[ClusterLabs] resource-agents v4.16.0

2024-11-06 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.16.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.16.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - ocf-shellfuncs: only create/update and reload systemd drop-in if needed
 - spec: drop BuildReq python3-pyroute2 for RHEL/CentOS
 - Filesystem: dont sleep during stop-action when there are no processes to kill
 - Filesystem: on stop, try umount directly, before scanning for users
 - Filesystem: only use $umount_force after sending kill_signals
 - Filesystem: stop/get_pids: improve logic to find processes
 - Filesystem: add azure aznfs filesystem support
 - IPaddr2: add proto-parameter to be able to match a specific route
 - IPaddr2: improve fail logic and check ip_status after adding IP
 - IPaddr2: use dev keyword when bringing up device
 - IPsrcaddr: specify dev for default route, as e.g. fe80:: routes can be 
present on multiple interfaces
 - apache/http-mon.sh: change curl opts to match wget
 - azure-events*: use node name from cluster instead of hostname to avoid 
failing if they're not the same
 - docker-compose: use "docker compose" when not using older docker-compose 
command
 - findif.sh: ignore unreachable, blackhole, and prohibit routes
 - nfsserver: also stop rpc-statd for nfsv4_only to avoid stop failing in some 
cases
 - podman: force-remove containers in stopping state if necessary (#1973)
 - powervs-subnet: add optional argument route_table (#1966)
 - powervs-subnet: modify gathering of Apikey, calculation of timeout
 - powervs-subnet: enable access via private endpoint for IBM IAM

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.16.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] [EXT] Re: Pull request requirements

2024-11-04 Thread Oyvind Albrigtsen

On 04/11/24 08:40 +, Windl, Ulrich wrote:

-Original Message-
From: Users  On Behalf Of Oyvind
Albrigtsen
Sent: Thursday, October 31, 2024 4:25 PM
To: Amir Eibagi 
Cc: users@clusterlabs.org; Govind Soundararajan

Subject: [EXT] Re: [ClusterLabs] Pull request requirements

Hi Amir,

This is the current developer guide:
https://github.com/ClusterLabs/fence-agents/blob/main/doc/fa-dev-
guide.md

We prefer REST-based agents, and the agents should work on Python 3.6+.


Why is there a strong Python bias for fence agents?

Because it allows lower level control to use libraries like requests,
urllib3, pycurl, and in some cases project-specific libs rather than
a shell script runnning a client where the code could change a lot
from one version to another.

There's also the positive side of lots of libraries available for
Python, and better detection to avoid issues than shell scripts or C
where you would need external tools to detect them.


Oyvind Albrigtsen


...

Regards,
Ulrich
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Pull request requirements

2024-10-31 Thread Oyvind Albrigtsen

Hi Amir,

This is the current developer guide:
https://github.com/ClusterLabs/fence-agents/blob/main/doc/fa-dev-guide.md

We prefer REST-based agents, and the agents should work on Python 3.6+.


Oyvind Albrigtsen

On 30/10/24 18:49 +, Amir Eibagi wrote:

Hello team,

My name is Amir Eibagi and I am working for Nutanix. Me and my colleague (CCed 
on this email) are working to introduce a new fence agent for the AHV host.
We have followed the guidelines under  
https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md 
developing the fence agent.

I just would like to check with the team if there are any specific requirement 
which we need to follow before submitting our pull request for the upstream.

Thanks for your time and consideration.

[https://opengraph.githubassets.com/71768307b1f7a262e53035982d12e5f779c1f83cf243cf036526e339194b53a8/ClusterLabs/fence-agents]<https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md>
fence-agents/doc/FenceAgentAPI.md at main · 
ClusterLabs/fence-agents<https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md>
Fence agents. Contribute to ClusterLabs/fence-agents development by creating an 
account on GitHub.
github.com





