controld[32192]: notice: Result of
start operation for rabbitmq-vip on rabbitvm1: error (iptables failed)
Oct 18 10:18:18 rabbitvm1 pacemaker-controld[32192]: notice:
rabbitmq-vip_start_0@rabbitvm1 output [ iptables v1.8.4 (nf_tables):
chain name not allowed to start with `-'\n\nTry `iptables -h' or
'iptables --help' for more information.\nocf-exit-reason:iptables
failed\n ]



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.13.1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.13.1, which is a
bugfix release for v4.13.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.13.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_azure_arm: fix get virtual machines call for new versions of
   Azure SDK

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.13.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.13.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.13.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - findif.sh: dont use table parameter as it returns no netmask
 - iSCSILogicalUnit/iSCSITarget: add support for scst
 - Delay: increase stop, status and monitor timeouts to 40s to avoid failing
   with default values
 - Delay: remove statement about defaulting to "startdelay" value if not 
specified
 - Filesystem: create systemd drop-in for network filesystems
 - Filesystem: fail if AWS efs-utils not installed when fstype=efs
 - Filesystem: improve stop-action and allow setting term/kill signals and
   signal_delay for large filesystems
 - Filesystem: list_mounts: fix mount command output parsing
 - IPaddr2/IPsrcaddr: add/modify table parameter to be able to find interface
   while using policy based routing
 - IPv6addr: expect ping/pong delay
 - LVM-activate: add degraded_activation and majority_pvs parameters to allow
   failover with missing PVs
 - ZFS: improve volume imported check for newer ZFS releases (#1853)
 - azure-events*: fix for no "Transition Summary" for Pacemaker 2.1+
 - db2: avoid eval with unsanitized values (#1838)
 - ethmonitor: dont log "Interface does not exist" for monitor-action
 - exportfs: make the "fsid=" parameter optional
 - exportfs: move testdir() to start-action to avoid failing during resource
   creation (validate-all) and make it create the directory if it doesnt exist
 - mysql-common: point to log file when start-action fails (#1887)
 - mysql: fix promotion_score bouncing between ~3600 and 1 on demoted nodes
 - mysql: promotable fixes to avoid nodes getting bounced around by setting -v 
1/-v 2,
   and added OCF_CHECK_LEVEL=10 for promotable resources to be able to
   distinguish between promoted and not
 - nfsserver: fix "server scope" functionality to live with additional drop-in 
files
 - nfsserver: prepare the layout for the default /var/lib/nfs if 
nfs_shared_infodir
   isnt defined
 - ocf-shellfuncs: Explicitly specify $OCF_RESOURCE_INSTANCE in the -p parameter
   for compatibility
 - pgsql: dont run promotable and file checks that could be on shared storage
   during validate-all action
 - postfix: update permission check from su to runuser/su (#1880)
 - spec: Migrate to SPDX license
 - spec: remove JFLAGS logic and use %{_smp_mflags} like we do in other projects
 - storage-mon: add daemon/client mode

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.13.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.13.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.13.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.13.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_eaton_ssh

- bugfixes and enhancements:
 - fence_aliyun: support filter for list-action
 - fence_amt/fence_ipmilan/fence_ironic: use shlex instead of pipes when
   available, as pipes is deprecated and will be removed in Python 3.13
 - fence_aws: fail when power action request fails
 - fence_aws: fixes to allow running outside of AWS network
 - fence_azure_arm: add stack cloud support
 - fence_ibm_powervs: improved performance (#542)
 - fence_ipmilan: fix typo in description (#553)
 - fence_scsi: add support for space-separated devices and update in meta-data
 - fence_scsi: automatically detect devices for shared VGs
 - fence_scsi: fix registration handling if ISID conflicts ISID (Initiator
   Session ID) belonging to I_T Nexus changes for RHEL based on the session ID.
   This means that the connection to the device can be set up with different
   ISID on reconnects.
 - fence_scsi: fix registration handling in device 'off' workflows for ISID
 - fence_zvmip: update longdesc to document all required functions
 - fencing: add error message for EC_GENERIC_ERROR
 - build: add test-fencing rule and make it part of "make check"
 - configure: require 3.6 or higher
 - doc: add fa-dev-guide
 - spec: Migrate to SPDX license
 - spec: remove rhel7/centos7 specific Reqs/BuildReqs and BR for
   python-novaclient and python-keystoneclient which arent needed anymore

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.12.1...v4.13.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.13.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.13.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.13.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - iSCSILogicalUnit/iSCSITarget: add support for scst
 - Delay: increase stop, status and monitor timeouts to 40s to avoid failing
   with default values
 - Delay: remove statement about defaulting to "startdelay" value if not 
specified
 - Filesystem: create systemd drop-in for network filesystems
 - Filesystem: fail if AWS efs-utils not installed when fstype=efs
 - Filesystem: improve stop-action and allow setting term/kill signals and
   signal_delay for large filesystems
 - Filesystem: list_mounts: fix mount command output parsing
 - IPaddr2/IPsrcaddr: add/modify table parameter to be able to find interface
   while using policy based routing
 - IPv6addr: expect ping/pong delay
 - LVM-activate: add degraded_activation and majority_pvs parameters to allow
   failover with missing PVs
 - ZFS: improve volume imported check for newer ZFS releases (#1853)
 - azure-events*: fix for no "Transition Summary" for Pacemaker 2.1+
 - db2: avoid eval with unsanitized values (#1838)
 - ethmonitor: dont log "Interface does not exist" for monitor-action
 - exportfs: make the "fsid=" parameter optional
 - exportfs: move testdir() to start-action to avoid failing during resource
   creation (validate-all) and make it create the directory if it doesnt exist
 - mysql-common: point to log file when start-action fails (#1887)
 - mysql: fix promotion_score bouncing between ~3600 and 1 on demoted nodes
 - mysql: promotable fixes to avoid nodes getting bounced around by setting -v 
1/-v 2,
   and added OCF_CHECK_LEVEL=10 for promotable resources to be able to
   distinguish between promoted and not
 - nfsserver: fix "server scope" functionality to live with additional drop-in 
files
 - nfsserver: prepare the layout for the default /var/lib/nfs if 
nfs_shared_infodir
   isnt defined
 - ocf-shellfuncs: Explicitly specify $OCF_RESOURCE_INSTANCE in the -p parameter
   for compatibility
 - pgsql: dont run promotable and file checks that could be on shared storage
   during validate-all action
 - postfix: update permission check from su to runuser/su (#1880)
 - spec: Migrate to SPDX license
 - spec: remove JFLAGS logic and use %{_smp_mflags} like we do in other projects
 - storage-mon: add daemon/client mode

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.13.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.13.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.13.0:
4.13.0-rc1: Oct  4.
4.13.0: Oct 11.

The storage-mon resource agent has got a new daemon mode that can
be enabled to avoid child processes remaining stuck after I/O has been
unresponsive, so make sure to give it some additional testing. It can
be enabled by setting daemonize=true and check_interval can be used to
change from the default (30s).

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.12.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 154 issues and 48 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] PostgreSQL HA on EL9

[Oyvind Albrigtsen]

If you're using network filesystems with the Filesystem agent this
patch might solve your issue:
https://github.com/ClusterLabs/resource-agents/pull/1869


Oyvind

On 13/09/23 17:56 +, Larry G. Mills via Users wrote:


On my RHEL 9 test cluster, both "reboot" and "systemctl reboot" wait
for the cluster to stop everything.

I think in some environments "reboot" is equivalent to "systemctl
reboot --force" (kill all processes immediately), so maybe see if
"systemctl reboot" is better.

>
> On EL7, this scenario caused the cluster to shut itself down on the
> node before the OS shutdown completed, and the DB resource was
> stopped/shutdown before the OS stopped.  On EL9, this is not the
> case, the DB resource is not stopped before the OS shutdown
> completes.  This leads to errors being thrown when the cluster is
> started back up on the rebooted node similar to the following:
>


Ken,

Thanks for the reply - and that's interesting that RHEL9 behaves as expected and AL9 seemingly doesn't.   I 
did try shutting down via "systemctl reboot", but the cluster and resources were still not stopped 
cleanly before the OS stopped.  In fact, the commands "shutdown" and "reboot" are just 
symlinks to systemctl on AL9.2, so that make sense why the behavior is the same.

Just as a point of reference, my systemd version is: systemd.x86_64 
252-14.el9_2.3

Larry
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] General questions on fencing code

[Oyvind Albrigtsen]

On 19/07/23 11:24 +0300, Or Raz wrote:

Hi all,
I was looking at the fencing code and I have two questions:

  1. What is the use of the autodetect agent
  ?
  I didn't see any fence_autodetect agent

That's a project on-hold.

  2. What is the use of *.py.py* extension in the files under lib directory
  ?

This is just like the fence agents. The final .py gets removed during
build when Python binary (@PYTHON@), libdir (@FENCEAGENTSLIBDIR@), and other 
@..@ values get replaced by what configure has detected.


Oyvind


Best regards,
*OR*



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] [EXT] Fence Agents Format

[Oyvind Albrigtsen]

On 13/07/23 09:45 +0200, Oyvind Albrigtsen wrote:

On 12/07/23 12:57 +, Windl, Ulrich wrote:

Hi!

Some time ago, I had been asking for an improved fencing agent specification, 
because the existing documents made it impossible for me to write a fencing 
agent. I guess with such documentation, the questions below could have been 
answered as well...

I finally got started on it a week or so ago, so hopefully I'll be
able to upload a draft soon.

Here's my initial PR for the new dev guide:
https://github.com/ClusterLabs/fence-agents/pull/552

Oyvind



Oyvind


Regards,
Ulrich

-Original Message-
From: Users  On Behalf Of Or Raz
Sent: Monday, July 10, 2023 11:00 AM
To: users@clusterlabs.org
Subject: [EXT] [ClusterLabs] Fence Agents Format

Hi all,
My team has been working on a new operator which uses some of your Fence Agents (FA, 
i.e. fence_aws, fence_ipmilan, and etc.) to remediate an unhealthy Kubernetes node 
(see fence-agents-remediation 
<https://github.com/medik8s/fence-agents-remediation> ).
After looking on the recommended attributes for new FAs 
<https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md#attribute-specifications>
 , and the valid action attribute values 
<https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md#agent-operations-and-return-values>
 ,
I have some questions on the structure/format of the FAs command attributes and 
their responses:

1.  Will running a fence-agent without mentioning the action field will always choose 
the reboot option (e.g. the following call will reboot the node "fence_aws 
--access-key ACCESS_KEY --secret-key SECRET_KEY --plug i-INSTANCE_ID --region 
AWS_REGION")?
2.  Are there any must-have fields which are shared between all the FAs 
that you support? I assume the answer is no, since I didn't see any must fields 
which are mutual between fence_aws, and fence_ipmilan for instance. A must 
field is a field which is required for running the FA (e.g. access-key for 
fence_aws).
3.  Do the result responses to the FA are identical per action? E.g. For 
the reboot action, I have seen that on success I always receive `Success: 
Rebooted` for fence_aws, and fence_ipmilan. I am an uncertain whether that is 
correct for all the FAs.

Best regards,

OR

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] [EXT] Fence Agents Format

[Oyvind Albrigtsen]

On 12/07/23 12:57 +, Windl, Ulrich wrote:

Hi!

Some time ago, I had been asking for an improved fencing agent specification, 
because the existing documents made it impossible for me to write a fencing 
agent. I guess with such documentation, the questions below could have been 
answered as well...

I finally got started on it a week or so ago, so hopefully I'll be
able to upload a draft soon.


Oyvind


Regards,
Ulrich

-Original Message-
From: Users  On Behalf Of Or Raz
Sent: Monday, July 10, 2023 11:00 AM
To: users@clusterlabs.org
Subject: [EXT] [ClusterLabs] Fence Agents Format

Hi all,
My team has been working on a new operator which uses some of your Fence Agents (FA, 
i.e. fence_aws, fence_ipmilan, and etc.) to remediate an unhealthy Kubernetes node 
(see fence-agents-remediation 
 ).
After looking on the recommended attributes for new FAs 

 , and the valid action attribute values 

 ,
I have some questions on the structure/format of the FAs command attributes and 
their responses:

1.  Will running a fence-agent without mentioning the action field will always choose 
the reboot option (e.g. the following call will reboot the node "fence_aws 
--access-key ACCESS_KEY --secret-key SECRET_KEY --plug i-INSTANCE_ID --region 
AWS_REGION")?
2.  Are there any must-have fields which are shared between all the FAs 
that you support? I assume the answer is no, since I didn't see any must fields 
which are mutual between fence_aws, and fence_ipmilan for instance. A must 
field is a field which is required for running the FA (e.g. access-key for 
fence_aws).
3.  Do the result responses to the FA are identical per action? E.g. For 
the reboot action, I have seen that on success I always receive `Success: 
Rebooted` for fence_aws, and fence_ipmilan. I am an uncertain whether that is 
correct for all the FAs.

Best regards,

OR

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Fence Agents Format

[Oyvind Albrigtsen]

On 10/07/23 12:00 +0300, Or Raz wrote:

Hi all,
My team has been working on a new operator which uses some of your Fence
Agents (FA, i.e. fence_aws, fence_ipmilan, and etc.) to remediate an
unhealthy Kubernetes node (see fence-agents-remediation
).
After looking on the recommended attributes for new FAs
,
and the valid *action *attribute values

,
I have some questions on the structure/format of the FAs command attributes
and their responses:

  1. Will running a fence-agent without mentioning the action field will
  always choose the *reboot* option (e.g. the following call will reboot
  the node "fence_aws --access-key ACCESS_KEY --secret-key SECRET_KEY --plug
  i-INSTANCE_ID --region AWS_REGION")?

That's the default, yeah. It's probably due to some earlier Pacemaker
versions not specifying action, so we avoid breaking the agents on
those versions by defaulting to the reboot-action.

  2. Are there any must-have fields which are shared between all the FAs
  that you support? I assume the answer is no, since I didn't see any must
  fields which are mutual between *fence_aws*, and *fence_ipmilan* for
  instance. A must field is a field which is required for running the FA
  (e.g. *access-key* for *fence_aws)*.

That depends on what kind of agent it is, so e.g. http(s) agents or
similar will require url and other parameters that are needed.

You can find a list of default/other groups of parameters depending on
agent when you add them via device_opt = [] here:
https://github.com/ClusterLabs/fence-agents/blob/main/lib/fencing.py.py#L492

and full list of common parameters:
https://github.com/ClusterLabs/fence-agents/blob/main/lib/fencing.py.py#L36

  3. Do the result responses to the FA are identical per action? E.g. For
  the *reboot* action, I have seen that on success I always receive
  `Success: Rebooted` for fence_aws, and fence_ipmilan. I am an
  uncertain whether that is correct for all the FAs.

They should, but you should use the return code to check the result.
https://github.com/ClusterLabs/fence-agents/blob/main/lib/fencing.py.py#L20-L32

You can run "echo $?" to show the result after running e.g. fence_aws
-o reboot manually to see which rc it returns, and use incorrect
credentials or similar to see the difference in rc when it fails.