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.16.0 rc1

2024-10-30 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.16.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.16.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - ocf-shellfuncs: only create/update and reload systemd drop-in if needed
 - spec: drop BuildReq python3-pyroute2 for RHEL/CentOS
 - Filesystem: dont sleep during stop-action when there are no processes to kill
 - Filesystem: on stop, try umount directly, before scanning for users
 - Filesystem: only use $umount_force after sending kill_signals
 - Filesystem: stop/get_pids: improve logic to find processes
 - Filesystem: add azure aznfs filesystem support
 - IPaddr2: add proto-parameter to be able to match a specific route
 - IPaddr2: improve fail logic and check ip_status after adding IP
 - IPaddr2: use dev keyword when bringing up device
 - IPsrcaddr: specify dev for default route, as e.g. fe80:: routes can be 
present on multiple interfaces
 - apache/http-mon.sh: change curl opts to match wget
 - azure-events*: use node name from cluster instead of hostname to avoid 
failing if they're not the same
 - docker-compose: use "docker compose" when not using older docker-compose 
command
 - findif.sh: ignore unreachable, blackhole, and prohibit routes
 - nfsserver: also stop rpc-statd for nfsv4_only to avoid stop failing in some 
cases
 - podman: force-remove containers in stopping state if necessary (#1973)
 - powervs-subnet: add optional argument route_table (#1966)
 - powervs-subnet: modify gathering of Apikey, calculation of timeout
 - powervs-subnet: enable access via private endpoint for IBM IAM

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.16.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] About RA ocf:heartbeat:portblock

2024-10-23 Thread Oyvind Albrigtsen

In that case I would report the bug to Ubuntu.


Oyvind

On 23/10/24 15:49 +0300, Murat Inal wrote:

  Hi Oyvind,

  I checked out PR1924 and exacty applied it to my test cluster.

  Problem still exists. Rules do not get deleted, only created.

  Note that;

  - My cluster runs Ubuntu Server 24.04

  - grep is GNU 3.11

  - Switches -qE are valid & exist in grep man page.

  On 10/23/24 14:43, Oyvind Albrigtsen wrote:

This could be related to the following PR:
[1]https://github.com/ClusterLabs/resource-agents/pull/1924/files

The github version of portblock works fine on Fedora 40, so that's my
best guess.

Oyvind

On 22/10/24 21:44 +0300, Murat Inal wrote:

  Hello Oyvind,

  Using your suggestion, I located the issue at function
  chain_isactive().

  This function greps the "generated" rule string (via function
  active_grep_pat()) in the rule table. Generated string does NOT match
  with iptables output anymore. Consequently, RA decides that the rule
  is ABSENT, although it is PRESENT.

  I opted to use "iptables --check" command for rule existence
  detection. Below is the function with modification comments;

  #chain_isactive  {udp|tcp} portno,portno ip chain
  chain_isactive()
  {
  [ "$4" = "OUTPUT" ] && ds="s" || ds="d"
  #PAT=$(active_grep_pat "$1" "$2" "$3" "$ds") # grep pattern
  #$IPTABLES $wait -n -L "$4" | grep "$PAT" >/dev/null
  # old detection line

  iptables -C "$4" -p "$1" -${ds} "$3" -m multiport --${ds}ports
  "$2" -j DROP# new detection using iptables --check/-C
  }

  I tested the modified RA with both actions (block & unblock). It
  works. If you agree with the above, active_grep_pat() has NO use, it
  can be deleted from the script.

  On 10/21/24 12:25, Oyvind Albrigtsen wrote:

I would try running "pcs resource debug-stop --full " to
see
what's happening, and try to run the "iptables -D" line manually if
it
doesnt show you an error.

Oyvind

On 18/10/24 21:45 +0300, Murat Inal wrote:

  Hi Oyvind,

  Probably current portblock has a bug. It CREATES netfilter rule on
  start(), however DOES NOT DELETE the rule on stop().

  Here is the configuration of my simple 2 node + 1 qdevice cluster;

  node 1: node-a-knet \
  attributes standby=off
  node 2: node-b-knet \
  attributes standby=off
  primitive r-porttoggle portblock \
  params action=block direction=out ip=172.16.0.1 portno=1234
  protocol=udp \
  op monitor interval=10s timeout=10s \
  op start interval=0s timeout=20s \
  op stop interval=0s timeout=20s
  primitive r-vip IPaddr2 \
  params cidr_netmask=24 ip=10.1.6.253 \
  op monitor interval=10s timeout=20s \
  op start interval=0s timeout=20s \
  op stop interval=0s timeout=20s
  colocation c1 inf: r-porttoggle r-vip
  order o1 r-vip r-porttoggle
  property cib-bootstrap-options: \
  have-watchdog=false \
  dc-version=2.1.6-6fdc9deea29 \
  cluster-infrastructure=corosync \
  cluster-name=testcluster \
  stonith-enabled=false \
  last-lrm-refresh=1729272215

  - I checked the switchover and observed netfilter chain (watch
  sudo iptables -L OUTPUT) real-time,

  - Tried portblock with parameter direction=out & both.

  - Checked if the relevant functions IptablesBLOCK() &
  IptablesUNBLOCK() are executing (by inserting syslog mark messages
  inside). They do run.

  However rule is ONLY created, NEVER deleted.

  Any suggestions?

  On 10/9/24 11:26, Oyvind Albrigtsen wrote:

Correct. That should block the port when the resource is stopped
on a
node (e.g. if you have it grouped with the service you're using
on the
port).

I would do some testing to ensure it works exactly as you
expect. E.g.
you can telnet to the port, or you can run nc/socat on the port
and
telnet to it from the node it blocks/unblocks. If it doesnt
accept
the connection you know it's blocked.

Oyvind Albrigtsen

On 06/10/24 22:46 GMT, Murat Inal wrote:

  Hello,

  I'd like to confirm with you the mechanism of
  ocf:heartbeat:portblock.

  Given a re

Re: [ClusterLabs] About RA ocf:heartbeat:portblock

2024-10-23 Thread Oyvind Albrigtsen

This could be related to the following PR:
https://github.com/ClusterLabs/resource-agents/pull/1924/files

The github version of portblock works fine on Fedora 40, so that's my
best guess.


Oyvind

On 22/10/24 21:44 +0300, Murat Inal wrote:

Hello Oyvind,

Using your suggestion, I located the issue at function chain_isactive().

This function greps the "generated" rule string (via function 
active_grep_pat()) in the rule table. Generated string does NOT match 
with iptables output anymore. Consequently, RA decides that the rule 
is ABSENT, although it is PRESENT.


I opted to use "iptables --check" command for rule existence 
detection. Below is the function with modification comments;



#chain_isactive  {udp|tcp} portno,portno ip chain
chain_isactive()
{
    [ "$4" = "OUTPUT" ] && ds="s" || ds="d"
    #PAT=$(active_grep_pat "$1" "$2" "$3" "$ds") # grep pattern
    #$IPTABLES $wait -n -L "$4" | grep "$PAT" >/dev/null             
                                # old detection line
    iptables -C "$4" -p "$1" -${ds} "$3" -m multiport --${ds}ports 
"$2" -j DROP                # new detection using iptables --check/-C

}

I tested the modified RA with both actions (block & unblock). It 
works. If you agree with the above, active_grep_pat() has NO use, it 
can be deleted from the script.



On 10/21/24 12:25, Oyvind Albrigtsen wrote:

I would try running "pcs resource debug-stop --full " to see
what's happening, and try to run the "iptables -D" line manually if it
doesnt show you an error.


Oyvind

On 18/10/24 21:45 +0300, Murat Inal wrote:

Hi Oyvind,

Probably current portblock has a bug. It CREATES netfilter rule on 
start(), however DOES NOT DELETE the rule on stop().


Here is the configuration of my simple 2 node + 1 qdevice cluster;


node 1: node-a-knet \
    attributes standby=off
node 2: node-b-knet \
    attributes standby=off
primitive r-porttoggle portblock \
    params action=block direction=out ip=172.16.0.1 portno=1234 
protocol=udp \

    op monitor interval=10s timeout=10s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s
primitive r-vip IPaddr2 \
    params cidr_netmask=24 ip=10.1.6.253 \
    op monitor interval=10s timeout=20s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s
colocation c1 inf: r-porttoggle r-vip
order o1 r-vip r-porttoggle
property cib-bootstrap-options: \
    have-watchdog=false \
    dc-version=2.1.6-6fdc9deea29 \
    cluster-infrastructure=corosync \
    cluster-name=testcluster \
    stonith-enabled=false \
    last-lrm-refresh=1729272215


- I checked the switchover and observed netfilter chain (watch 
sudo iptables -L OUTPUT) real-time,


- Tried portblock with parameter direction=out & both.