Oyvind


Best regards,
*OR*



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.12.1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.12.1, which is a
bugfix release for v4.12.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.12.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fencing: add plug_separator to default DEPENDENCY_OPT
 - fence_scsi: skip key generation during validate-all action
 - fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout 
(20s) to remove tmp dirs on fail

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.12.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.12.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.12.0

The most significant enhancements in this release are:
- new resource agents:
 - azure-events-az
 - iface-macvlan

- bugfixes and enhancements:
 - configure/spec: remove google-api-client BuildReq as the gcp-agents build 
fine without it
 - configure: fix bashisms
 - dev-guide: update default branch name
 - ocf-shellfuncs: add ocf_promotion_score() to use crm_attribute -p/crm_master 
depending on Pacemaker version
 - spec: remove redhat-lsb-core dependency (lsb_release)
 - spec: use cluster-glue-devel for opensuse > 15
 - all agents: update to promotable terms
 - CTDB: change public_addresses validate-all warning to info
 - CTDB: move process to root cgroup if realtime scheduling is enabled
 - Filesystem: improve logic for UUID/label and add note that 
/dev/disk/by-{uuid,label}/ are preferred on Linux
 - Filesystem: remove validate-all mountpoint warning as it is auto-created 
during start-action if it doesnt exist
 - IPsrcaddr: detect metric for main table only, and allow specifying metric if 
necessary
 - IPsrcaddr: fix PROTO regex
 - IPsrcaddr: fix monitor/status for default route not being equal to src IP 
before start, and change route src correctly in stop-action
 - IPsrcaddr: use scope host when using non-main tables
 - LVM-activate: use correct return codes to ensure correct action when failing
 - SAPInstance: be more resilient against broken kill.sap files (#1825)
 - VirtualDomain: replace error log messages with calls to ocf_exit_reason
 - WAS6: add missing ] to fix trap condition
 - aws-vpc-move-ip: allow to set the interface label
 - dnsupdate: add CNAME support (#1773)
 - docker-compose: fix number of containers/running containers logic
 - docker/podman/zabbixserver: replace error log messages with calls to 
ocf_exit_reason
 - ethmonitor/ovsmonitor/mariadb: check for bc binary
 - ethmonitor/ovsmonitor/pgsql: remove ignored attrd_updater "-q" parameter
 - exportfs: only grep in rmtab if it exists
 - galera/mariadb/mpathpersist/mysql/pgsql/sg_persist/Stateful: use 
ocf_promotion_score() to avoid issues with deprecated crm_master
 - galera/mpathpersist/sg_persist/IPsrcaddr: only check notify and promotable 
when OCF_CHECK_LEVEL=10
 - iSCSILogicalUnit: fix issue where resource was in stopped state when using 
allowed_initiators parameter (#1766)
 - lvmlockd: add "use_lvmlockd = 1" if it's commented out or missing
 - lvmlockd: fail when use_lvmlockd has not been set
 - mariadb: remove obsolete DEBUG_LOG functionality #1191
 - mysql-common: return error in stop-action if kill fails to stop the process, 
so the node can get fenced
 - mysql-proxy: update metadata to suggest secure location instead of 
/tmp/mysql-proxy.sock
 - nfsserver: add nfsv4_only parameter to make it run without rpc-statd/rpcbind 
services
 - ocf-tester: remove deprecated lrmd/lrmadmin code that hasnt worked since 
pre-pacemaker days
 - ocf-tester: use promotable terms
 - openstack-agents: set domain parameter's default to Default and fix missing 
parameter name in ocf_exit_reason
 - openstack-agents: warn when openstackcli is slow
 - openstack-cinder-volume: dont do volume_local_check during start/stop-action
 - openstack-floating-ip/openstack-virtual-ip: dont fail in validate() during 
probe-calls
 - openstack-floating-ip: fix awk only catching last id for node_port_ids
 - oracle: improve the error message if monpassword was not set. (#1767)
 - podman: add podman parameter error judgment (#1764)
 - portblock: implement blocking of outgoing ports
 - rabbitmq-server-ha: dont mkdir -p when getting meta-data or help
 - storage_mon: use the O_DIRECT flag in open() to eliminate cache effects
 - storage_mon: do random lseek even with O_DIRECT, etc
 - storage_mon: fix bug in checking of number of specified scores.
 - storage_mon: fix build-related issues
 - storage_mon: improve error messages when ioctl() fails
 - storage_mon: make -h exit just after printing help message (#1791)
 - storage_mon: fix bug in handling of child process exit
 - vdo-vol: dont fail probe action when the underlying device doesnt exist

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.12.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.12.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.12.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.12.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - azure-events-az
 - iface-macvlan

- bugfixes and enhancements:
 - configure/spec: remove google-api-client BuildReq as the gcp-agents build 
fine without it
 - configure: fix bashisms
 - dev-guide: update default branch name
 - ocf-shellfuncs: add ocf_promotion_score() to use crm_attribute -p/crm_master 
depending on Pacemaker version
 - spec: remove redhat-lsb-core dependency (lsb_release)
 - spec: use cluster-glue-devel for opensuse > 15
 - all agents: update to promotable terms
 - CTDB: change public_addresses validate-all warning to info
 - CTDB: move process to root cgroup if realtime scheduling is enabled
 - Filesystem: improve logic for UUID/label and add note that 
/dev/disk/by-{uuid,label}/ are preferred on Linux
 - Filesystem: remove validate-all mountpoint warning as it is auto-created 
during start-action if it doesnt exist
 - IPsrcaddr: detect metric for main table only, and allow specifying metric if 
necessary
 - IPsrcaddr: fix PROTO regex
 - IPsrcaddr: fix monitor/status for default route not being equal to src IP 
before start, and change route src correctly in stop-action
 - IPsrcaddr: use scope host when using non-main tables
 - LVM-activate: use correct return codes to ensure correct action when failing
 - SAPInstance: be more resilient against broken kill.sap files (#1825)
 - VirtualDomain: replace error log messages with calls to ocf_exit_reason
 - WAS6: add missing ] to fix trap condition
 - aws-vpc-move-ip: allow to set the interface label
 - dnsupdate: add CNAME support (#1773)
 - docker-compose: fix number of containers/running containers logic
 - docker/podman/zabbixserver: replace error log messages with calls to 
ocf_exit_reason
 - ethmonitor/ovsmonitor/mariadb: check for bc binary
 - ethmonitor/ovsmonitor/pgsql: remove ignored attrd_updater "-q" parameter
 - exportfs: only grep in rmtab if it exists
 - galera/mariadb/mpathpersist/mysql/pgsql/sg_persist/Stateful: use 
ocf_promotion_score() to avoid issues with deprecated crm_master
 - galera/mpathpersist/sg_persist/IPsrcaddr: only check notify and promotable 
when OCF_CHECK_LEVEL=10
 - iSCSILogicalUnit: fix issue where resource was in stopped state when using 
allowed_initiators parameter (#1766)
 - lvmlockd: add "use_lvmlockd = 1" if it's commented out or missing
 - lvmlockd: fail when use_lvmlockd has not been set
 - mariadb: remove obsolete DEBUG_LOG functionality #1191
 - mysql-common: return error in stop-action if kill fails to stop the process, 
so the node can get fenced
 - mysql-proxy: update metadata to suggest secure location instead of 
/tmp/mysql-proxy.sock
 - nfsserver: add nfsv4_only parameter to make it run without rpc-statd/rpcbind 
services
 - ocf-tester: remove deprecated lrmd/lrmadmin code that hasnt worked since 
pre-pacemaker days
 - ocf-tester: use promotable terms
 - openstack-agents: set domain parameter's default to Default and fix missing 
parameter name in ocf_exit_reason
 - openstack-agents: warn when openstackcli is slow
 - openstack-cinder-volume: dont do volume_local_check during start/stop-action
 - openstack-floating-ip/openstack-virtual-ip: dont fail in validate() during 
probe-calls
 - openstack-floating-ip: fix awk only catching last id for node_port_ids
 - oracle: improve the error message if monpassword was not set. (#1767)
 - podman: add podman parameter error judgment (#1764)
 - portblock: implement blocking of outgoing ports
 - rabbitmq-server-ha: dont mkdir -p when getting meta-data or help
 - storage_mon: use the O_DIRECT flag in open() to eliminate cache effects
 - storage_mon: do random lseek even with O_DIRECT, etc
 - storage_mon: fix bug in checking of number of specified scores.
 - storage_mon: fix build-related issues
 - storage_mon: improve error messages when ioctl() fails
 - storage_mon: make -h exit just after printing help message (#1791)
 - storage_mon: fix bug in handling of child process exit
 - vdo-vol: dont fail probe action when the underlying device doesnt exist

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.12.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.12.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.12.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.12.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_ecloud

- bugfixes and enhancements:
 - all agents: unify ssl parameters to avoid having to use --ssl when using 
--ssl-secure/--ssl-insecure for some agents
 - build: add FENCETMPDIR for state files
 - build: dont rm PKG_CHECK_VAR.m4 when running maintainer-clean
 - build: fix parallel build of lib/
 - build: make xml-check: ignore detected paths in *_file parameters not 
matching saved metadata
 - configure: check for google-auth instead of deprecated oauth2client
 - fencing: add ability to set bool parameters to 0 or false
 - fencing: add plug_separator parameter to be able to specify one that isnt 
part of the plug name(s)
 - fencing: add source_env()
 - spec: fix python3-suds dependency having changed name on opensuse 16+
 - fence_apc/fence_ilo_moonshot: add missing "import logging"
 - fence_apc: add support for firmware version 7 #475
 - fence_cdu: add 8i support (#471)
 - fence_gce: add httplib2 to try/except: pass
 - fence_gce: add timeouts and failure options (#458)
 - fence_gce: add user agent to API requests (#491)
 - fence_gce: inform that SSLError might be caused by old versions of httplib2
 - fence_gce: make zone optional for get_nodes_list (#487)
 - fence_ibm_powervs: add support for proxy, private API servers and get token 
via API key (#490)
 - fence_ibm_powervs: improve defaults based on testing
 - fence_ibm_vpc: add proxy support
 - fence_ibm_vpc: add token cache support
 - fence_ibm_vpc: remove unused "instance" parameter and make limit optional
 - fence_ibmz: add option --load-on-activate
 - fence_kubevirt: take default namespace from context
 - fence_lpar: fix missing import logging, use fail_usage
 - fence_lpar: only output additional error output on DEBUG level
 - fence_lpar: support comanaged LPARs
 - fence_openstack: add --ssl-insecure
 - fence_openstack: add support for reading config from clouds.yaml and openrc
 - fence_openstack: allowing using base os ssl cacert when cacert is not 
specified
 - fence_raritan: also allow pure port number, not only system1/outletX string 
(#473)
 - fence_sbd: improve error handling
 - fence_scsi/fence_mpath: add suppress-errors option (#484)
 - fence_virt: clarify usage of ip= for vsock listener
 - fence_virt: add debug print for static map check
 - fence_virt: add note that reboot-action doesnt power on nodes that are 
powered off
 - fence_virt: allow groups to only specify vm_name without UUID
 - fence_virt: drop last qmf bits (rhel6 era)
 - fence_virt: fix clang build
 - fence_virt: fix cpg plugin build
 - fence_virt: fix serial debug output
 - fence_virt: fix tcp plugin to properly pass info to acl check
 - fence_virt: update man page for serial listener in serial mode
 - fence_virt: update man page to cover all serial listener configs
 - fence_virtd: add info about using multiple uuid/ip entries for groups
 - fence_virtd: add link and non-user socket example to man page
 - fence_virtd: add support for named groups
 - fence_virtd: set secure file permissions for fence_virtd.conf and key file 
if they are not mode 600
 - fence_wti: increase login timeout to avoid random timeouts
 - fence_zvm: deprecate agent
 - fence_zvmip: add --disable-ssl
 - fence_zvmip: show unable to connect error instead of full stacktrace, e.g. 
when not using --ssl for SSL devices

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.11.0...v4.12.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.12.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.12.0:
4.12.0-rc1: Jan 18.
4.12.0: Jan 25

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.11.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 141 issues and 50 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] multiple resources - pgsqlms - and IP(s)

[Oyvind Albrigtsen]

On 04/01/23 11:15 +0100, Tomas Jelinek wrote:

Dne 04. 01. 23 v 8:29 Reid Wahl napsal(a):

On Tue, Jan 3, 2023 at 10:53 PM lejeczek via Users
 wrote:




On 03/01/2023 21:44, Ken Gaillot wrote:

On Tue, 2023-01-03 at 18:18 +0100, lejeczek via Users wrote:

On 03/01/2023 17:03, Jehan-Guillaume de Rorthais wrote:

Hi,

On Tue, 3 Jan 2023 16:44:01 +0100
lejeczek via Users  wrote:


To get/have Postgresql cluster with 'pgsqlms' resource, such
cluster needs a 'master' IP - what do you guys do when/if
you have multiple resources off this agent?
I wonder if it is possible to keep just one IP and have all
those resources go to it - probably 'scoring' would be very
tricky then, or perhaps not?

That would mean all promoted pgsql MUST be on the same node at any
time.
If one of your instance got some troubles and need to failover,
*ALL* of them
would failover.

This imply not just a small failure time window for one instance,
but for all
of them, all the users.


Or you do separate IP for each 'pgsqlms' resource - the
easiest way out?

That looks like a better option to me, yes.

Regards,

Not related - Is this an old bug?:

-> $ pcs resource create pgsqld-apps ocf:heartbeat:pgsqlms
bindir=/usr/bin pgdata=/apps/pgsql/data op start timeout=60s
op stop timeout=60s op promote timeout=30s op demote
timeout=120s op monitor interval=15s timeout=10s
role="Master" op monitor interval=16s timeout=10s
role="Slave" op notify timeout=60s meta promotable=true
notify=true master-max=1 --disable
Error: Validation result from agent (use --force to override):
ocf-exit-reason:You must set meta parameter notify=true
for your master resource
Error: Errors have occurred, therefore pcs is unable to continue

pcs now runs an agent's validate-all action before creating a resource.
In this case it's detecting a real issue in your command. The options
you have after "meta" are clone options, not meta options of the
resource being cloned. If you just change "meta" to "clone" it should
work.

Nope. Exact same error message.
If I remember correctly there was a bug specifically
pertained to 'notify=true'


The only recent one I can remember was a core dump.
- Bug 2039675 - pacemaker coredump with ocf:heartbeat:mysql resource
(https://bugzilla.redhat.com/show_bug.cgi?id=2039675)

From a quick inspection of the pcs resource validation code
(lib/pacemaker/live.py:validate_resource_instance_attributes_via_pcmk()),
it doesn't look like it passes the meta attributes. It only passes the
instance attributes. (I could be mistaken.)

The pgsqlms resource agent checks the notify meta attribute's value as
part of the validate-all action. If pcs doesn't pass the meta
attributes to crm_resource, then the check will fail.



Pcs cannot pass meta attributes to crm_resource, because there is 
nowhere to pass them to. As defined in OCF 1.1, only instance 
attributes matter for validation, see https://github.com/ClusterLabs/OCF-spec/blob/main/ra/1.1/resource-agent-api.md#check-levels



The agents are bugged - they depend on meta data being passed to 
validation. This is already tracked and being worked on:


https://github.com/ClusterLabs/resource-agents/pull/1826

I've made a PR to fix it in pgsqlms as well:
https://github.com/ClusterLabs/PAF/pull/216


Bug 2157872 - resource-agents: fix validate-all issue with new 
pcs/pacemaker by only running some checks when OCF_CHECK_LEVEL=10

https://bugzilla.redhat.com/show_bug.cgi?id=2157872

2149113 - pcs can't create MS SQL Server cluster resources
https://bugzilla.redhat.com/show_bug.cgi?id=2149113


Regards,
Tomas


I'm on C8S with resource-agents-paf-4.9.0-35.el8.x86_64.

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/






___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] modified RA can't be used

[Oyvind Albrigtsen]

You need to update the agent name in the metadata section to be the
same as the filename.


Oyvind

On 27/06/22 14:54 +0200, Lentes, Bernd wrote:

Hi,

i adapted the RA ocf/heartbeat/VirtualDomain to my needs and renamed it to 
VirtualDomain.ssh
When i try to use it now, i get an error message.
I start e.g. "crm configure edit vm-idcc-devel" to modify an existing 
VirtualDomain that it uses the new RA
and want to save it i get the following error:
ERROR: ocf:heartbeat:VirtualDomain.ssh: got no meta-data, does this RA exist?
ERROR: ocf:heartbeat:VirtualDomain.ssh: got no meta-data, does this RA exist?
ERROR: ocf:heartbeat:VirtualDomain.ssh: no such resource agent

The RA exists in the filesystem and has the same permissions as the original:
ha-idg-1:~ # ll /usr/lib/ocf/resource.d/heartbeat/Virt*
-rwxr-xr-x 1 root root 35607 Feb 15 07:21 
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain
-rwxr-xr-x 1 root root 35747 Jun 27 14:22 
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh

The difference is only in one line i added:
ha-idg-1:~ # diff /usr/lib/ocf/resource.d/heartbeat/VirtualDomain 
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh
732a733,734

 ssh -i /root/ssh/id_rsa.mcd.shutdown mcd.shutdown@${DOMAIN_NAME} shutdown.bat
 ## new by bernd.len...@helmholtz-muenchen.de 26062022


I also copied the new RA to another folder ... same problem.
When i try to get info about the new RA i get the same error:
ha-idg-1:~ # crm ra info ocf:heartbeat:VirtualDomain.ssh
ERROR: ocf:heartbeat:VirtualDomain.ssh: got no meta-data, does this RA exist?

The VirtualDomain is shutdown. It's a two-node cluster with SLES 12 SP5,
RA exists on both nodes and is identical:

ha-idg-1:~ # sha1sum /usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh
8d075cb0745c674525802f94d4d7d2b88af8156c  
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh

ha-idg-2:~ # sha1sum /usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh
8d075cb0745c674525802f94d4d7d2b88af8156c  
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh

Any ideas ?

Bernd


--

Bernd Lentes
System Administrator
Institute for Metabolism and Cell Death (MCD)
Building 25 - office 122
HelmholtzZentrum München
bernd.len...@helmholtz-muenchen.de
phone: +49 89 3187 1241
fax: +49 89 3187 2294
http://www.helmholtz-muenchen.de/mcd


Public key:

30 82 01 0a 02 82 01 01 00 b3 72 3e ce 2c 0a 6f 58 49 2c 92 23 c7 b9 c1 ff 6c 
3a 53 be f7 9e e9 24 b7 49 fa 3c e8 de 28 85 2c d3 ed f7 70 03 3f 4d 82 fc cc 
96 4f 18 27 1f df 25 b3 13 00 db 4b 1d ec 7f 1b cf f9 cd e8 5b 1f 11 b3 a7 48 
f8 c8 37 ed 41 ff 18 9f d7 83 51 a9 bd 86 c2 32 b3 d6 2d 77 ff 32 83 92 67 9e 
ae ae 9c 99 ce 42 27 6f bf d8 c2 a1 54 fd 2b 6b 12 65 0e 8a 79 56 be 53 89 70 
51 02 6a eb 76 b8 92 25 2d 88 aa 57 08 42 ef 57 fb fe 00 71 8e 90 ef b2 e3 22 
f3 34 4f 7b f1 c4 b1 7c 2f 1d 6f bd c8 a6 a1 1f 25 f3 e4 4b 6a 23 d3 d2 fa 27 
ae 97 80 a3 f0 5a c4 50 4a 45 e3 45 4d 82 9f 8b 87 90 d0 f9 92 2d a7 d2 67 53 
e6 ae 1e 72 3e e9 e0 c9 d3 1c 23 e0 75 78 4a 45 60 94 f8 e3 03 0b 09 85 08 d0 
6c f3 ff ce fa 50 25 d9 da 81 7b 2a dc 9e 28 8b 83 04 b4 0a 9f 37 b8 ac 58 f1 
38 43 0e 72 af 02 03 01 00 01





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.11.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.11.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.11.0

The most significant enhancements in this release are:
- new resource agents:
 - corosync-qnetd
 - ocivip
 - rabbitmq-server-ha (migrated from the RabbitMQ project (#1698)

- bugfixes and enhancements:
 - Filesystem: fix logic for UUID/label devices with space between parameter 
and UUID/label
 - db2/openstack-info: fix bashisms
 - Filesystem: add support for Amazon EFS mount helper
 - Filesystem: fix OpenBSD check in fstype_supported()
 - Filesystem: unmount bind mounts before unmount file system
 - IPaddr2: allow to disable Duplicate Address Detection for IPv6
 - IPaddr2: allow to send IPv6 Neighbor Advertisements in background
 - IPsrcaddr: add warning about possible issues when used with DHCP
 - IPsrcaddr: fixes to use findif.sh to detect secondary interfaces
 - LVM-activate: change lvm_status return value from OCF_NOT_RUNNING to 
OCF_ERR_GENERIC to avoid fencing (#1753)
 - LVM-activate: replace error log messages with calls to ocf_exit_reason 
(#1730)
 - LinuxSCSI: replace error log messages with calls to ocf_exit_reason
 - Route: return OCF_NOT_RUNNING for probe action when interface or route 
doesnt exist
 - asterisk: fix sipsak check during start-action (#1715)
 - build: workaround gcc 12 warning
 - configure: only run ci/build.sh when shellcheck is present
 - db2: only warn when notify isnt set, and use ocf_local_nodename() to get 
node name
 - db2: use -l forever instead of -t nodes -l reboot, as they conflict with 
eachother
 - gcp-ilb: only check if log_cmd binary is available if log_enable is true
 - ipsec: add missing $ to make variable expand in check (#1755)
 - mysql-common: fix local SSL connection by using --ssl-mode=REQUIRED which is 
available on 5.7+ (--ssl is not available in 8.0)
 - nginx: replace error log messages with calls to ocf_exit_reason
 - nvmet-subsystem: fix allowed_initiators to avoid only running once (found by 
shellcheck)
 - ocf-distro: improve RHEL based distro detection (added AlmaLinux, Oracle 
Linux, and Rocky Linux)
 - ocf-shellfuncs: parametrise the log destination by OCF_RESKEY_trace_dir
 - ocf-shellfuncs: quote pid in ocf_pidfile_status
 - openstack-*: add insecure parameter
 - openstack-*: add support for multiple setup options (incl. 
clouds.yaml/openrc)
 - openstack-info: align op timeout with other openstack agents
 - podman: remove anonymous volumes during stop-action
 - rabbitmq-server-ha: Fix SERVER_START_ARGS sname/name use for FQDN
 - rabbitmq-server-ha: Revert "OCF RA: Do not start rabbitmq if notification of 
start is not about us" (#1713)
 - spec: fix Requires to allow install on opensuse
 - spec: fix mount.cifs if() for RHEL/CentOS 9+

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.11.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.11.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.11.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.11.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - corosync-qnetd
 - ocivip
 - rabbitmq-server-ha (migrated from the RabbitMQ project (#1698)

- bugfixes and enhancements:
 - Filesystem: add support for Amazon EFS mount helper
 - Filesystem: fix OpenBSD check in fstype_supported()
 - Filesystem: unmount bind mounts before unmount file system
 - IPaddr2: allow to disable Duplicate Address Detection for IPv6
 - IPaddr2: allow to send IPv6 Neighbor Advertisements in background
 - IPsrcaddr: add warning about possible issues when used with DHCP
 - IPsrcaddr: fixes to use findif.sh to detect secondary interfaces
 - LVM-activate: change lvm_status return value from OCF_NOT_RUNNING to 
OCF_ERR_GENERIC to avoid fencing (#1753)
 - LVM-activate: replace error log messages with calls to ocf_exit_reason 
(#1730)
 - LinuxSCSI: replace error log messages with calls to ocf_exit_reason
 - Route: return OCF_NOT_RUNNING for probe action when interface or route 
doesnt exist
 - asterisk: fix sipsak check during start-action (#1715)
 - build: workaround gcc 12 warning
 - configure: only run ci/build.sh when shellcheck is present
 - db2: only warn when notify isnt set, and use ocf_local_nodename() to get 
node name
 - db2: use -l forever instead of -t nodes -l reboot, as they conflict with 
eachother
 - gcp-ilb: only check if log_cmd binary is available if log_enable is true
 - ipsec: add missing $ to make variable expand in check (#1755)
 - mysql-common: fix local SSL connection by using --ssl-mode=REQUIRED which is 
available on 5.7+ (--ssl is not available in 8.0)
 - nginx: replace error log messages with calls to ocf_exit_reason
 - nvmet-subsystem: fix allowed_initiators to avoid only running once (found by 
shellcheck)
 - ocf-distro: improve RHEL based distro detection (added AlmaLinux, Oracle 
Linux, and Rocky Linux)
 - ocf-shellfuncs: parametrise the log destination by OCF_RESKEY_trace_dir
 - ocf-shellfuncs: quote pid in ocf_pidfile_status
 - openstack-*: add insecure parameter
 - openstack-*: add support for multiple setup options (incl. 
clouds.yaml/openrc)
 - openstack-info: align op timeout with other openstack agents
 - podman: remove anonymous volumes during stop-action
 - rabbitmq-server-ha: Fix SERVER_START_ARGS sname/name use for FQDN
 - rabbitmq-server-ha: Revert "OCF RA: Do not start rabbitmq if notification of 
start is not about us" (#1713)
 - spec: fix Requires to allow install on opensuse
 - spec: fix mount.cifs if() for RHEL/CentOS 9+

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.11.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.11.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.11.0:
4.11.0-rc1: Mar 30.
4.11.0: Apr 6.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.10.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 133 issues and 50 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] PAF CentOS RPM

[Oyvind Albrigtsen]

On 22/02/22 11:59 +0100, Jehan-Guillaume de Rorthais wrote:

Hello,

On Tue, 22 Feb 2022 09:27:16 +
lejeczek via Users  wrote:


...
Perhaps as the author(s) you can chip in and/or help via comments to
rectify this:

...

  Problem: package resource-agents-paf-4.9.0-7.el8.x86_64 requires


PAF doesn't share the same release plans than the resource-agents project, but
it seems RH included it in their build process as part as the resource-agents
one, releasing it with the same version number:
https://bugzilla.redhat.com/show_bug.cgi?id=1872754

RH is delivering PAF since the RHSA-2021:4139 security fixes and update,
in november 2021: https://access.redhat.com/errata/RHSA-2021:4139

I wasn't aware of this packaging and how it is built, neither of the repository
it is delivered to.

I am only aware of the RPM I am delivering on github, and the one provided by
the PGDG repository: https://yum.postgresql.org/packages/


...
How I understand that is that CentOS guys/community have PAF in
'resilientstorage' repo.


I have no idea why the PAF package is in this repo and not in the
HighAvailability one where I suppose it should be host. Compare:

* http://mirror.centos.org/centos/8-stream/HighAvailability/x86_64/os/Packages/
* http://mirror.centos.org/centos/8-stream/ResilientStorage/x86_64/os/Packages/

Ping Oyvind, maybe you have some input about this as the resource-agents
package maintainer?

I dont know how it got excluded on CentOS Stream only, but I've
created a bz to fix it:
https://bugzilla.redhat.com/show_bug.cgi?id=2056926


Oyvind Albrigtsen


Regards,



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.11.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.11.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.11.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_cyberpower_ssh
 - fence_ibm_vpc
 - fence_ibm_powervs
 - fence_raritan_px3

- bugfixes and enhancements:
 - configure: fix --with-agents to not match *virt in regex
 - fencing: encode instead of failing for chinese or other non-utf8 character 
sets
 - spec: add dependency for new split azure sdk packages for Fedora 35+
 - fence_aliyun: optimize log output (#449)
 - fence_amt_ws: fix "or" causing dead code
 - fence_amt_ws: fix --boot-option (choices are uppercased while getting parsed)
 - fence_azure_arm: fix support for sovereign clouds and MSI for new versions of
   azure libraries (#439)
 - fence_gce: add operation checks and multiple plug/zone support (#400)
 - fence_kdump: accept message from multiple addresses (useful for RRP 
clusters) (#374)
 - fence_kdump: properly support -v[X] and -vvv (and combinations)
 - fence_kubevirt: fix kubevirt VM status
 - fence_kubevirt: add --ssl-insecure parameter
 - fence_kubevirt: make apiversion a parameter
 - fence_kubevirt: set default power-timeout to 40s
 - fence_mpath/fence_scsi: use store path detected by configure
 - fence_pve: Replace "nodename" with "pmx-node" (matching original intent) 
(#424)
 - fence_vmware_soap: use --login-timeout option (#447)
 - fence_zvmip: add ssl/tls support
 - fence_zvmip: use ssl by default

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.10.0...v4.11.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.10.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.10.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.10.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - VirtualDomain: added the ability to unset utilization variables (#1703)
 - all agents: specify agent and OCF versions corrently in metadata
 - configure: use new SYSTEMD_ parameters
 - gcp-pd-move/gcp-vpc-move-route: dont fail failed resources instantly (caused 
by OCF_ERR_CONFIGURED)
 - iSCSILogicalUnit: do not use lio_iblock with lio-t
 - metadata.rng: update to support resource agent version according to the OCF 
standard
 - nfsnotify: fix default value for "notify_args"
 - nfsnotify: fix rpcuser error when resource start on debian (#1696)
 - nfsserver: fix NFSv4 lock failover: set NFS Server Scope (#1688)
 - ocf.py: add agent and OCF version parameters (both defaults to 1.0)
 - portblock: use ss when available, netstat is "obsolete"
 - ra-dev-guide: update agent/OCF version info (#1699)
 - storage-mon: update metadata to suggest usage in combination with 
HealthSMART agent
 - symlink: fix symlink vs target realpath comparison (#1691)
 - tickle_tcp: fix build issue on opensuse 15.3
 - tools: add nfsconvert for RHEL-based distros

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.10.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.10.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.10.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.10.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - VirtualDomain: added the ability to unset utilization variables (#1703)
 - all agents: specify agent and OCF versions corrently in metadata
 - configure: use new SYSTEMD_ parameters
 - gcp-pd-move/gcp-vpc-move-route: dont fail failed resources instantly (caused 
by OCF_ERR_CONFIGURED)
 - iSCSILogicalUnit: do not use lio_iblock with lio-t
 - metadata.rng: update to support resource agent version according to the OCF 
standard
 - nfsnotify: fix default value for "notify_args"
 - nfsnotify: fix rpcuser error when resource start on debian (#1696)
 - nfsserver: fix NFSv4 lock failover: set NFS Server Scope (#1688)
 - ocf.py: add agent and OCF version parameters (both defaults to 1.0)
 - portblock: use ss when available, netstat is "obsolete"
 - ra-dev-guide: update agent/OCF version info (#1699)
 - storage-mon: update metadata to suggest usage in combination with 
HealthSMART agent
 - symlink: fix symlink vs target realpath comparison (#1691)
 - tickle_tcp: fix build issue on opensuse 15.3
 - tools: add nfsconvert for RHEL-based distros


The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.10.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.10.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.10.0:
4.10.0-rc1: Oct 27.
4.10.0: Nov 3.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.9.0...master

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 130 issues and 58 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Antw: [EXT] resource‑agents v4.9.0

[Oyvind Albrigtsen]

On 19/08/21 12:13 +0200, Ulrich Windl wrote:

Hi!

Just one point: The description "ocf-shellfuncs: Remove a bashism in" seems
incomplete.

Nice catch.

Just a bad rewrite of commit text for the changelog:
Remove a bashism in ocf-shellfuncs.in


Regards,
Ulrich


Oyvind Albrigtsen  schrieb am 19.08.2021 um 09:51 in

Nachricht <20210819075143.n7z2n7xjqzids...@redhat.com>:

ClusterLabs is happy to announce resource‑agents v4.9.0.

Source code is available at:
https://github.com/ClusterLabs/resource‑agents/releases/tag/v4.9.0

The most significant enhancements in this release are:
‑ new resource agents:
  ‑ gcp‑ilb
  ‑ nvmet‑subsystem/nvmet‑namespace/nvmet‑port
  ‑ openstack‑virtual‑ip
  ‑ smb‑share
  ‑ storage‑mon

‑ bugfixes and enhancements:
  ‑ CTDB: replace timeout override with ctdb_timeout parameter (#1661)
  ‑ Filesystem: do not call partprobe for bind mounts
  ‑ LVM‑activate: disable VG autoactivation in system_id access_mode
  ‑ LVM‑activate: fix drop‑in check to avoid re‑creating drop‑in file when

it

already exists
  ‑ SAPInstance: Fix for issue #1680 ‑ SAPInstance fails to detect systemd
integration (#1681)
  ‑ SAPInstance: add systemd compatability (#1662)
  ‑ VirtualDomain: add code to set the host_memory value for Utilization
(#1649)
  ‑ VirtualDomain: add start_resources parameter that ensures needed

virtual

storage pools and networks are up and refreshed when enabled
  ‑ VirtualDomain: drop prefix xenmigr from migrate uri
  ‑ azure‑events: update api_version
  ‑ build: fix out‑of‑tree build for man pages
  ‑ configure: add /usr/local/share to fallback path to be scanned for
docbook path
  ‑ configure: test for json and remove hardcoded #! in openstack‑info
  ‑ db2: add PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED status to

promote‑check

  ‑ dummy: add missing action to dummy_usage function
  ‑ findif: popen requires pclose and not fclose (#1664)
  ‑ gcp‑vpc‑move‑route: add serviceaccount JSON file support
  ‑ gcp‑vpc‑move‑vip.in: add retry to avoid failing on first failed request
  ‑ gcp‑vpc‑move‑vip: add serviceaccount JSON file support
  ‑ iSCSILogicalUnit: lio‑t: support setting product_id
  ‑ lvmlockd: remove cmirrord support as it's incompatible with lvmlockd
  ‑ mdraid: add option description for OCF_CHECK_LEVEL
  ‑ mysql: add support for local SSL connection (#1682)
  ‑ ocf‑shellfuncs: Remove a bashism in
  ‑ openstack‑cinder‑volume: CLI output parsing fixes, fetch of node ID
consistency, monitor action simplification, and return error when validate
fails
  ‑ openstack‑floating‑ip: return error when validate fails and small log
message fixes.
  ‑ openstack‑info: run validate in start action. (#1639)
  ‑ openstack‑info: updates due to API output format changes and attempt to



future‑proof parsing of the output.
  ‑ podman: workaround race during container creation
  ‑ spec: remove chkconfig dependency for Fedora < 34

The full list of changes for resource‑agents is available at:
https://github.com/ClusterLabs/resource‑agents/blob/v4.9.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource‑agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/




___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.9.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.9.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.9.0

The most significant enhancements in this release are:
- new resource agents:
 - gcp-ilb
 - nvmet-subsystem/nvmet-namespace/nvmet-port
 - openstack-virtual-ip
 - smb-share
 - storage-mon

- bugfixes and enhancements:
 - CTDB: replace timeout override with ctdb_timeout parameter (#1661)
 - Filesystem: do not call partprobe for bind mounts
 - LVM-activate: disable VG autoactivation in system_id access_mode
 - LVM-activate: fix drop-in check to avoid re-creating drop-in file when it 
already exists
 - SAPInstance: Fix for issue #1680 - SAPInstance fails to detect systemd 
integration (#1681)
 - SAPInstance: add systemd compatability (#1662)
 - VirtualDomain: add code to set the host_memory value for Utilization (#1649)
 - VirtualDomain: add start_resources parameter that ensures needed virtual
   storage pools and networks are up and refreshed when enabled
 - VirtualDomain: drop prefix xenmigr from migrate uri
 - azure-events: update api_version
 - build: fix out-of-tree build for man pages
 - configure: add /usr/local/share to fallback path to be scanned for docbook 
path
 - configure: test for json and remove hardcoded #! in openstack-info
 - db2: add PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED status to promote-check
 - dummy: add missing action to dummy_usage function
 - findif: popen requires pclose and not fclose (#1664)
 - gcp-vpc-move-route: add serviceaccount JSON file support
 - gcp-vpc-move-vip.in: add retry to avoid failing on first failed request
 - gcp-vpc-move-vip: add serviceaccount JSON file support
 - iSCSILogicalUnit: lio-t: support setting product_id
 - lvmlockd: remove cmirrord support as it's incompatible with lvmlockd
 - mdraid: add option description for OCF_CHECK_LEVEL
 - mysql: add support for local SSL connection (#1682)
 - ocf-shellfuncs: Remove a bashism in
 - openstack-cinder-volume: CLI output parsing fixes, fetch of node ID 
consistency, monitor action simplification, and return error when validate fails
 - openstack-floating-ip: return error when validate fails and small log 
message fixes.
 - openstack-info: run validate in start action. (#1639)
 - openstack-info: updates due to API output format changes and attempt to 
future-proof parsing of the output.
 - podman: workaround race during container creation
 - spec: remove chkconfig dependency for Fedora < 34

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.9.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.9.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.9.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.9.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - gcp-ilb
 - nvmet-subsystem/nvmet-namespace/nvmet-port
 - openstack-virtual-ip
 - smb-share
 - storage-mon