- Checked if the relevant functions IptablesBLOCK() & 
IptablesUNBLOCK() are executing (by inserting syslog mark messages 
inside). They do run.


However rule is ONLY created, NEVER deleted.

Any suggestions?


On 10/9/24 11:26, Oyvind Albrigtsen wrote:


Correct. That should block the port when the resource is stopped on a
node (e.g. if you have it grouped with the service you're using on the
port).

I would do some testing to ensure it works exactly as you expect. E.g.
you can telnet to the port, or you can run nc/socat on the port and
telnet to it from the node it blocks/unblocks. If it doesnt accept
the connection you know it's blocked.


Oyvind Albrigtsen

On 06/10/24 22:46 GMT, Murat Inal wrote:

Hello,

I'd like to confirm with you the mechanism of ocf:heartbeat:portblock.

Given a resource definition;

Resource: r41_LIO (class=ocf provider=heartbeat type=portblock)
  Attributes: r41_LIO-instance_attributes
    action=unblock
    ip=10.1.8.194
    portno=3260
    protocol=tcp

- If resource starts, TCP:3260 is UNBLOCKED.

- If resource is stopped, TCP:3260 is BLOCKED.

Is that correct? If action=block, it will run just the 
opposite, correct?


To toggle a port, a single portblock resource is enough, correct?

Thanks,

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
h

[ClusterLabs] announcement: schedule for resource-agents release 4.16.0

2024-10-21 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.16.0:
4.16.0-rc1: Oct 30.
4.16.0: Nov 6.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.15.1...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 160 issues and 49 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] About RA ocf:heartbeat:portblock

2024-10-21 Thread Oyvind Albrigtsen

I would try running "pcs resource debug-stop --full " to see
what's happening, and try to run the "iptables -D" line manually if it
doesnt show you an error.


Oyvind

On 18/10/24 21:45 +0300, Murat Inal wrote:

Hi Oyvind,

Probably current portblock has a bug. It CREATES netfilter rule on 
start(), however DOES NOT DELETE the rule on stop().


Here is the configuration of my simple 2 node + 1 qdevice cluster;


node 1: node-a-knet \
    attributes standby=off
node 2: node-b-knet \
    attributes standby=off
primitive r-porttoggle portblock \
    params action=block direction=out ip=172.16.0.1 portno=1234 
protocol=udp \

    op monitor interval=10s timeout=10s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s
primitive r-vip IPaddr2 \
    params cidr_netmask=24 ip=10.1.6.253 \
    op monitor interval=10s timeout=20s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s
colocation c1 inf: r-porttoggle r-vip
order o1 r-vip r-porttoggle
property cib-bootstrap-options: \
    have-watchdog=false \
    dc-version=2.1.6-6fdc9deea29 \
    cluster-infrastructure=corosync \
    cluster-name=testcluster \
    stonith-enabled=false \
    last-lrm-refresh=1729272215


- I checked the switchover and observed netfilter chain (watch sudo 
iptables -L OUTPUT) real-time,


- Tried portblock with parameter direction=out & both.

- Checked if the relevant functions IptablesBLOCK() & 
IptablesUNBLOCK() are executing (by inserting syslog mark messages 
inside). They do run.


However rule is ONLY created, NEVER deleted.

Any suggestions?


On 10/9/24 11:26, Oyvind Albrigtsen wrote:


Correct. That should block the port when the resource is stopped on a
node (e.g. if you have it grouped with the service you're using on the
port).

I would do some testing to ensure it works exactly as you expect. E.g.
you can telnet to the port, or you can run nc/socat on the port and
telnet to it from the node it blocks/unblocks. If it doesnt accept
the connection you know it's blocked.


Oyvind Albrigtsen

On 06/10/24 22:46 GMT, Murat Inal wrote:

Hello,

I'd like to confirm with you the mechanism of ocf:heartbeat:portblock.

Given a resource definition;

Resource: r41_LIO (class=ocf provider=heartbeat type=portblock)
  Attributes: r41_LIO-instance_attributes
    action=unblock
    ip=10.1.8.194
    portno=3260
    protocol=tcp

- If resource starts, TCP:3260 is UNBLOCKED.