- bugfixes and enhancements:
 - CTDB: replace timeout override with ctdb_timeout parameter (#1661)
 - Filesystem: do not call partprobe for bind mounts
 - LVM-activate: disable VG autoactivation in system_id access_mode
 - LVM-activate: fix drop-in check to avoid re-creating drop-in file when it 
already exists
 - SAPInstance: Fix for issue #1680 - SAPInstance fails to detect systemd 
integration (#1681)
 - SAPInstance: add systemd compatability (#1662)
 - VirtualDomain: add code to set the host_memory value for Utilization (#1649)
 - VirtualDomain: add start_resources parameter that ensures needed virtual
   storage pools and networks are up and refreshed when enabled
 - VirtualDomain: drop prefix xenmigr from migrate uri
 - azure-events: update api_version
 - build: fix out-of-tree build for man pages
 - configure: add /usr/local/share to fallback path to be scanned for docbook 
path
 - configure: test for json and remove hardcoded #! in openstack-info
 - db2: add PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED status to promote-check
 - dummy: add missing action to dummy_usage function
 - findif: popen requires pclose and not fclose (#1664)
 - gcp-vpc-move-route: add serviceaccount JSON file support
 - gcp-vpc-move-vip.in: add retry to avoid failing on first failed request
 - gcp-vpc-move-vip: add serviceaccount JSON file support
 - iSCSILogicalUnit: lio-t: support setting product_id
 - lvmlockd: remove cmirrord support as it's incompatible with lvmlockd
 - mdraid: add option description for OCF_CHECK_LEVEL
 - mysql: add support for local SSL connection (#1682)
 - ocf-shellfuncs: Remove a bashism in
 - openstack-cinder-volume: CLI output parsing fixes, fetch of node ID 
consistency, monitor action simplification, and return error when validate fails
 - openstack-floating-ip: return error when validate fails and small log 
message fixes.
 - openstack-info: run validate in start action. (#1639)
 - openstack-info: updates due to API output format changes and attempt to 
future-proof parsing of the output.
 - podman: workaround race during container creation
 - spec: remove chkconfig dependency for Fedora < 34

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.9.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.9.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.9.0:
4.9.0-rc1: Aug 12.
4.9.0: Aug 19.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.8.0...master

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 129 issues and 57 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.10.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.10.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.10.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_cdu
 - fence_kubevirt

- bugfixes and enhancements:
 - log exceptions to be more detailed when failing
 - build: expose delay-check to be able to skip the other tests when debugging
 - spec: export PYTHON to avoid configure ignoring it
 - fence_azure_arm: corrections to support Azure SDK >= 15 - including backward 
compatibility (#415)
 - fence_gce: make serviceaccount work with new libraries
 - fence_sbd: log warning when disable-timeout is enabled

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.9.0...v4.10.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.9.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.9.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.9.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: enable fence_virtd cpg plugin by default
 - build: tidy up module sources
 - fence_aws: add filter parameter to be able to limit which nodes are listed
 - fence_gce: default method moved back to powercycle (#389)
 - fence_lindypdu: new fence agent
 - fence_mpath: watchdog retries support
 - fence_openstack: major rework of the agent. (#397)
 - fence_redfish: add missing diag logic
 - fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds 
on some archs
 - fence_virt: fix required=1 parameters that used to not be required and add 
deprecated=1 for old deprecated params
 - fencing: add multi plug support for reboot-action
 - fencing: add stonith_status_sleep parameter for sleep between status calls 
during a STONITH action
 - fencing: fix issue with hardcoded help text length for metadata
 - virt: drop fence_virtd non-modular build
 - virt: drop null, libvirt-qmf, pm-fence plugins
 - virt: fixes and cleanup of deadcode

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.8.0...v4.9.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.8.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.8.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.8.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - awsvip: dont partially match similar IPs during monitor-action
 - aws agents: dont spam log files when getting token
 - galera/rabbitmq-cluster/redis: run crm_mon without performing validation
   to solve pcmk version mismatch issues between host and container(s)
 - podman: return OCF_NOT_RUNNING when monitor cmd fails (not running)
 - Filesystem: change force_unmount default to safe for RHEL9+
 - Route: return OCF_NOT_RUNNING status if iface doesn't exist.
 - VirtualDomain: fix pid_status() on EL8 (and other distros with newer 
versions of qemu) (#1614)
 - anything: only write PID to pidfile (when sh prints message(s))
 - azure-lb: redirect stdout and stderr to /dev/null to avoid nc dying with 
EPIPE error
 - configure: dont use OCF_ROOT_DIR from glue.h
 - docker-compose: use -f $YML in all calls to avoid issues when not using 
default YML file
 - gcp-vpc-move-route, gcp-vpc-move-vip: add project ID parameter
 - gcp-vpc-move-route: fix stop-action when route stopped, and fix 
check_conflicting_routes()
 - gcp-vpc-move-route: make "vpc_network" optional
 - gcp-vpc-move-vip: correctly return error when no instances are returned
 - ldirectord: added real servers threshold settings
 - mysql-common: check datadir permissions
 - nfsclient: fix stop-action when export not present
 - nfsserver: error-check unbind_tree
 - pgsql: make wal receiver check compatible with PostgreSQL >= 11
 - spec: add BuildRequires for google lib

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.8.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.8.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.8.0.

The fence-virt repository has been merged into fence-agents, so be
sure to give fence_virt, fence_xvm and fence_virtd some additional
testing to ensure it doesnt have any issues we havent caught in our
initial testing.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.8.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_gce: adds cloud-platform scope for bare metal API and optional proxy 
flags (#382)
 - fence_gce: support google-auth and oauthlib and fallback to deprecated libs 
when not available
 - fence_redfish: add diag-action
 - spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
 - spec: undo autosetup change that breaks builds w/git commit hashes
 - spec: use python3 path for newer releases

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.7.1...v4.8.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.8.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.8.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.8.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - Filesystem: change force_unmount default to safe for RHEL9+
 - Route: return OCF_NOT_RUNNING status if iface doesn't exist.
 - VirtualDomain: fix pid_status() on EL8 (and other distros with newer 
versions of qemu) (#1614)
 - anything: only write PID to pidfile (when sh prints message(s))
 - azure-lb: redirect stdout and stderr to /dev/null to avoid nc dying with 
EPIPE error
 - configure: dont use OCF_ROOT_DIR from glue.h
 - docker-compose: use -f $YML in all calls to avoid issues when not using 
default YML file
 - gcp-vpc-move-route, gcp-vpc-move-vip: add project ID parameter
 - gcp-vpc-move-route: fix stop-action when route stopped, and fix 
check_conflicting_routes()
 - gcp-vpc-move-route: make "vpc_network" optional
 - gcp-vpc-move-vip: correctly return error when no instances are returned
 - ldirectord: added real servers threshold settings
 - mysql-common: check datadir permissions
 - nfsclient: fix stop-action when export not present
 - nfsserver: error-check unbind_tree
 - pgsql: make wal receiver check compatible with PostgreSQL >= 11
 - spec: add BuildRequires for google lib

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.8.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.8.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.8.0:
4.8.0-rc1: Mar 17.
4.8.0: Mar 24.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.7.0...master

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 119 issues and 57 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-virt: consider to merge into fence-agents git repository

[Oyvind Albrigtsen]

Hi,

We are considering to merge the fence-virt repo into the fence-agents
git repository.

Tell us if you have any objections to merging the git repositories, so
we can take any objections into consideration.


Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] fence-agents v4.7.1

[Oyvind Albrigtsen]

Correction: bugfix release for v4.7.0.

On 08/02/21 12:01 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v4.7.1, which is a
bugfix release for v4.7.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
- fence_aws/fence_gce: allow building without cloud libs
- fence_gce: default to onoff
- fence_gce: add service account authentication
- fence_gce: fix 'googleapiclient' has no attribute '__version__'
  issue with newer versions of googleapiclient
- fence_ipmilan: create fence_ipmilanplus symlink with lanplus
  enabled by default
- fence_lpar: make managed a required parameter
- fence_vbox: do not flood shell history with vboxmanage calls
- fence_zvmip: fix shell-timeout when using new disable-timeout parameter
- spec: dont build -all subpackage as noarch (due to different
  dependencies per arch)

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.7.1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.7.1, which is a
bugfix release for v4.7.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_aws/fence_gce: allow building without cloud libs
 - fence_gce: default to onoff
 - fence_gce: add service account authentication
 - fence_gce: fix 'googleapiclient' has no attribute '__version__'
   issue with newer versions of googleapiclient
 - fence_ipmilan: create fence_ipmilanplus symlink with lanplus
   enabled by default
 - fence_lpar: make managed a required parameter
 - fence_vbox: do not flood shell history with vboxmanage calls
 - fence_zvmip: fix shell-timeout when using new disable-timeout parameter
 - spec: dont build -all subpackage as noarch (due to different
   dependencies per arch)

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] CVE-2020-11078 vulnerable to resource-agents module

[Oyvind Albrigtsen]

There is no fix for this in the agents, so you just need to check that
you're using httplib2 v0.18.0 or later, or that your distros httplib2
package changelog mentions that the CVE has been fixed to ensure you
wont be vulnerable.

https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq


Oyvind

On 01/02/21 12:54 +, S Sathish S wrote:

Hi Team,

Any update on below query.

Thanks and Regards,
S Sathish S
From: S Sathish S
Sent: Wednesday, January 27, 2021 3:33 PM
To: 'users@clusterlabs.org' 
Subject: CVE-2020-11078 vulnerable to resource-agents module

Hi Team,

We need to know whether CVE-2020-11078 vulnerable to resource-agents module, 
kindly confirm on this.

https://github.com/ClusterLabs/resource-agents --> 3.9.5


Thanks and Regards,
S Sathish S



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] fence-agents v4.7.0

[Oyvind Albrigtsen]

Updating subject to the correct version.

On 09/12/20 10:20 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v4.7.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.0

The most significant enhancements in this release are:
- new fence agents:
- fence_crosslink

- bugfixes and enhancements:
- build: add pkg-config file
- build: depend on config changes to rebuild when running make after running 
./configure
- fence_aws: add support for IMDSv2
- fence_gce: add baremetal support and parameter to set API call 
timeout/retries (#355)
- fence_mpath, fence_scsi: capture stderr in run_cmd()
- fence_mpath, fence_scsi: improve logging for failed res/key get
- fence_scsi: dont write key to device if it's already registered, and open 
file correctly to avoid using regex against end-of-file
- fencing: add disable-timeout parameter, and make it default when run from 
Pacemaker (at least 2.0+)
- spec: add pkg-config file, and set version for obsoletes to avoid failing to 
build on Fedora 33
- spec: make telnet a weak dependency

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.6.0...v4.7.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.6.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.7.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_crosslink

- bugfixes and enhancements:
 - build: add pkg-config file
 - build: depend on config changes to rebuild when running make after running 
./configure
 - fence_aws: add support for IMDSv2
 - fence_gce: add baremetal support and parameter to set API call 
timeout/retries (#355)
 - fence_mpath, fence_scsi: capture stderr in run_cmd()
 - fence_mpath, fence_scsi: improve logging for failed res/key get
 - fence_scsi: dont write key to device if it's already registered, and open 
file correctly to avoid using regex against end-of-file
 - fencing: add disable-timeout parameter, and make it default when run from 
Pacemaker (at least 2.0+)
 - spec: add pkg-config file, and set version for obsoletes to avoid failing to 
build on Fedora 33
 - spec: make telnet a weak dependency

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.6.0...v4.7.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.7.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.7.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.7.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - ocf-shellfuncs: make ocf_is_bash4() detect Bash v4 or greater (which it was 
supposed to according to the comments)
 - ocft: fix OCF_RESKEY_CRM_meta_timeout
 - crypt: avoid failing for LVM exclusive volumes by not running full sanity 
check during probes
 - LVM-activate: use systemd drop-in to stop before blk-availability.service
 - ocf-distro: improve robustness and specificity (#1558)
 - crypt: allow encrypted_dev to be symlink to support using devices in 
/dev/disk/... or by UUID
 - iface-vlan: vlan_{interface,id} do not have to be unique
 - Build: fix systemd paths when using non standard prefix
 - Configure: default to build heartbeat agents only
 - Configure: use pkg-config to detect systemd-paths to make CI able to define 
them the same way for all CL-projects
 - CI: add pkg-config file
 - AWS agents: add support for IMDSv2
 - Filesystem: Default fast_stop to no for RHEL 9+ and for other distros
 - Filesystem: POSIX-compliant syntax for portability
 - Filesystem: make mmap search not match partial matches
 - Filesystem: support whitespace in device or directory name
 - LVM-activate: use systemd drop-in to stop before blk-availability.service
 - SAPInstance: introduce MINIMAL_PROBE resource parameter (#1564)
 - asterisk: chown directory if not writable by user (#1583)
 - aws-vpc-move-ip: add "region" parameter
 - aws-vpc-move-ip: added optional eni lookup (defaults to instance id)
 - aws-vpc-move-ip: don't warn for expected scenarios
 - aws-vpc-move-ip: use "region" parameter for all commands
 - azure-events: import URLError and encode postData when necessary
 - azure-events: only decode() when exec() output not of type str
 - azure-events: report error if jsondata not received
 - azure-lb: don't redirect nc listener output to pidfile
 - crypt: allow encrypted_dev to be symlink to support using devices in 
/dev/disk/... or by UUID
 - crypt: avoid failing for LVM exclusive volumes by not running full sanity 
check during probes
 - crypt: fix missing && to set exit_reason
 - crypt: make key_file and crypt_type parameters not unique
 - docker-compose: use "docker ps" to improve status accuracy (#1523)
 - ethmonitor: make regex also match vlan interfaces
 - galera/redis: support RHEL 8.1 pacemaker
 - galera/redis: use --output-as for crm_mon w/newer Pacemaker, and prepare for 
Promoted role
 - galera: fix automatic recovery when a cluster was not gracefully stopped
 - galera: fix check_user configuration with clustercheck
 - galera: recover after network split in a 2-node cluster
 - galera: recover from joining a non existing cluster
 - galera: set bootstrap attribute before promote
 - gcp-pd-move: fixes to not match partial disk_name and make regional PD's work
 - gcp-vpc-move-vip: add support for multiple alias IP ranges on one node
 - gcp-vpc-move-vip: fix sort for list of dicts in Python3
 - gcp-vpc-move-vip: improve metadata and log messages
 - iSCSILogicalUnit: lio-t: add pscsi LIO-T backing store
 - iSCSITarget: add support for LIO-T incoming CHAP auth for TPG
 - iface-vlan: vlan_{interface,id} does not have to be unique
 - kamailio: use correct pkill parameters
 - man: use OCF_CHECK_LEVEL for depth parameters in pcs examples
 - man: use promotable keyword in manpage examples
 - mdraid: fix bashism
 - nfsnotify/nfsserver: fix SELinux issue due to newer ls versions giving 
additional output
 - nfsserver: stop nfsdcld if present during stop-action
 - ocf-distro: improve robustness and specificity (#1558)
 - ocf.py: fix problem when OCF_RESKEY_CRM_meta_interval is not set
 - ocf.py: fix usage for py2 when self param is involved
 - ocf_version_cmp(): enable comparing versions containing git hashes and more
 - pgsql: support RHEL 8.1 pacemaker
 - podman: recover from killed conmon side process
 - podman: recover from podman's storage being out of sync
 - send_arp (libnet): use sigaction() instead of deprecated siginterrupt()
 - send_ua/IPv6addr: use sigaction() instead of deprecated siginterrupt()
 - spec: fix lsb_release dependency
 - spec: ldirectord: added perl-IO-Socket-INET6 dependency on Fedora
 - spec: make Samba/CIFS dependency weak for Fedora 32 and RHEL/CentOS 8 and 
remove the
   dependency for later Fedora/RHEL/CentOS versions
 - spec: dont use Recommends for RHEL/CentOS 7 or older (where it's not 
supported)
 - sybaseASE: add logfile parameter
 - sybaseASE: run verify_all() for start operation only

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.7.0/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all 

[ClusterLabs] resource-agents v4.7.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.7.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.7.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - Build: fix systemd paths when using non standard prefix
 - Configure: default to build heartbeat agents only
 - Configure: use pkg-config to detect systemd-paths to make CI able to define 
them the same way for all CL-projects
 - CI: add pkg-config file
 - AWS agents: add support for IMDSv2
 - Filesystem: Default fast_stop to no for RHEL 9+ and for other distros
 - Filesystem: POSIX-compliant syntax for portability
 - Filesystem: make mmap search not match partial matches
 - Filesystem: support whitespace in device or directory name
 - LVM-activate: use systemd drop-in to stop before blk-availability.service
 - SAPInstance: introduce MINIMAL_PROBE resource parameter (#1564)
 - asterisk: chown directory if not writable by user (#1583)
 - aws-vpc-move-ip: add "region" parameter
 - aws-vpc-move-ip: added optional eni lookup (defaults to instance id)
 - aws-vpc-move-ip: don't warn for expected scenarios
 - aws-vpc-move-ip: use "region" parameter for all commands
 - azure-events: import URLError and encode postData when necessary
 - azure-events: only decode() when exec() output not of type str
 - azure-events: report error if jsondata not received
 - azure-lb: don't redirect nc listener output to pidfile
 - crypt: allow encrypted_dev to be symlink to support using devices in 
/dev/disk/... or by UUID
 - crypt: avoid failing for LVM exclusive volumes by not running full sanity 
check during probes
 - crypt: fix missing && to set exit_reason
 - crypt: make key_file and crypt_type parameters not unique
 - docker-compose: use "docker ps" to improve status accuracy (#1523)
 - ethmonitor: make regex also match vlan interfaces
 - galera/redis: support RHEL 8.1 pacemaker
 - galera/redis: use --output-as for crm_mon w/newer Pacemaker, and prepare for 
Promoted role
 - galera: fix automatic recovery when a cluster was not gracefully stopped
 - galera: fix check_user configuration with clustercheck
 - galera: recover after network split in a 2-node cluster
 - galera: recover from joining a non existing cluster
 - galera: set bootstrap attribute before promote
 - gcp-pd-move: fixes to not match partial disk_name and make regional PD's work
 - gcp-vpc-move-vip: add support for multiple alias IP ranges on one node
 - gcp-vpc-move-vip: fix sort for list of dicts in Python3
 - gcp-vpc-move-vip: improve metadata and log messages
 - iSCSILogicalUnit: lio-t: add pscsi LIO-T backing store
 - iSCSITarget: add support for LIO-T incoming CHAP auth for TPG
 - iface-vlan: vlan_{interface,id} does not have to be unique
 - kamailio: use correct pkill parameters
 - man: use OCF_CHECK_LEVEL for depth parameters in pcs examples
 - man: use promotable keyword in manpage examples
 - mdraid: fix bashism
 - nfsnotify/nfsserver: fix SELinux issue due to newer ls versions giving 
additional output
 - nfsserver: stop nfsdcld if present during stop-action
 - ocf-distro: improve robustness and specificity (#1558)
 - ocf.py: fix problem when OCF_RESKEY_CRM_meta_interval is not set
 - ocf.py: fix usage for py2 when self param is involved
 - ocf_version_cmp(): enable comparing versions containing git hashes and more
 - pgsql: support RHEL 8.1 pacemaker
 - podman: recover from killed conmon side process
 - podman: recover from podman's storage being out of sync
 - send_arp (libnet): use sigaction() instead of deprecated siginterrupt()
 - send_ua/IPv6addr: use sigaction() instead of deprecated siginterrupt()
 - spec: fix lsb_release dependency
 - spec: ldirectord: added perl-IO-Socket-INET6 dependency on Fedora
 - spec: make Samba/CIFS dependency weak for Fedora 32 and RHEL/CentOS 8 and 
remove the
   dependency for later Fedora/RHEL/CentOS versions
 - spec: dont use Recommends for RHEL/CentOS 7 or older (where it's not 
supported)
 - sybaseASE: add logfile parameter
 - sybaseASE: run verify_all() for start operation only

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.7.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.7.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.7.0:
4.7.0-rc1: Dec 2.
4.7.0: Dec 9.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.6.1...master

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 118 issues and 57 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Pacemaker/corosync with PostgreSQL 12

[Oyvind Albrigtsen]

Add the "recovery.conf" parameters to postgresql.conf (except the
standby one) and touch standby.signal (which does the same thing).

After you've verified that it's working and stop PostgreSQL you simply
rm standby.signal and the "recovery.conf" specific parameters, and the
resource agent will properly add/remove them when appropriate.

On 04/09/20 08:47 +, Ларионов Андрей Валентинович wrote:

Hello,

Please, can you provide example, explanation or give link to existing 
documentation - how to use
pacemaker/corosync for HA Cluster for PostgreSQL 12.x?
Problem is what in PostgreSQL 12 file "recovery.conf" is deprecated, not used 
now.

--
WBR,
Andrey Larionov




___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.6.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.6.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.6.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_ibmz for IBM z LPARs
 - fence_skalar for Skala-R virtualization platform

- bugfixes and enhancements:
 - build: add PHONY target to use directory dependencies for parallel builds
 - build: add directory dependencies to avoid edge-case where generating
   manpages could happen before fencing.py was generated
 - configure: fix agent filtering
 - fence_aws: fix fence race, logging improvement and new debug option
 - fence_aws: catch ConnectionError and suppress traceback for caught exceptions
 - fence_aws: fix Python 3 encoding issue
 - fence_aws: improve boto3_debug boolean handling
 - fence_aws: improve connect parameter logic, so region can be specified as
   parameter, while using role or keys from ~/.aws/config
 - fence_aws: improve logging and metadata/usage text
 - fence_azure_arm: fixes to make MSI support work
 - fence_azure_arm: log metadata when debugging
 - fence_compute/fence_evacuate: fix --insecure parameter that was enabled by
   default
 - fence_evacuate: enable evacuation of instances using private flavors
 - fence_gce: disable Google API cache discovery
 - fence_ipmilan: add ability to increase ipmitool verbosity
 - fence_lpar: fix list-status action for hmc-version 4 and IVM
 - fence_lpar: fix parse error from long command line
 - fence_lpar: reduce code duplication in get_lpar_list
 - fence_mpath: allow spaces for comma-separated devices and add support for
   space-separated devices
 - fence_mpath: fix --reserve parameter typo
 - fence_openstack: import novaclient and keystone only when needed
 - fence_redfish/fence_vmware_soap: suppress warnings correctly with new
   python-requests
 - fence_scsi use clusterwide nodeID instead of local nodelist ID of node
 - fence_scsi: add readonly parameter
 - fence_virsh/fence_vbox: fix status-based actions
 - fence_vmware_cloud: improve exception handling in send_command()
 - fence_vmware_rest: add filter parameter
 - fence_vmware_rest: dont fail when receiving "more than 1000 VM" error during
   monitor-action
 - fence_vmware_rest: fix encoding to avoid issues with UTF-8 encoded comments
 - fence_vmware_rest: improve exception handling in send_command()
 - fence_vmware_rest: support UTF-8 VM names
 - fence_vmware_soap: log exception message for SSLError exception
 - fencing: add verbose_level option
 - fencing: only use inetX_only parameters for SSH based agents and fence_zvmip,
   and fix syntax issue for Gawk v5+
 - spec: add -aws and -gce dependency to -all subpackage
 - spec: add missing BuildRequires found when backporting to Fedora
 - spec: add novaclient dependency for fence_compute depends on novaclient
 - spec: fix openstack BuildRequires for distros without Python 3
 - spec: use Python 3 when PYTHON not defined and pass PYTHON  path when running
   rpmbuild

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.5.2...v4.6.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Custom resource agent

[Oyvind Albrigtsen]

You should be able to make your custom agent by following this doc:
https://github.com/ClusterLabs/resource-agents/blob/master/doc/dev-guides/ra-dev-guide.asc

Oyvind

On 13/07/20 10:08 +0200, Sim wrote:

Hi,
I need to create a cluster with these characteristics:

NODE1 (Master)
NODE2 (Slave)

Example sequence to moving the role from NODE1 to NODE2:

- NODE1: stopped a process with "systemctl stop"
- NODE1: executed a script with parameter "slave"
- NODE1: executed again the process with "systemctl start"
- NODE2: stopped a process with "systemctl stop"
- NODE2: executed a script "master"
- NODE2: executed again the process with "systemctl start"

I only found ocf_heartbeat_anything but I don't know if it's right for me.
Any suggestions?

Regards
Sim



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.6.1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.6.1, which is a
bugfix release for v4.6.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.6.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - dummypy: add agent to Makefiles/configure and change from f-strings to make 
it
   compatible with Python < 3.6

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.6.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.6.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.6.0

The most significant enhancements in this release are:
- new resource agents:
 - crypt
 - mdraid
 - docker-compose
 - dummypy

- bugfixes and enhancements:
 - ocf_is_ms(): also check OCF_RESKEY_CRM_meta_promotable to make it work 
w/Pacemaker 2.x
 - pgsql: use XML output for better backward and forward compatibility, and 
"Promoted"
   keyword to be ready for Pacemaker 2.1
 - ldirectord: add support for ldaps
 - Filesystem: set "fast_stop" default to "no" for GFS2 filesystems as they are
   likely to use more than 6 seconds to stop
 - exportfs: fix ocft script failure
 - build: fix failing to run "ln -s" if link already exists
 - Multiple RA: fix bashisms
 - Filesystem: add lustre as networked filesystem
 - Multiple RA: use secure tmp file location
 - Squid: added squid_opts parameter to metadata
 - ZFS: importforce should not be a unique parameter.
 - aliyun-vpc-move-ip: log output when failing and add debug logging
 - aws-vpc-move-ip/aws-vpc-route53: add awscli parameter for consistency with
   other AWS agents
 - aws-vpc-move-ip: delete remaining route entries
 - aws-vpc-route53: cleanup and improvements
 - aws-vpc-route53: add support for public and secondary private IPs
 - azure-events: handle exceptions in urlopen()
 - clvm: fix _default variables for daemon_options and activate_vgs
 - db2: HADR add STANDBY/REMOTE_CATCHUP_PENDING/DISCONNECTED to correctly
   promote standby node when master node disappears (e.g. via fencing)
 - exportfs: add symlink support
 - galera: fix value used for connecting with empty password.
 - gcp-pd-move: fixes and improvements
 - gcp-vpc-move-route/gcp-vpc-move-vip: disable google api cache discovery
 - nfsserver: fix NFSv4-only support
 - nfsserver: prevent error messages when /etc/sysconfig/nfs does not exist
 - ocf-shellfuncs: fix ocf_is_clone() (clone_max can be 0 with cloned resources)
 - ocf.py: eliminated logging.basicConfig(), which made all log data appear in
   stderr as well
 - oracle: increase security of monitor user in oracle
 - pgsql: support to crm_mon output for Pacemaker-2.0.3.
 - podman: make sure to remove containers with lingering exec sessions
 - rabbitmq-cluster: increase the rabbitmqctl wait timeout during start()
 - redis: run validate-action during start
 - tomcat: only create directory during start action

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.6.0/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.6.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.6.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.6.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - crypt
 - mdraid
 - docker-compose
 - dummypy

- bugfixes and enhancements:
 - Filesystem: add lustre as networked filesystem
 - Multiple RA: use secure tmp file location
 - Squid: added squid_opts parameter to metadata
 - ZFS: importforce should not be a unique parameter.
 - aliyun-vpc-move-ip: log output when failing and add debug logging
 - aws-vpc-move-ip/aws-vpc-route53: add awscli parameter for consistency with
   other AWS agents
 - aws-vpc-move-ip: delete remaining route entries
 - aws-vpc-route53: cleanup and improvements
 - aws-vpc-route53: add support for public and secondary private IPs
 - azure-events: handle exceptions in urlopen()
 - clvm: fix _default variables for daemon_options and activate_vgs
 - db2: HADR add STANDBY/REMOTE_CATCHUP_PENDING/DISCONNECTED to correctly
   promote standby node when master node disappears (e.g. via fencing)
 - exportfs: add symlink support
 - galera: fix value used for connecting with empty password.
 - gcp-pd-move: fixes and improvements
 - gcp-vpc-move-route/gcp-vpc-move-vip: disable google api cache discovery
 - nfsserver: fix NFSv4-only support
 - nfsserver: prevent error messages when /etc/sysconfig/nfs does not exist
 - ocf-shellfuncs: fix ocf_is_clone() (clone_max can be 0 with cloned resources)
 - ocf.py: eliminated logging.basicConfig(), which made all log data appear in
   stderr as well
 - oracle: increase security of monitor user in oracle
 - pgsql: support to crm_mon output for Pacemaker-2.0.3.
 - podman: make sure to remove containers with lingering exec sessions
 - rabbitmq-cluster: increase the rabbitmqctl wait timeout during start()
 - redis: run validate-action during start
 - tomcat: only create directory during start action

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.6.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.6.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.6.0:
4.6.0-rc1: June 11.
4.6.0: June 18.

New agents:
- crypt
- mdraid
- docker-compose

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.5.0...master

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 117 issues and 55 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] unable to start fence_scsi on a new add node

[Oyvind Albrigtsen]

Sound like you need to increase the number of journals for your GFS2
filesystem.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/global_file_system_2/s1-manage-addjournalfs


Oyvind

On 19/04/20 11:03 +, Stefan Sabolowitsch wrote:

Andrei,
i found this.
if i try to mount the volume by hand, i get this error message

[root@logger log]# mount /dev/mapper/vg_cluster-lv_cluster /data-san
mount: mount /dev/mapper/vg_cluster-lv_cluster on /data-san failed: to many 
users
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] iSCSILogicalUnit - scsi_id and multiple clusters

[Oyvind Albrigtsen]

On 06/03/20 13:22 +0200, Strahil Nikolov wrote:

On March 6, 2020 11:06:13 AM GMT+02:00, Oyvind Albrigtsen  
wrote:

Hi Strahil,

It seems like it tries to set one based on the resource name, and from
a quick check it seems like it also did on RHEL 7.5.

https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/iSCSILogicalUnit.in#L57


Oyvind

On 05/03/20 23:15 +0200, Strahil Nikolov wrote:

Hey Community,

I finaly got some time to report  an issue with iSCSILogicalUnit and

scsi_id  ( https://github.com/ClusterLabs/resource-agents/issues/1463
).


The  issue was observed a while ago on RHEL 7.5 and SLES 12 SP4.

Do you know if any change was made to:
A)  Either make 'scsi_id'  a mandatory option
B)  When 'scsi_id' is   not provided by the admin,  a random one is

picked (permanently)


If not, then the github issue is relevant.

Sadly, my exam (EX436) is on monday and I can't test it before that.

Best Rregards,
Strahil Nikolov
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Thanks for the reply, Oyvind

In an environment with naming convention that allows globally non-unique  
resource names - this could cause the behaviour I have described in github (2 
clusters,  2 separate luns,  client's multipath aggregates them in 1 lun with 4 
paths).

Do you think that a better approach will be to  mark 'scsi_id' as mandatory 
option (of course  we can bypass with  'pcs  --force') or  we should randomly 
set one on resource creation if the value is not defined ?
Of course  ,  the algorithm can get a little modification  - a random seed  for 
example.

The second & third  options will be harder  to implement as we got both pcs  & 
crmsh actively used among distributions,  but will add some 'dummy proofness'. For me 
the first option is easiest to implement.

Adding info about it in metadata might be the best way to go.

Making it mandatory might annoy users who use Ansible or other
solutions to setup having to change their Playbooks to set it.



Best Regards,
Strahil Nikolov



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.5.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.5.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.5.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - iSCSILogicalUnit: fix default value for OCF_RESKEY_liot_bstype
 - aws-vpc-move-ip: add parameter for role to use to query/update route table
 - Filesystem: add trigger_udev_rules_if_need() for -U, -L, or /dev/xxx device
 - Filesystem: refresh UUID in the start phase
 - IPaddr2: add noprefixroute parameter
 - IPaddr2: add info to metadata that ipt_CLUSTERIP "iptables" extension is not 
"nft" backend compatible, and iptables-legacy support for distros that still support it
 - IPsrcaddr: replace local rule if using local table, and set src back to 
primary for device on stop
 - IPsrcaddr: fix failure during probe when using destination/table parameters
 - LVM-activate: add OCF_CHECK_LEVEL 10 check that can be enabled to verify vg or lv 
validity with an additional "read 1 byte" test in special cases like iSCSI SAN
 - MailTo: fix variable expansion
 - SAPInstance: clear the $DIR_EXECUTABLE variable so we catch the situation 
when we lose the directory with binaries after first sapinstance_init invokation
 - aliyun-vpc-move-ip: add support for both 'go' and 'python' versions of 
Aliyun CLI, and auto-detect which to use by default
 - apache: use get_release_id() to detect OS/distro, and fix LOAD_STATUS_MODULE 
issue
 - azure-lb set socat to default on SUSE distributions.
 - exportfs: allow multiple exports of same directory
 - iSCSILogicalUnit: add liot_bstype to handle block/fileio for targetcli, and 
change behavior of lio-t with portals which do not use 0.0.0.0
 - ldirectord: support sched-flags
 - lvmlockd: fix for LVM2 v2.03+ removing lvmetad
 - mysql-common: return correct rc during start-action
 - oralsnr: allow using the same tns_admin directory for different listeners
 - pgsql: Support for PostgreSQL 12
 - podman: improve the code for checking if an image exists
 - rabbitmq-cluster: ensure we delete nodename if stop action fails
 - redis: validate_all: fix file status tests
 - spec: add missing requirement (lsb-release)

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.5.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] iSCSILogicalUnit - scsi_id and multiple clusters

[Oyvind Albrigtsen]

Hi Strahil,

It seems like it tries to set one based on the resource name, and from
a quick check it seems like it also did on RHEL 7.5.

https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/iSCSILogicalUnit.in#L57


Oyvind

On 05/03/20 23:15 +0200, Strahil Nikolov wrote:

Hey Community,

I finaly got some time to report  an issue with iSCSILogicalUnit and scsi_id  ( 
https://github.com/ClusterLabs/resource-agents/issues/1463 ).

The  issue was observed a while ago on RHEL 7.5 and SLES 12 SP4.

Do you know if any change was made to:
A)  Either make 'scsi_id'  a mandatory option
B)  When 'scsi_id' is   not provided by the admin,  a random one is picked 
(permanently)

If not, then the github issue is relevant.

Sadly, my exam (EX436) is on monday and I can't test it before that.

Best Rregards,
Strahil Nikolov
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.5.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.5.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.5.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - Filesystem: add trigger_udev_rules_if_need() for -U, -L, or /dev/xxx device
 - Filesystem: refresh UUID in the start phase
 - IPaddr2: add noprefixroute parameter
 - IPaddr2: add info to metadata that ipt_CLUSTERIP "iptables" extension is not 
"nft" backend compatible, and iptables-legacy support for distros that still support it
 - IPsrcaddr: replace local rule if using local table, and set src back to 
primary for device on stop
 - IPsrcaddr: fix failure during probe when using destination/table parameters
 - LVM-activate: add OCF_CHECK_LEVEL 10 check that can be enabled to verify vg or lv 
validity with an additional "read 1 byte" test in special cases like iSCSI SAN
 - MailTo: fix variable expansion
 - SAPInstance: clear the $DIR_EXECUTABLE variable so we catch the situation 
when we lose the directory with binaries after first sapinstance_init invokation
 - aliyun-vpc-move-ip: add support for both 'go' and 'python' versions of 
Aliyun CLI, and auto-detect which to use by default
 - apache: use get_release_id() to detect OS/distro, and fix LOAD_STATUS_MODULE 
issue
 - azure-lb set socat to default on SUSE distributions.
 - exportfs: allow multiple exports of same directory
 - iSCSILogicalUnit: add liot_bstype to handle block/fileio for targetcli, and 
change behavior of lio-t with portals which do not use 0.0.0.0
 - ldirectord: support sched-flags
 - lvmlockd: fix for LVM2 v2.03+ removing lvmetad
 - mysql-common: return correct rc during start-action
 - oralsnr: allow using the same tns_admin directory for different listeners
 - pgsql: Support for PostgreSQL 12
 - podman: improve the code for checking if an image exists
 - rabbitmq-cluster: ensure we delete nodename if stop action fails
 - redis: validate_all: fix file status tests
 - spec: add missing requirement (lsb-release)

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.5.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] fence-virt v1.0.0

[Oyvind Albrigtsen]

On 25/02/20 15:59 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v1.0.0.