- If resource is stopped, TCP:3260 is BLOCKED.

Is that correct? If action=block, it will run just the opposite, 
correct?


To toggle a port, a single portblock resource is enough, correct?

Thanks,

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] About RA ocf:heartbeat:portblock

2024-10-09 Thread Oyvind Albrigtsen

Correct. That should block the port when the resource is stopped on a
node (e.g. if you have it grouped with the service you're using on the
port).

I would do some testing to ensure it works exactly as you expect. E.g.
you can telnet to the port, or you can run nc/socat on the port and
telnet to it from the node it blocks/unblocks. If it doesnt accept
the connection you know it's blocked.


Oyvind Albrigtsen

On 06/10/24 22:46 GMT, Murat Inal wrote:

Hello,

I'd like to confirm with you the mechanism of ocf:heartbeat:portblock.

Given a resource definition;

Resource: r41_LIO (class=ocf provider=heartbeat type=portblock)
  Attributes: r41_LIO-instance_attributes
    action=unblock
    ip=10.1.8.194
    portno=3260
    protocol=tcp

- If resource starts, TCP:3260 is UNBLOCKED.

- If resource is stopped, TCP:3260 is BLOCKED.

Is that correct? If action=block, it will run just the opposite, correct?

To toggle a port, a single portblock resource is enough, correct?

Thanks,

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] resource-agents security update

2024-09-19 Thread Oyvind Albrigtsen

If you're using RHEL9 it's bundled in ha-cloud-support and
fence-agents-kubevirt, so you can run "yum update fence-agents-*
ha-cloud-support" to upgrade all the packages that could contain the
CVE on RHEL9.


Oyvind

On 19/09/24 10:22 GMT, S Sathish S wrote:

Hi Albrigtsen,

Python3-urllib3 package used from redhat and reported CVE-2024-37891 mitigated 
version available will upgrade to latest version in the system. As per below 
your statement update urllib3 package will mitigate this vulnerability no need 
to update resource-agents module. This is our understanding correct me if I am 
wrong.

Thanks and Regards,
S Sathish S
-Original Message-
From: Oyvind Albrigtsen 
Sent: Thursday, September 19, 2024 12:35 PM
To: Cluster Labs - All topics related to open-source clustering welcomed 

Cc: Tomas Jelinek ; S Sathish S ; 
Kohilavani G 
Subject: Re: [ClusterLabs] resource-agents security update

[You don't often get email from oalbr...@redhat.com. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Hi,

This is a urllib3 CVE (bundled with resource-agents on RHEL8), so on other 
distros you'll have to check if the python-urllib3 package is version 1.26.19, 
2.2.2 or later. If not you can check the distro-specific changelog to see if 
the CVE has been fixed in the version you're using.

https://access.redhat.com/errata/RHSA-2024:5309
https://www.tenable.com/plugins/nessus/200807


Oyvind

On 19/09/24 06:32 GMT, S Sathish S via Users wrote:

Thanks Tomas for your response.

@Clusterlab team : can you check on below query and update us.

Regards,
S Sathish S
-Original Message-
From: Tomas Jelinek 
Sent: Wednesday, September 18, 2024 9:19 PM
To: S Sathish S ; users@clusterlabs.org
Cc: Kohilavani G 
Subject: Re: resource-agents security update

Hi,

Sorry, I don't work on resource agents, so I'm not the right person to answer 
this question.

Regards,
Tomas


Dne 17. 09. 24 v 14:16 S Sathish S napsal(a):

Hi Tomas/Team,

In our application we are using resource-agent-4.12.0
<https://gi/
t%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a
08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285
9655867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9vNDpoXa31hSP4PCdf35
9LKi1ir9x1fMRYz2GCSWrfY%3D&reserved=0
hub.com%2FClusterLabs%2Fresource-agents%2Ftree%2Fv4.12.0&data=05%7C02
%
7Cs.s.sathish%40ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e
8
4cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638622713399244865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ThxwAAaiOfBcPTLUKeYQBP2w9XHix1ZXmK0KrU4Xvs%3D&reserved=0>
 version and that module has vulnerability(CVE-2024-37891) reported and fixed on below 
RHSA Errata. can you check and provided fixed on resource-agent latest version on upstream 
also.