Correction: fence-virt


The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v1.0.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
- build: try to detect initscripts directory
- fence_virtd: accept SIGTERM while waiting for initialization
- fence_virtd: add manpages to service file

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.9.0...v1.0.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-virt v1.0.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v1.0.0.

The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v1.0.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: try to detect initscripts directory
 - fence_virtd: accept SIGTERM while waiting for initialization
 - fence_virtd: add manpages to service file

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.9.0...v1.0.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.5.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.5.0:
4.5.0-rc1: February 27.
4.5.0: March 5.

PostgreSQL 12 support has been added to the pgsql agent, so make sure
to give it some additional testing with v12 and older versions to
ensure it's working correctly.

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 105 issues and 54 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] fence-virt v0.9.0

[Oyvind Albrigtsen]

There's also been added a spec-file and RPM build targets for
RPM-based distros, so give it a shot and create a Pull Request or
Issue on GitHub if Requires/BuildRequires or similar needs to be
updated for a distro.

On 21/11/19 13:00 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v0.9.0, which is the
last pre-1.0 release.

The entire build system has been reworked with automake/libtool, so
give it some additional testing before upgrading distro packages.

The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v0.9.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
- build: rework build system to use automake/libtool
- fence-virt: add vsock support
- fence_virt: rename challenge functions
- fence_virt: dont report success for incorrect parameters
- fence_virt: mcast: config: warn when provided mcast addr is not used
- fence_virtd: fix segfault in vl_get when no domains are found
- fence_virtd: fix transposed arguments in startup message
- fence_virtd: return control to main loop on select interruption

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.4.0...v0.9.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-virt v0.9.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v0.9.0, which is the
last pre-1.0 release.

The entire build system has been reworked with automake/libtool, so
give it some additional testing before upgrading distro packages.

The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v0.9.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: rework build system to use automake/libtool
 - fence-virt: add vsock support
 - fence_virt: rename challenge functions
 - fence_virt: dont report success for incorrect parameters
 - fence_virt: mcast: config: warn when provided mcast addr is not used
 - fence_virtd: fix segfault in vl_get when no domains are found
 - fence_virtd: fix transposed arguments in startup message
 - fence_virtd: return control to main loop on select interruption

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.4.0...v0.9.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.5.2

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.5.2, which is a
bugfix release for v4.5.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.5.2

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_compute: disable service after force-down to avoid issues w/OSP16+
 - fence_rhevm: added cookie file management
 - fence_vmware_rest: improve logging
 - spec: add openstack subpackage

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.4.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.4.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.4.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - NodeUtilization: fix Xen detection and improve logging
 - All RA: Use _default variables for all parameters
 - Build: improvements and fixes to make "make rpm" work on all archs in CI
 - CTDB: add support for v4.9+
 - Delay: protect grep regex argument from shell globbing
 - Filesystem: don't call readlink on path if it doesnt exist
 - Filesystem: fix to avoid killing all root user processeswhen bind mounting a 
directory on /
 - Filesystem: improve "/" check for bind mounts
 - IPaddr2: fix to work properly with unsanitized IPv6 addresses
 - IPsrcaddr: add destination and table parameters
 - LVM-activate: add partial-activation support
 - LVM-activate: fix monitor might hang due to lvm_validate, which was added by 
accident
 - LVM-activate: move pvscan --cache to validate
 - Route: dont fence node when parameters arent set
 - apache: check if SUSE binaries are executable
 - apache: fix to also detect mod_status.so when it is a symlink
 - apache: improve PidFile pattern to support multiple instances
 - apache: load status module on SUSE distros
 - aws-vpc-route53: improved API error handling and fix to avoid race-condition 
during probe
 - aws-vpc-route53: replace ec2metada with curl to fetch the IP address 
directly from EC2 metadata
 - azure-lb: add support for using socat instead of nc
 - docker: improve the check for the docker daemon being up
 - exportfs: doc clarification for clientspec format
 - gcp-pd-move: add stackdriver_logging parameter
 - iSCSILogicalUnit: only create acls if it doesnt exist
 - mysql/mariadb/galera: use runuser/su to avoid using SELinux DAC_OVERRIDE
 - mysql: add support for SSL replication
 - nfsserver: performance improvements for systemd enabled systems
 - ora-common: fix to fail when sid parameter is invalid
 - podman: generate drop-in dependencies for podman containers
 - podman: only use exec to manage container's lifecycle
 - rabbitmq-cluster: also restore users/perms/policies when starting in single 
node mode
 - redis: fix master_is_active() erroneously reporting there is master when 
there is not (fixes issue #1399)
 - redis: use optimal password passing method and warning filtering workaround

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.4.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.4.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.4.0 rc1.
Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.4.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - All RA: Use _default variables for all parameters
 - Build: improvements and fixes to make "make rpm" work on all archs in CI
 - CTDB: add support for v4.9+
 - Delay: protect grep regex argument from shell globbing
 - Filesystem: don't call readlink on path if it doesnt exist
 - Filesystem: fix to avoid killing all root user processeswhen bind mounting a 
directory on /
 - Filesystem: improve "/" check for bind mounts
 - IPaddr2: fix to work properly with unsanitized IPv6 addresses
 - IPsrcaddr: add destination and table parameters
 - LVM-activate: add partial-activation support
 - LVM-activate: fix monitor might hang due to lvm_validate, which was added by 
accident
 - LVM-activate: move pvscan --cache to validate
 - Route: dont fence node when parameters arent set
 - apache: check if SUSE binaries are executable
 - apache: fix to also detect mod_status.so when it is a symlink
 - apache: improve PidFile pattern to support multiple instances
 - apache: load status module on SUSE distros
 - aws-vpc-route53: improved API error handling and fix to avoid race-condition 
during probe
 - aws-vpc-route53: replace ec2metada with curl to fetch the IP address 
directly from EC2 metadata
 - azure-lb: add support for using socat instead of nc
 - docker: improve the check for the docker daemon being up
 - exportfs: doc clarification for clientspec format
 - gcp-pd-move: add stackdriver_logging parameter
 - iSCSILogicalUnit: only create acls if it doesnt exist
 - mysql/mariadb/galera: use runuser/su to avoid using SELinux DAC_OVERRIDE
 - mysql: add support for SSL replication
 - nfsserver: performance improvements for systemd enabled systems
 - ora-common: fix to fail when sid parameter is invalid
 - podman: generate drop-in dependencies for podman containers
 - podman: only use exec to manage container's lifecycle
 - rabbitmq-cluster: also restore users/perms/policies when starting in single 
node mode
 - redis: fix master_is_active() erroneously reporting there is master when 
there is not (fixes issue #1399)
 - redis: use optimal password passing method and warning filtering workaround

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.4.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Where is the syntax for parameter types?

[Oyvind Albrigtsen]

On 16/10/19 10:53 +0200, Ulrich Windl wrote:

Hi!

I just discovered an interesting problem with my own RA that allows a boolean 
parameter:
Where is the exact syntax for "boolean" defined, and who's responsible for 
checking it? The RA or (e.g.) crm?
The concrete problem is that my RA expected the boolean parameter to be either '0' or 
'1', but crm shell was happy with the value "true".
So where is the document describing the parameter types' syntax, and who is 
responsible for checking that? RA's validate-all?

This is done by the validate-all action for the RA.

Sounds like the agent should use "ocf_is_true" instead of checking
against a specific value.

Feel free to create a pull request or issue on
https://github.com/ClusterLabs/resource-agents.


Oyvind


Regards,
Ulrich


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.4.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.4.0:
4.4.0-rc1: October 16.
4.4.0: October 23.

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 105 issues and 54 pull
requests still open.


Cheers,
Oyvind Albrigtsen
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.5.1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.5.1, which is a
bugfix release for v4.5.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.5.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_mpath/fence_openstack: fix fail_usage() issue and a couple of other 
minor issues w/the newly added plug/port parameter

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.5.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.5.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.5.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - CI: add spec-file and improve build rules for "make rpm"
 - CI: improve metadata xml-check/xml-upload dependencies
 - fence_aliyun: add ram role support and region provider for private zone 
functionality
 - fence_apc_snmp: add Tripplite WEBCARDLX PDU support
 - fence_compute: change region_name type from boolean to string
 - fence_ilo_ssh*: add timeout warning to metadata/manpage
 - fence_mpath: return correct return code to watchdog daemon
 - fence_mpath: use -n/--plug/port parameter to be able to use pcmk_host_map
 - fence_openstack: use -n/--plug/port parameter to be able to use pcmk_host_map
 - fence_raritan: changed encoding for telnet connection to latin1
 - fence_sbd: add support for errors reported to stderr
 - fence_scsi watchdog: dont exit when command fails using retry parameter
 - fence_vmware_rest: fixed KeyError issue with SUSPENDED VMs
 - fence_zvmip: fix Python 3 issues
 - fencing: add more manpage formatting strings to filter out for 
metadata-action

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.4.0...v4.5.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Increasing fence timeout

[Oyvind Albrigtsen]

You should be able to increase this timeout by running:
pcs stonith update  shell_timeout=10

Oyvind

On 08/08/19 12:13 -0600, Casey & Gina wrote:

Hi, I'm currently running into periodic premature killing of nodes due to the 
fence monitor timeout being set to 5 seconds.  Here is an example message from 
the logs:

fence_vmware_rest[22334] stderr: [ Exception: Operation timed out after 5001 
milliseconds with 0 bytes received ]

How can I increase this timeout using PCS?

Thank you,
--
Casey
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Resource won't start, crm_resource -Y does not help

[Oyvind Albrigtsen]

Sounds like your RA returns e.g. OCF_ERR_ARGS or similar where it
shouldnt.

Try starting the resource with crm_resource and add -VV which should
show you the code as it's being run.

On 22/07/19 13:55 +0200, Ulrich Windl wrote:

Hi!

Playing with some new RA that won't start, I found this in crm_resource's man:
  -Y, --why
 Show why resources  are  not  running,  optionally  filtered  by
 --resource and/or --node

When I tried it, all I got was:
# crm_resource -r prm_idredir_test -Y
Resource prm_idredir_test is not running

8-( Not quite what I expected. ANothger command gave me:

prm_idredir_test_start_0 on h02 'invalid parameter' (2): call=76, 
status=complete, exitreason='', last-rc-change='Mon Jul 22 13:06:45 2019', 
queued=0ms, exec=27ms

Unfortunately the last resource cleanup was significantly_after_ the time 
logged above, and it seems the CRM did not even tre-try to start the RA.

Could this be a bug in SLES12 SP4 
(pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1.x86_64)?

Regards,
Ulrich



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.3.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.3.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.3.0

The most significant enhancements in this release are:
- new resource agents:
 - dovecot
 - vdo-vol

- bugfixes and enhancements:
 - Filesystem: remove removed notify-action from metadata
 - Build: improve to be able to build and install on RHEL 6
 - CTDB: add ctdb_max_open_files parameter
 - CTDB: fix version string with vendor trailer comparison
 - Filesystem: Fix missing mount point due to corrupted mount list
 - Filesystem: fix umount not executed in the event of a disk failure
 - IPaddr2: add network namespace support
 - IPsrcaddr: make proto optional to fix regression when used without 
NetworkManager
 - LVM-activate: align dmsetup report command to standard
 - LVM-activate: dont count "No devices" as device in dm_count
 - LVM-activate: dont fail initial probe
 - LVM-activate: make vgname not uniqe
 - LVM-activate: only check locking_type when LVM < v2.03
 - LVM-activate: return OCF_NOT_RUNNING on initial probe
 - LVM: return $OCF_ERR_GENERIC when start fails
 - Maint: introduce optional spellchecking for {short,long}desc (make 
spellcheck)
 - Route: make family parameter optional
 - SAPDatabase: metadata: add HANA usage example and improved the Monitor 
Services defaults documentation
 - Squid: fix PID file issue w/newer Squid versions
 - aws-vpc-move-ip: add support for multiple network interfaces
 - aws-vpc-move-ip: add support for multiple routing tables
 - aws-vpc-move-ip: get NETWORK_INTERFACE_ID from metadata instead of using 
awscli
 - aws-vpc-move-ip: improve MAC address detection
 - aws-vpc-move-ip: use --query to avoid possible race condition w/old grep 
implementation
 - azure-events: fix implicit bytes conversion that breaks Python 3
 - clvm: support exclusive mode
 - configure: add Python library detection
 - dhcpd: keep SELinux context when copying to chroot
 - docker: fail gracefully when command not found
 - docker: use --type=container to avoid matches from other types
 - ethmonitor: check if interface exists by link
 - galera: Allow empty password for "check_passwd" parameter
 - galera: Log message when changing content of grastate.dat file
 - galera: ignore safe_to_bootstrap in grastate.dat in some cases
 - gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue
 - lxc: add support for lxc-stop
 - named: add host_options parameter
 - ocf-distro: add regex for RedHat version
 - ocf.py: add support for role argument to actions
 - ocf: do not log at debug log level when HA_debug is unset (e.g. w/Pacemaker 
remote)
 - openstack*: add support for re-attaching volumes, v3 API
 - pgsql: enhance checks in pgsql_real_start to prevent incorrect status
 - pgsql: set initial score for primary and hot standby in probe
 - podman: avoid double call to podman inspect
 - ra-dev-guide: correct notify action documentation
 - rabbitmq-cluster: always use quiet flag for eval calls
 - rabbitmq-cluster: debug log detailed output when mnesia query fails
 - rabbitmq-cluster: ensure node attributes are removed
 - rabbitmq-cluster: fix regression in rmq_stop
 - redis: Filter warning from stderr when calling 'redis-cli -a'
 - tomcat: use systemd on RHEL when catalina.sh is unavailable
 - vsftpd: fix missing $ on invalid exit code detected by CI

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.3.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents v4.3.0 rc1

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.3.0 rc1.
Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.3.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - dovecot
 - vdo-vol

- bugfixes and enhancements:
 - Build: improve to be able to build and install on RHEL 6
 - CTDB: add ctdb_max_open_files parameter
 - CTDB: fix version string with vendor trailer comparison
 - Filesystem: Fix missing mount point due to corrupted mount list
 - Filesystem: fix umount not executed in the event of a disk failure
 - IPaddr2: add network namespace support
 - IPsrcaddr: make proto optional to fix regression when used without 
NetworkManager
 - LVM-activate: align dmsetup report command to standard
 - LVM-activate: dont count "No devices" as device in dm_count
 - LVM-activate: dont fail initial probe
 - LVM-activate: make vgname not uniqe
 - LVM-activate: only check locking_type when LVM < v2.03
 - LVM-activate: return OCF_NOT_RUNNING on initial probe
 - LVM: return $OCF_ERR_GENERIC when start fails
 - Maint: introduce optional spellchecking for {short,long}desc (make 
spellcheck)
 - Route: make family parameter optional
 - SAPDatabase: metadata: add HANA usage example and improved the Monitor 
Services defaults documentation
 - Squid: fix PID file issue w/newer Squid versions
 - aws-vpc-move-ip: add support for multiple network interfaces
 - aws-vpc-move-ip: add support for multiple routing tables
 - aws-vpc-move-ip: get NETWORK_INTERFACE_ID from metadata instead of using 
awscli
 - aws-vpc-move-ip: improve MAC address detection
 - aws-vpc-move-ip: use --query to avoid possible race condition w/old grep 
implementation
 - azure-events: fix implicit bytes conversion that breaks Python 3
 - clvm: support exclusive mode
 - configure: add Python library detection
 - dhcpd: keep SELinux context when copying to chroot
 - docker: fail gracefully when command not found
 - docker: use --type=container to avoid matches from other types
 - ethmonitor: check if interface exists by link
 - galera: Allow empty password for "check_passwd" parameter
 - galera: Log message when changing content of grastate.dat file
 - galera: ignore safe_to_bootstrap in grastate.dat in some cases
 - gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue
 - lxc: add support for lxc-stop
 - named: add host_options parameter
 - ocf-distro: add regex for RedHat version
 - ocf.py: add support for role argument to actions
 - ocf: do not log at debug log level when HA_debug is unset (e.g. w/Pacemaker 
remote)
 - openstack*: add support for re-attaching volumes, v3 API
 - pgsql: enhance checks in pgsql_real_start to prevent incorrect status
 - pgsql: set initial score for primary and hot standby in probe
 - podman: avoid double call to podman inspect
 - ra-dev-guide: correct notify action documentation
 - rabbitmq-cluster: always use quiet flag for eval calls
 - rabbitmq-cluster: debug log detailed output when mnesia query fails
 - rabbitmq-cluster: ensure node attributes are removed
 - rabbitmq-cluster: fix regression in rmq_stop
 - redis: Filter warning from stderr when calling 'redis-cli -a'
 - tomcat: use systemd on RHEL when catalina.sh is unavailable
 - vsftpd: fix missing $ on invalid exit code detected by CI

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.3.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] [ClusterLabs Developers] announcement: schedule for resource-agents release 4.3.0

[Oyvind Albrigtsen]

Thanks for pointing them out. I've now reviewed them, so they should
make it for this release.