https://acc/
e%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a
08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285
9672823%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sMArNs1F0EhkWKOZoQGM
27ky82Ih%2BoW6NbWLQgzI3bo%3D&reserved=0
ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish%
4
0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe
5
2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8ey
J
WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
C
%7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reser
v
ed=0

Thanks and Regards,
S Sathish S



___
Manage your subscription:
https://lists/
.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers&data=05%7C02%7Cs.s.sathis
h%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abb
e52080c6b87953f%7C0%7C0%7C638623262859687084%7CUnknown%7CTWFpbGZsb3d8ey
JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
%7C%7C&sdata=wiZLjXCM743n24lC8ddorB5URDAZ9LDaJPFYVhQV%2FiQ%3D&reserved=
0

ClusterLabs home:
https://www.c/
lusterlabs.org%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638623262859699515%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q3NA%2FrA7X5m4ZIZH9zuSPm8E9AgdYMhw757i%2FOh5sDw%3D&reserved=0





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] resource-agents security update

2024-09-19 Thread Oyvind Albrigtsen

Hi,

This is a urllib3 CVE (bundled with resource-agents on RHEL8), so on
other distros you'll have to check if the python-urllib3 package is
version 1.26.19, 2.2.2 or later. If not you can check the
distro-specific changelog to see if the CVE has been fixed in the
version you're using.

https://access.redhat.com/errata/RHSA-2024:5309
https://www.tenable.com/plugins/nessus/200807


Oyvind

On 19/09/24 06:32 GMT, S Sathish S via Users wrote:

Thanks Tomas for your response.

@Clusterlab team : can you check on below query and update us.

Regards,
S Sathish S
-Original Message-
From: Tomas Jelinek 
Sent: Wednesday, September 18, 2024 9:19 PM
To: S Sathish S ; users@clusterlabs.org
Cc: Kohilavani G 
Subject: Re: resource-agents security update

Hi,

Sorry, I don't work on resource agents, so I'm not the right person to answer 
this question.

Regards,
Tomas


Dne 17. 09. 24 v 14:16 S Sathish S napsal(a):

Hi Tomas/Team,

In our application we are using resource-agent-4.12.0

 version and that module has vulnerability(CVE-2024-37891) reported and fixed on below 
RHSA Errata. can you check and provided fixed on resource-agent latest version on upstream 
also.

https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Facce
ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish%4
0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe5
2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8eyJ
WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
%7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reserv
ed=0

Thanks and Regards,
S Sathish S



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] About OCF RA bugs

2024-09-12 Thread Oyvind Albrigtsen

Hi Murat,

It's best if you create an issue at 
https://github.com/ClusterLabs/resource-agents/issues

That way you can put logs and everything there, and we can help fix or
debug what's causing issues.


Oyvind Albrigtsen

On 12/09/24 17:23 GMT, Murat Inal wrote:

  Hello,

  I think I have found some issues with some OCF:heartbeat RAs. Is this mail
  list the right place to open a thread?

  Thanks,

  Murat



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] a request for "oracle" resource agent

2024-08-22 Thread Oyvind Albrigtsen

Feel free to make a Pull Request against the repository, and I can give
some feedback, and we can either merge it if there's others wanting
the feature, or close it if not (it will still be available so people
can search for oracle in the Pull Requests section and find the code).


Oyvind

On 22/08/24 08:58 GMT, Oyvind Albrigtsen wrote:

I cant remember anyone requesting this, but it should be fairly simple
to implement.

You can add a "mode" parameter to the metadata with
OCF_RESKEY_mode_default="running", and add an expected_status
variable in instance_live() that will be OPEN if it's set to running,
and the expected state for standby when it's set to standby, and
replace the 3 OPEN's in the function with $expected state.


Oyvind

On 19/08/24 17:10 GMT, Fabrizio Ermini wrote:

Hi!
I am trying to set up an oracle instance managed by a pacemaker cluster.
It's a task that I have performed several times with no issue, but in this
particular case I have a non standard requirement: since the instance
sometimes would take the role of a standby database, the "start" actions
should NOT open the DB instance, just mount it.

Are you aware of a way to make this happen? I thought initially to just
comment out the "open" command in the resource script, but of course this
would not work since the monitor operations would report the unopened
instance as an error.

In any case let me know if you could be interested to add this as a feature
if I manage to successfully make it work.

Thanks for your time and effort, and best regards
Fabrizio



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/




___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] a request for "oracle" resource agent

2024-08-21 Thread Oyvind Albrigtsen

I cant remember anyone requesting this, but it should be fairly simple
to implement.

You can add a "mode" parameter to the metadata with
OCF_RESKEY_mode_default="running", and add an expected_status
variable in instance_live() that will be OPEN if it's set to running,
and the expected state for standby when it's set to standby, and
replace the 3 OPEN's in the function with $expected state.


Oyvind

On 19/08/24 17:10 GMT, Fabrizio Ermini wrote:

Hi!
I am trying to set up an oracle instance managed by a pacemaker cluster.
It's a task that I have performed several times with no issue, but in this
particular case I have a non standard requirement: since the instance
sometimes would take the role of a standby database, the "start" actions
should NOT open the DB instance, just mount it.

Are you aware of a way to make this happen? I thought initially to just
comment out the "open" command in the resource script, but of course this
would not work since the monitor operations would report the unopened
instance as an error.

In any case let me know if you could be interested to add this as a feature
if I manage to successfully make it work.

Thanks for your time and effort, and best regards
Fabrizio



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.15.1

2024-07-26 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.15.1, which is a
bugfix release for v4.15.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.15.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - IPaddr2: dont fail with "IPv4 does not support lvs_ipv6_addrlabel"
   error, as the parameter is not used in IPv4 scenarioes

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Thanks to Valentin Vidic for reporting the bug.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.15.0

2024-07-24 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.15.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.15.0

The most significant enhancements in this release are:
- new resource agents:
 - outscale
 - powervs-subnet

- bugfixes and enhancements:
 - build: dont build powervs-subnet if dependencies are missing
 - spec: use /usr/sbin paths for Fedora 41+
 - configure: fix enable_ansi check
 - ocf-shellfuncs: add curl_retry()
 - ocf-shellfuncs: dont use deprecated validate-with="none" in CIB
 - ocf-shellfuncs: fix version regex in ocf_local_nodename()
 - ocf-shellfuncs: ocf_run(): add debug level error logging
 - findif.sh: add metric for IPv6 support and fail when matching more than 1 
route
 - AWS agents: use curl_retry() for metadata requests
 - Filesystem: fail when incorrect device mounted on mountpoint, and dont unmount the 
mountpoint in this case, or if mountpoint set to "/"
 - Filesystem: fail when leading or trailing whitespace is present in device or 
directory parameters
 - Filesystem: return success during stop-action when leading or trailing 
whitespace is present in device or directory parameters
 - Filesystem: silence "Expected /dev/... to exist" message for probe-action
 - Filesystem: use fuser -Mm (was -m) to avoid killing unrelated processes
 - Filesystem: use fuser -c on FreeBSD, as -m and -M are used for other 
functionality
 - IPaddr2: change default for lvs_ipv6_addrlabel to true to avoid last added 
IP becoming src IP
 - IPaddr2: use metric for IPv6
 - IPsrcaddr: add IPv6 support
 - apache/http-mon.sh: dont use -L for wget2 as it's not implemented yet
 - apache/http-mon.sh: prefer curl due to new wget2 issues, including not being 
able to resolve hostnames from /etc/hosts
 - azure-events-az: update to API versions, add retry functionality for 
metadata requests, update tests
 - azure-lb: fix issue where disabled IPv6 made it fail when using socat after 
adding IPv6 (#1939)
 - conntrackd/galera/rabbitmq-cluster: avoid deprecated tool options
 - galera/mariadb/mysql/redis: remove Unpromoted monitor-action, as it's 
covered by the regular monitor-action
 - pgsql: pgsql_status: silence expected "ERROR: command failed: runuser ..." 
messages
 - send_arp.libnet: use calloc() to avoid truncating pidfilename if it is more 
than 64 chars long
 - storage-mon: add logging to daemon mode

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.15.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.15.0 rc1