Oyvind Albrigtsen

On 05/06/19 11:27 +0900, 中平 和友 wrote:

Hi,

I have opened 2 pull requests about Filesystem and pgsql RA.
But there was no response.

https://github.com/ClusterLabs/resource-agents/pull/1337
https://github.com/ClusterLabs/resource-agents/pull/1277

What should I do to get these pull requests merged?

And my colleagues make 2 pull requests about Filesystem and pgsql RA.

https://github.com/ClusterLabs/resource-agents/pull/1332
https://github.com/ClusterLabs/resource-agents/pull/1327

These problem affects my customers and we need to fix.

Please tell me what we can cooperate with the next release.

Best regards,
Kazutomo Nakahira

On 2019/06/03 21:07, Oyvind Albrigtsen wrote:

Hi,

This is a tentative schedule for resource-agents v4.3.0:
4.3.0-rc1: June 14.
4.3.0: June 21.

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 101 issues and 60 pull
requests still open.


Cheers,
Oyvind Albrigtsen
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] fence-agents v4.4.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.4.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.4.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_redfish

- bugfixes and enhancements:
 - fence_azure_arm: use skip_shutdown feature when available
 - fence_gce: fix Python 3 encoding issue
 - fence_ipmilan: add ipmitool_timeout parameter
 - fence_mpath: import ctypes to fix watchdog hardreboot
 - fence_pve: add support for sending reset command to qemu machines
 - fence_rhevm: fixed encoding issue that made agent unable to fence
 - fence_rhevm: add RHEV v4 API support and auto-detection
 - fence_scsi: add watchdog retries support
 - fence_scsi: detect node ID using new format, and fallback to old format 
before failing
 - fencing: improve stdin parse function to not fail if numbers or time 
parameters are in quotes

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.3.3...v4.4.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] announcement: schedule for resource-agents release 4.3.0

[Oyvind Albrigtsen]

Hi,

This is a tentative schedule for resource-agents v4.3.0:
4.3.0-rc1: June 14.
4.3.0: June 21.

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 101 issues and 60 pull
requests still open.


Cheers,
Oyvind Albrigtsen
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] How to submit feature/enhancement for fence-agents

[Oyvind Albrigtsen]

You can create a bz at https://bugzilla.redhat.com/ or an issue at
https://github.com/ClusterLabs/fence-agents to request this feature.


Oyvind Albrigtsen

On 07/05/19 09:03 -0500, Scott L Fields wrote:

What is the correct process to request a feature/enhancement for
fence-agents?

I'm expressly wanting to request that the "fence_vmware_soap" agent
support SSO(single sign on) certs as an alternative to user/passwords.





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] fence_azure_arm flooding syslog

[Oyvind Albrigtsen]

That's weird. I initially tested it in US East 2.

I'd check that the packages/versions for python-azure-sdk,
python-msrest, python-msrestazure, python-keyring, etc are the same
on your nodes in Europe vs US locations.

If they are the same you could create a support ticket on Azure to
ask if there's been any changes to the API in the US, or if they can
see what's causing it to fail in the US location and not in Europe.

On 12/02/19 17:37 +0100, Thomas Berreis wrote:

Network fencing is working correctly therefore credentials should be fine.
Maybe there are differences between Azure Cloud in Europe and US because I
get these errors only with our clusters in US Central and US East 2 but not
in Europe West and North. Any hint?

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Dienstag, 12. Februar 2019 09:51
To: Cluster Labs - All topics related to open-source clustering welcomed

Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

At least that limits what the issue could be.

I'd check if the credentials allows getting and setting
network-settings:
https://github.com/ClusterLabs/fence-agents/blob/master/agents/azure_arm/fen
ce_azure_arm.py#L204

On 11/02/19 16:46 +0100, Thomas Berreis wrote:

Hi Oyvind,

Debug mode doesn't help me. The error occurs after successfully getting
Bearer token. No other issues are shown:

DEBUG:requests_oauthlib.oauth2_session:Invoking 0 token response hooks.
2019-02-11 15:27:12,687 DEBUG: Invoking 0 token response hooks.
DEBUG:requests_oauthlib.oauth2_session:Obtained token {u'resource':
u'https://management.core.windows.net/', u'access_token': ***',
u'ext_expires_in': u'3599', u'expires_in': u'3599', u'expires_at':
1549902431.687557, u'token_type': u'Bearer', u'not_before':
u'1549898532',
u'expires_on': u'1549902432'}.
2019-02-11 15:27:12,687 DEBUG: Obtained token {u'resource':
u'https://management.core.windows.net/', u'access_token': u'***',
u'ext_expires_in': u'3599', u'expires_in': u'3599', u'expires_at':
1549902431.687557, u'token_type': u'Bearer', u'not_before':
u'1549898532',
u'expires_on': u'1549902432'}.
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available. Install the keyrings.alt package
if you want to use the non-recommended backends. See README.rst for

details.

2019-02-11 15:27:12,687 WARNING: Keyring cache token has failed: No
recommended backend was available. Install the keyrings.alt package if
you want to use the non-recommended backends. See README.rst for details.
DEBUG:requests_oauthlib.oauth2_session:Encoding `client_id` "***" with
`client_secret` as Basic auth credentials.
2019-02-11 15:27:12,727 DEBUG: Encoding `client_id` "***" with
`client_secret` as Basic auth credentials.
DEBUG:requests_oauthlib.oauth2_session:Requesting url
https://login.microsoftonline.com/***/oauth2/token using method POST.
2019-02-11 15:27:12,727 DEBUG: Requesting url
https://login.microsoftonline.com/***/oauth2/token using method POST.

2019-02-11 15:27:13,072 DEBUG: Obtained token {u'resource':
u'https://management.core.windows.net/', u'access_token': u'e***w',
u'ext_expires_in': u'3600', u'expires_in': u'3600', u'expires_at':
1549902433.072768, u'token_type': u'Bearer', u'not_before':
u'1549898533',
u'expires_on': u'1549902433'}.
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available. Install the keyrings.alt package
if you want to use the non-recommended backends. See README.rst for

details.

2019-02-11 15:27:13,073 WARNING: Keyring cache token has failed: No
recommended backend was available. Install the keyrings.alt package if
you want to use the non-recommended backends. See README.rst for details.
INFO:root:getting power status for VM node01

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Montag, 11. Februar 2019 14:58
To: Cluster Labs - All topics related to open-source clustering
welcomed 
Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

You can try adding verbose=1 and see if that gives you some more
details on where it's failing.

On 11/02/19 14:47 +0100, Thomas Berreis wrote:

We need this feature because shutdown / reboot takes too much time ( >
5
min) and network fencing fences the virtual machine much faster ( < 5

sec).

We finished all the required steps and network fencing works as
expected but I'm still confused about these errors in the log and the
failure counts showed by pcs ...

fence_azure_arm: Keyring cache token has failed: No recommended
backend was available. Install the keyrings.alt package if you want to
use the non-recommended backends. See README.rst for details.

stonith-ng[7789]: warning: fence_azure_arm[7896] stderr: [ 2019-02-11
13:41:19,178 WARNING: Keyring cache token has failed: No recommended
backend was available. Install the k

Re: [ClusterLabs] fence_azure_arm flooding syslog

[Oyvind Albrigtsen]

At least that limits what the issue could be.

I'd check if the credentials allows getting and setting
network-settings:
https://github.com/ClusterLabs/fence-agents/blob/master/agents/azure_arm/fence_azure_arm.py#L204

On 11/02/19 16:46 +0100, Thomas Berreis wrote:

Hi Oyvind,

Debug mode doesn't help me. The error occurs after successfully getting
Bearer token. No other issues are shown:

DEBUG:requests_oauthlib.oauth2_session:Invoking 0 token response hooks.
2019-02-11 15:27:12,687 DEBUG: Invoking 0 token response hooks.
DEBUG:requests_oauthlib.oauth2_session:Obtained token {u'resource':
u'https://management.core.windows.net/', u'access_token': ***',
u'ext_expires_in': u'3599', u'expires_in': u'3599', u'expires_at':
1549902431.687557, u'token_type': u'Bearer', u'not_before': u'1549898532',
u'expires_on': u'1549902432'}.
2019-02-11 15:27:12,687 DEBUG: Obtained token {u'resource':
u'https://management.core.windows.net/', u'access_token': u'***',
u'ext_expires_in': u'3599', u'expires_in': u'3599', u'expires_at':
1549902431.687557, u'token_type': u'Bearer', u'not_before': u'1549898532',
u'expires_on': u'1549902432'}.
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available. Install the keyrings.alt package if
you want to use the non-recommended backends. See README.rst for details.
2019-02-11 15:27:12,687 WARNING: Keyring cache token has failed: No
recommended backend was available. Install the keyrings.alt package if you
want to use the non-recommended backends. See README.rst for details.
DEBUG:requests_oauthlib.oauth2_session:Encoding `client_id` "***" with
`client_secret` as Basic auth credentials.
2019-02-11 15:27:12,727 DEBUG: Encoding `client_id` "***" with
`client_secret` as Basic auth credentials.
DEBUG:requests_oauthlib.oauth2_session:Requesting url
https://login.microsoftonline.com/***/oauth2/token using method POST.
2019-02-11 15:27:12,727 DEBUG: Requesting url
https://login.microsoftonline.com/***/oauth2/token using method POST.

2019-02-11 15:27:13,072 DEBUG: Obtained token {u'resource':
u'https://management.core.windows.net/', u'access_token': u'e***w',
u'ext_expires_in': u'3600', u'expires_in': u'3600', u'expires_at':
1549902433.072768, u'token_type': u'Bearer', u'not_before': u'1549898533',
u'expires_on': u'1549902433'}.
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available. Install the keyrings.alt package if
you want to use the non-recommended backends. See README.rst for details.
2019-02-11 15:27:13,073 WARNING: Keyring cache token has failed: No
recommended backend was available. Install the keyrings.alt package if you
want to use the non-recommended backends. See README.rst for details.
INFO:root:getting power status for VM node01

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Montag, 11. Februar 2019 14:58
To: Cluster Labs - All topics related to open-source clustering welcomed

Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

You can try adding verbose=1 and see if that gives you some more details on
where it's failing.

On 11/02/19 14:47 +0100, Thomas Berreis wrote:

We need this feature because shutdown / reboot takes too much time ( >
5
min) and network fencing fences the virtual machine much faster ( < 5 sec).
We finished all the required steps and network fencing works as
expected but I'm still confused about these errors in the log and the
failure counts showed by pcs ...

fence_azure_arm: Keyring cache token has failed: No recommended backend
was available. Install the keyrings.alt package if you want to use the
non-recommended backends. See README.rst for details.

stonith-ng[7789]: warning: fence_azure_arm[7896] stderr: [ 2019-02-11
13:41:19,178 WARNING: Keyring cache token has failed: No recommended
backend was available. Install the keyrings.alt package if you want to
use the non-recommended backends. See README.rst for details. ]

stonith-net_monitor_6 on node02 'unknown error' (1): call=369,
status=Timed Out, exitreason='', last-rc-change='Mon Feb 11 10:38:02
2019', queued=0ms, exec=20007ms

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Montag, 11. Februar 2019 13:58
To: Cluster Labs - All topics related to open-source clustering
welcomed 
Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

Oh. Thanks for clarifying.

Network-fencing requires extra setup as explained if you run "pcs
stonith resource describe fence_azure_arm".

You probably dont need network-fencing, so you can just skip that part.

On 11/02/19 13:50 +0100, Thomas Berreis wrote:

It seems like the issue might be the space in "pcmk_host_list= node01".

Sorry, this typo was only in my mail because I anonymized in- and output.

The issue only oc

Re: [ClusterLabs] fence_azure_arm flooding syslog

[Oyvind Albrigtsen]

You can try adding verbose=1 and see if that gives you some more
details on where it's failing.

On 11/02/19 14:47 +0100, Thomas Berreis wrote:

We need this feature because shutdown / reboot takes too much time ( > 5
min) and network fencing fences the virtual machine much faster ( < 5 sec).
We finished all the required steps and network fencing works as expected but
I'm still confused about these errors in the log and the failure counts
showed by pcs ...

fence_azure_arm: Keyring cache token has failed: No recommended backend was
available. Install the keyrings.alt package if you want to use the
non-recommended backends. See README.rst for details.

stonith-ng[7789]: warning: fence_azure_arm[7896] stderr: [ 2019-02-11
13:41:19,178 WARNING: Keyring cache token has failed: No recommended backend
was available. Install the keyrings.alt package if you want to use the
non-recommended backends. See README.rst for details. ]

stonith-net_monitor_6 on node02 'unknown error' (1): call=369,
status=Timed Out, exitreason='', last-rc-change='Mon Feb 11 10:38:02 2019',
queued=0ms, exec=20007ms

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Montag, 11. Februar 2019 13:58
To: Cluster Labs - All topics related to open-source clustering welcomed

Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

Oh. Thanks for clarifying.

Network-fencing requires extra setup as explained if you run "pcs stonith
resource describe fence_azure_arm".

You probably dont need network-fencing, so you can just skip that part.

On 11/02/19 13:50 +0100, Thomas Berreis wrote:

It seems like the issue might be the space in "pcmk_host_list= node01".

Sorry, this typo was only in my mail because I anonymized in- and output.

The issue only occurs when I add the parameter "network-fencing=on".

WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available. Install the keyrings.alt package
if you want to use the non-recommended backends. See README.rst for

details.

2019-02-11 12:29:37,079 WARNING: Keyring cache token has failed: No
recommended backend was available. Install the keyrings.alt package if
you want to use the non-recommended backends. See README.rst for details.


Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Montag, 11. Februar 2019 10:38
To: Cluster Labs - All topics related to open-source clustering
welcomed 
Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

pcmk_host_list is used by Pacemaker to limit which hosts can be fenced
by the STONITH device, so you'll have to use the plug parameter for

testing.

Pacemaker uses it internally when it fences a host, so you wouldnt use
plug= as part of the pcs stonith create command.

It seems like the issue might be the space in "pcmk_host_list= node01".

Oyvind

On 10/02/19 14:43 +0100, Thomas Berreis wrote:

Hi Oyvind,

Seems, option "pcmk_host_list" is not supported by fence_azure_arm.
Instead fence_azure_arm requires "plug" and however this is not
supported

by pcs.

What's the correct syntax to add such a stonith device with

fence_azure_arm?


[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
pcmk_host_list= node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***
WARNING:root:Parse error: Ignoring unknown option 'pcmk_host_list= node01'

ERROR:root:Failed: You have to enter plug number or machine
identification

2019-02-10 12:54:51,862 ERROR: Failed: You have to enter plug number
or machine identification

--

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
pcmk_host_list= node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***
plug=node01
WARNING:root:Parse error: Ignoring unknown option 'pcmk_host_list= node01'

WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available.
2019-02-10 12:56:30,377 WARNING: Keyring cache token has failed: No
recommended backend was available. Install th
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available.
2019-02-10 12:56:30,729 WARNING: Keyring cache token has failed: No
recommended backend was available. Install th
Success: Powered OFF

--

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
plug=node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***

Success: Powered OFF

--

[root ~]# pcs stonith create stonith-net fence_azure_arm [...]
plug=node01 network-fencing=on
Error: invalid stonith option 'plug'

[root ~]# fence_azure_arm -h
Usage:
   fence_azure_arm [options]
Options:
[...]
  -n, --plug=[id]Physical plug number on device, UUID or
identification of

Re: [ClusterLabs] fence_azure_arm flooding syslog

[Oyvind Albrigtsen]

Oh. Thanks for clarifying.

Network-fencing requires extra setup as explained if you run "pcs stonith
resource describe fence_azure_arm".

You probably dont need network-fencing, so you can just skip that
part.

On 11/02/19 13:50 +0100, Thomas Berreis wrote:

It seems like the issue might be the space in "pcmk_host_list= node01".

Sorry, this typo was only in my mail because I anonymized in- and output.

The issue only occurs when I add the parameter "network-fencing=on".

WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available. Install the keyrings.alt package if
you want to use the non-recommended backends. See README.rst for details.
2019-02-11 12:29:37,079 WARNING: Keyring cache token has failed: No
recommended backend was available. Install the keyrings.alt package if you
want to use the non-recommended backends. See README.rst for details.


Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Montag, 11. Februar 2019 10:38
To: Cluster Labs - All topics related to open-source clustering welcomed

Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

pcmk_host_list is used by Pacemaker to limit which hosts can be fenced by
the STONITH device, so you'll have to use the plug parameter for testing.
Pacemaker uses it internally when it fences a host, so you wouldnt use plug=
as part of the pcs stonith create command.

It seems like the issue might be the space in "pcmk_host_list= node01".

Oyvind

On 10/02/19 14:43 +0100, Thomas Berreis wrote:

Hi Oyvind,

Seems, option "pcmk_host_list" is not supported by fence_azure_arm.
Instead fence_azure_arm requires "plug" and however this is not supported

by pcs.

What's the correct syntax to add such a stonith device with

fence_azure_arm?


[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
pcmk_host_list= node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***
WARNING:root:Parse error: Ignoring unknown option 'pcmk_host_list= node01'

ERROR:root:Failed: You have to enter plug number or machine
identification

2019-02-10 12:54:51,862 ERROR: Failed: You have to enter plug number or
machine identification

--

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
pcmk_host_list= node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***
plug=node01
WARNING:root:Parse error: Ignoring unknown option 'pcmk_host_list= node01'

WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available.
2019-02-10 12:56:30,377 WARNING: Keyring cache token has failed: No
recommended backend was available. Install th
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available.
2019-02-10 12:56:30,729 WARNING: Keyring cache token has failed: No
recommended backend was available. Install th
Success: Powered OFF

--

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
plug=node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***

Success: Powered OFF

--

[root ~]# pcs stonith create stonith-net fence_azure_arm [...]
plug=node01 network-fencing=on
Error: invalid stonith option 'plug'

[root ~]# fence_azure_arm -h
Usage:
   fence_azure_arm [options]
Options:
[...]
  -n, --plug=[id]Physical plug number on device, UUID or
identification of machine


Thanks!

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Freitag, 8. Februar 2019 14:16
To: Cluster Labs - All topics related to open-source clustering
welcomed 
Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

Hi Thomas,

It looks like it's trying to use credentials from keyring, which
generates these error messages.

Maybe there's a typo in one of the authentitcation parameters in your
config. Can you post the output of "pcs stonith show --full"?

You can try running fence_azure_arm without parameters on the command
line and copy the parameters (one per line) to it, and add e.g.
action=status and end with Ctrl+D to see .


Oyvind

On 08/02/19 14:02 +0100, Thomas Berreis wrote:

Hi,



I'm having a two-node cluster in Azure with fencing enabled via module
fence_azure_arm.

The cluster management is flooding my syslog on both nodes with these
messages:



** fence_azure_arm: Keyring cache token has failed: No recommended
backend was available. Install the keyrings.alt package if you want to
use the non-recommended backends. See README.rst for details.



** stonith-ng[5220]: warning: fence_azure_arm[14847] stderr: [
2019-02-08
12:52:02,703 WARNING: Keyring cache token has failed: No recommended
backend was available. Install the keyrings.alt package if you want to
use the non-recom

Re: [ClusterLabs] fence_azure_arm flooding syslog

[Oyvind Albrigtsen]

pcmk_host_list is used by Pacemaker to limit which hosts can be fenced
by the STONITH device, so you'll have to use the plug parameter for
testing. Pacemaker uses it internally when it fences a host, so you
wouldnt use plug= as part of the pcs stonith create command.

It seems like the issue might be the space in "pcmk_host_list= node01".

Oyvind

On 10/02/19 14:43 +0100, Thomas Berreis wrote:

Hi Oyvind,

Seems, option "pcmk_host_list" is not supported by fence_azure_arm. Instead
fence_azure_arm requires "plug" and however this is not supported by pcs.
What's the correct syntax to add such a stonith device with fence_azure_arm?

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
pcmk_host_list= node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***
WARNING:root:Parse error: Ignoring unknown option 'pcmk_host_list= node01'

ERROR:root:Failed: You have to enter plug number or machine identification

2019-02-10 12:54:51,862 ERROR: Failed: You have to enter plug number or
machine identification

--

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
pcmk_host_list= node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***
plug=node01
WARNING:root:Parse error: Ignoring unknown option 'pcmk_host_list= node01'

WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available.
2019-02-10 12:56:30,377 WARNING: Keyring cache token has failed: No
recommended backend was available. Install th
WARNING:msrestazure.azure_active_directory:Keyring cache token has failed:
No recommended backend was available.
2019-02-10 12:56:30,729 WARNING: Keyring cache token has failed: No
recommended backend was available. Install th
Success: Powered OFF

--

[root ~]# fence_azure_arm
login=***
network-fencing=on
passwd=***
plug=node01
resourceGroup=***
retry_on=0
subscriptionId=***
tenantId=***

Success: Powered OFF

--

[root ~]# pcs stonith create stonith-net fence_azure_arm [...] plug=node01
network-fencing=on
Error: invalid stonith option 'plug'

[root ~]# fence_azure_arm -h
Usage:
   fence_azure_arm [options]
Options:
[...]
  -n, --plug=[id]Physical plug number on device, UUID or
identification of machine


Thanks!

Thomas

-Original Message-
From: Users [mailto:users-boun...@clusterlabs.org] On Behalf Of Oyvind
Albrigtsen
Sent: Freitag, 8. Februar 2019 14:16
To: Cluster Labs - All topics related to open-source clustering welcomed

Subject: Re: [ClusterLabs] fence_azure_arm flooding syslog

Hi Thomas,

It looks like it's trying to use credentials from keyring, which generates
these error messages.

Maybe there's a typo in one of the authentitcation parameters in your
config. Can you post the output of "pcs stonith show --full"?

You can try running fence_azure_arm without parameters on the command line
and copy the parameters (one per line) to it, and add e.g.
action=status and end with Ctrl+D to see .


Oyvind

On 08/02/19 14:02 +0100, Thomas Berreis wrote:

Hi,



I'm having a two-node cluster in Azure with fencing enabled via module
fence_azure_arm.

The cluster management is flooding my syslog on both nodes with these
messages:



** fence_azure_arm: Keyring cache token has failed: No recommended
backend was available. Install the keyrings.alt package if you want to
use the non-recommended backends. See README.rst for details.



** stonith-ng[5220]: warning: fence_azure_arm[14847] stderr: [
2019-02-08
12:52:02,703 WARNING: Keyring cache token has failed: No recommended
backend was available. Install the keyrings.alt package if you want to
use the non-recommended backends. See README.rst for details. ]





Can anyone give me a hint how to fix these issue?



pcs version: 0.9.165

pacemaker version: 1.1.19-8.el7_6.1

fence_azure_arm version: 4.2.1

corosync 2.4.3



Thanks!



Thomas




___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org Getting started:
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org


___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org Getting started:
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/ma

Re: [ClusterLabs] fence_azure_arm flooding syslog

[Oyvind Albrigtsen]

Hi Thomas,

It looks like it's trying to use credentials from keyring, which
generates these error messages.

Maybe there's a typo in one of the authentitcation parameters in your
config. Can you post the output of "pcs stonith show --full"?

You can try running fence_azure_arm without parameters on the command
line and copy the parameters (one per line) to it, and add e.g.
action=status and end with Ctrl+D to see .


Oyvind

On 08/02/19 14:02 +0100, Thomas Berreis wrote:

Hi,



I'm having a two-node cluster in Azure with fencing enabled via module
fence_azure_arm.

The cluster management is flooding my syslog on both nodes with these
messages:



** fence_azure_arm: Keyring cache token has failed: No recommended backend
was available. Install the keyrings.alt package if you want to use the
non-recommended backends. See README.rst for details.



** stonith-ng[5220]: warning: fence_azure_arm[14847] stderr: [ 2019-02-08
12:52:02,703 WARNING: Keyring cache token has failed: No recommended backend
was available. Install the keyrings.alt package if you want to use the
non-recommended backends. See README.rst for details. ]





Can anyone give me a hint how to fix these issue?



pcs version: 0.9.165

pacemaker version: 1.1.19-8.el7_6.1

fence_azure_arm version: 4.2.1

corosync 2.4.3



Thanks!



Thomas




___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org


___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

[ClusterLabs] fence-agents v4.3.3

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.3.3, which is a
bugfix release for v4.3.2.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.3.3

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: fix issues with newer autoconf versions

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers
___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

[ClusterLabs] fence-agents v4.3.2

[Oyvind Albrigtsen]

ClusterLabs is happy to announce fence-agents v4.3.2, which is a
bugfix release for v4.3.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.3.2

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_scsi: fix incorrect SCSI key when node ID is 10 or higher
 - fence_hpblade: fix log_expect syntax
 - fence_openstack: add support for new keystoneauth1 library
 - check_used_options: add Python 3 support and fix redirect-issue in
   if that made it not run during build anymore

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers
___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] network fencing - azure arm

[Oyvind Albrigtsen]

On 21/11/18 22:23 +0100, thomas.berr...@gmx.de wrote:

Hi,


It's a boolean, so you can set it with e.g. network-fencing=1 or true.


Already tried, but it didn't worked. The resource was unable to start.

Try running it without arguments and feeding them one pr line followed
by Ctrl-D on an empty line to see what's wrong. And add verbose=1 if
it doesnt give enough info.


Regards,
Thomas

-Ursprüngliche Nachricht-
Von: Users  Im Auftrag von Oyvind Albrigtsen
Gesendet: Mittwoch, 21. November 2018 09:07
An: Cluster Labs - All topics related to open-source clustering welcomed

Betreff: Re: [ClusterLabs] network fencing - azure arm

On 21/11/18 07:57 +0100, Thomas Berreis wrote:

Hello,



I have a question about stonith configuration within azure and I hope I'm
using the correct mailing list.



I've installed two virtual machines with pacemaker 1.1.18, pcs 0.9.162 and
fence-agents-azure-arm 4.0.11.86.

Now I'm unable to create a stonith configuration via pcs by using
network-fencing. Without network-fencing everything works fine.



The following command is working as expected (without network-fencing):

# pcs stonith create stonith.node1 fence_azure_arm login=$az_login
passwd=$az_passwd resourceGroup=$az_rg subscriptionId=$az_sid
tenantId=$az_tenant retry_on=0 pcmk_host_list=node1



If I add "network-fencing" to the list, pcs throws an error:

Error: missing value of 'network-fencing' option

It's a boolean, so you can set it with e.g. network-fencing=1 or true.




I don't know what's wrong because network-fencing doesn't require any

value.


# fence_azure_arm -h | grep -A2 network-fencing

  --network-fencing   Use network fencing. See NOTE-section of

  metadata for required Subnet/Network Security

  Group configuration.



Also network-fencing="on", "true" or "0" wasn't working. If I use
fence_azure_arm with network-fencing option manually everything is working
as expected.

Unfortunately this fence agent is very rare documented and I didn't found
any example for network-fencing.



Thanks for your help!



Best Regards,

Thomas B.




___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org


___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] network fencing - azure arm

[Oyvind Albrigtsen]

On 21/11/18 07:57 +0100, Thomas Berreis wrote:

Hello,



I have a question about stonith configuration within azure and I hope I'm
using the correct mailing list.



I've installed two virtual machines with pacemaker 1.1.18, pcs 0.9.162 and
fence-agents-azure-arm 4.0.11.86.

Now I'm unable to create a stonith configuration via pcs by using
network-fencing. Without network-fencing everything works fine.



The following command is working as expected (without network-fencing):

# pcs stonith create stonith.node1 fence_azure_arm login=$az_login
passwd=$az_passwd resourceGroup=$az_rg subscriptionId=$az_sid
tenantId=$az_tenant retry_on=0 pcmk_host_list=node1



If I add "network-fencing" to the list, pcs throws an error:

Error: missing value of 'network-fencing' option

It's a boolean, so you can set it with e.g. network-fencing=1 or true.




I don't know what's wrong because network-fencing doesn't require any value.

# fence_azure_arm -h | grep -A2 network-fencing

  --network-fencing   Use network fencing. See NOTE-section of

  metadata for required Subnet/Network Security

  Group configuration.



Also network-fencing="on", "true" or "0" wasn't working. If I use
fence_azure_arm with network-fencing option manually everything is working
as expected.

Unfortunately this fence agent is very rare documented and I didn't found
any example for network-fencing.



Thanks for your help!



Best Regards,

Thomas B.




___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org


___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] VirtualBox : an improved OCF agent

[Oyvind Albrigtsen]

On 05/11/18 12:07 +0200, Ioannis Ioannou wrote:

Hello,

I got this reply from the original author regarding the agent for 
Virtualbox:


I honestly do not care. That script was a long time ago. Good to 
see that someone actually read it, used it, and improved on it.


I posted the script on a public, indexed forum. I'd say it's 
public domain at that point.
I don't believe I included any licensing terms, but as a 
semi-official statement (as far as forum IM can be regarded as an 
official medium); you've got my permission to do whatever, 
including modification, redistribution, sublicensing etc. I hereby 
declare it as MIT licensed.


Would be cool to see this script included in the default 
distribution of clusterlabs





Although I usually prefer GPL, MIT is ok with me also.

Hi John,

You're welcome to make a PR for the agent at our resource-agents
repository: https://github.com/ClusterLabs/resource-agents
where we'll review the agent to get it included.

You should put a MIT license header in the agent, like we've done for
the other agents, and we also need to add a COPYING.MIT like we got
for the other licenses.


Oyvind



Cheers
John (aka Ioannis)



On 24/10/2018 10:43, Ioannis Ioannou wrote:


Hello again,


The original script had been posted on VB's forum and it is at 
Howtos there.


I subscribed, tried to reach the original author but got no response 
so far.


For me GPL (eg v2) is ok.

Cheers

John


On 5/10/2018 15:00, users-requ...@clusterlabs.org wrote:

Date: Thu, 04 Oct 2018 09:19:55 -0500 From: Ken Gaillot 
 To: Cluster Labs - All topics related to 
open-source clustering welcomed  Subject: 
Re: [ClusterLabs] VirtualBox : an improved OCF agent Message-ID: 
<1538662795.4624.6.ca...@redhat.com> Content-Type: text/plain; 
charset="UTF-8" That's awesome. If you can find the original 
author and get agreement

to put it under an open source license, it would be a great addition to
the resource-agents package.
-- Ken Gaillot 





___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

[ClusterLabs] resource-agents v4.2.0

[Oyvind Albrigtsen]

ClusterLabs is happy to announce resource-agents v4.2.0.
Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.2.0

The most significant enhancements in this release are:
- new resource agents:
 - azure-events
 - aliyun-vpc-move-ip
 - gcp-pd-move
 - gcp-vpc-move-ip
 - gcp-vpc-move-route (improved Python version of gcp-vpc-move-ip)
 - gcp-vpc-move-vip
 - openstack-cinder-volume
 - openstack-floating-ip
 - openstack-info
 - podman
 - sybaseASE

- bugfixes and enhancements:
 - apache: fix return value for silent_status (introduced in the
   retry PID check mentioned below)
 - rabbitmq-cluster: fail monitor when node is in minority partition
 - ZFS: check status without locks when possible
 - pgsql: fix to avoid failing on masters re-promote
 - CI: fixes for bash path, strncpy in GCC 8 and missing docbook-style-xsl
 - CTDB: fix "ctdb_recovery_lock" validation
 - CTDB: fix incorrect DB corruption reports (ensure health check is run)
 - Filesystem: support symlink as mountpoint directory
 - IPaddr2: return OCF_ERR_GENERIC when failing due to IPv4 address collision
 - LVM-activate: fix for dashes in volume group and logical volume names
 - LVM-activate: read parameters for stop-action
 - LVM-activate: return OCF_ERR_CONFIGURED for incorrect vg_access_mode
 - LVM: added missing dash for activation parameters
 - SAPDatabase: add info to meta-data
 - SAPInstance: add monitored services for ENSA2 (bsc#1092384)
 - SAPInstance: implement reload action to avoid resource restarts after a
   non-unique parameter has been changed
 - SAPInstance: improve SAP instance profile detection
 - SAPInstance: improve stop-action logging
 - Squid: use ss if netstat is not available
 - VirtualDomain: add stateless support
 - VirtualDomain: correctly create logfile and set permissions
 - Xen: add utilization support for cpu and hv_memory
 - apache: retry PID check
 - aws-vpc-move-ip: check routing table during monitor probe action
 - aws-vpc-move-ip: fix backward-compatibility
 - aws-vpc-move-ip: use ip utility to check address
 - awseip: fix allocation_id not found error
 - awseip: update required IAM role permissions
 - awsvip: get network-id from metadata
 - awsvip: improve secondary-private-ip query
 - configure: add Python path detection
 - exportfs: fix square bracket stripping in clientspec
 - findif: improve IPv6 NIC detection
 - findif: only match lines containing netmasks (for newer iputils)
 - garbd: support netstat and ss
 - iSCSITarget: support CHAP authentication for lio-t
 - ipsec: add tunnel fallback option
 - ldirectord: add manpage to systemd unit file
 - lvmlockd: add cmirrord support
 - mysql: remove obsolete DEBUG_LOG functionality (bsc#1021689)
 - nfsserver: fix rpcpipefs_dir and nfs_shared_infodir issues
 - ocf-binaries: use SSH-path detected by configure
 - ocf.py: new Python library and dev guide
 - oracle: improve dbopen error
 - pgsql: create replication slots after promoting master
 - pgsql: dont change ownership of /dev/null
 - pgsql: support PostgreSQL 11 or later
 - portblock: support ss and netstat (partial)
 - ra-dev-guide: update instructions for GitHub
 - rabbitmq-cluster: get cluster status from mnesia during monitor
 - rabbitmq-cluster: retry start when cluster join fails
 - redis: do not use absolute path in pidof calls
 - sg_persist: correctly pickup old keys
 - syslog-ng: add Premium Edition 6 and 7 support
 - systemd-tmpfiles: configure path with --with-rsctmpdir

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.2.0/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers
___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] resource-agents v4.2.0 rc1

[Oyvind Albrigtsen]

On 18/10/18 19:43 +0200, Valentin Vidic wrote:

On Wed, Oct 17, 2018 at 12:03:18PM +0200, Oyvind Albrigtsen wrote:

 - apache: retry PID check.


I noticed that the ocft test started failing for apache in this
version. Not sure if the test is broken or the agent. Can you
check if the test still works for you? Restoring the previous
version of the agent fixes the problem for me.

It seems to work fine for me except for the that I had to change name
from apache2 to httpd (which it's called on RHEL and Fedora) in the
ocft-config, so I think we need some additional logic for that.


# ocft test -v apache
Initializing 'apache' ...
Done.

Starting 'apache' case 0 'check base env':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 1 'check base env: set non-existing 
OCF_RESKEY_statusurl':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 2 'check base env: set non-existing 
OCF_RESKEY_configfile':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 3 'normal start':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 4 'normal stop':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 5 'double start':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 6 'double stop':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 7 'running monitor':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 8 'not running monitor':
ERROR: './apache monitor' failed, the return code is 2.
Starting 'apache' case 9 'unimplemented command':
ERROR: './apache monitor' failed, the return code is 2.

--
Valentin
___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org