2024-07-17 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.15.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.15.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - outscale
 - powervs-subnet

- bugfixes and enhancements:
 - configure: fix enable_ansi check
 - ocf-shellfuncs: add curl_retry()
 - ocf-shellfuncs: dont use deprecated validate-with="none" in CIB
 - ocf-shellfuncs: fix version regex in ocf_local_nodename()
 - ocf-shellfuncs: ocf_run(): add debug level error logging
 - findif.sh: add metric for IPv6 support and fail when matching more than 1 
route
 - AWS agents: use curl_retry() for metadata requests
 - Filesystem: fail when incorrect device mounted on mountpoint, and dont unmount the 
mountpoint in this case, or if mountpoint set to "/"
 - Filesystem: fail when leading or trailing whitespace is present in device or 
directory parameters
 - Filesystem: return success during stop-action when leading or trailing 
whitespace is present in device or directory parameters
 - Filesystem: silence "Expected /dev/... to exist" message for probe-action
 - Filesystem: use fuser -Mm (was -m) to avoid killing unrelated processes
 - Filesystem: use fuser -c on FreeBSD, as -m and -M are used for other 
functionality
 - IPaddr2: change default for lvs_ipv6_addrlabel to true to avoid last added 
IP becoming src IP
 - IPaddr2: use metric for IPv6
 - IPsrcaddr: add IPv6 support
 - apache/http-mon.sh: dont use -L for wget2 as it's not implemented yet
 - apache/http-mon.sh: prefer curl due to new wget2 issues, including not being 
able to resolve hostnames from /etc/hosts
 - azure-events-az: update to API versions, add retry functionality for 
metadata requests, update tests
 - azure-lb: fix issue where disabled IPv6 made it fail when using socat after 
adding IPv6 (#1939)
 - conntrackd/galera/rabbitmq-cluster: avoid deprecated tool options
 - galera/mariadb/mysql/redis: remove Unpromoted monitor-action, as it's 
covered by the regular monitor-action
 - pgsql: pgsql_status: silence expected "ERROR: command failed: runuser ..." 
messages
 - send_arp.libnet: use calloc() to avoid truncating pidfilename if it is more 
than 64 chars long
 - storage-mon: add logging to daemon mode

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.15.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Resource Agents: pgsql vs. pgsqlms

2024-07-12 Thread Oyvind Albrigtsen

On 11/07/24 22:20 GMT, Ede Wolf wrote:


Once again thanks very much for your time.


Just wondering, besides implementation and documentation, is there an
overview of features / percieved advantages of one over the other?


Not that I am aware of.


That basically makes it even. In the sense, that from this point of 
view there is no preference.

Yeah. In Red Hat we provide both, but I'm the maintainer of
the resource-agents upstream repository, so I got more experience with
that agent.

Using/improving both is of equal value to us.



My personal percieved advantages of pgsqlms over pgsql are:

...


But pay attention on the fact that as the author of PAF, I'm highly biased, and
it's been ages since I had my hands on a cluster using the "pgsql" resource
agent. I don't really paid attention on how it evolved in the past 9 years.


I am paying attention to the fact that the author of PAF replies to 
beginners question. Beginner at least in this regard.


Other than that, at least the copyright notice for the pgsql ra is 
from 2012. Wether this is actually an indicates for any evolution I do 
not know, as I have not done any further digging.
It still should work, that's the message I am taking away from this 
thread, with more or less feature parity, so we'll give it a try as 
well.

That's just the last time the copyright notice for the agent was
updated. You can find the full list of commits at:
https://github.com/ClusterLabs/resource-agents/commits/main/heartbeat/pgsql

You'll find that the amount of commits decrease as the agent matures
(also in pgsqlms), unless there's some some feature added that
requires some improvements for a while.



the other the language. Bash is realistic to read, perl probably not.


That's really a matter of taste, and you might be surprised:


Well, if we manage to get it up and running by help of documentation, 
and some trial and error, we may not really need to read the agents 
anyway. In fact, that is, what we hope. It would just be a fallback 
since everyone here pitied either documentation



Too bad I hadn't update the vagrant PoC for a while, but you can have a look
in the following vagrant envs, if they still work with "modern" ansible/libvirt:


For evaluation we actually prefer going completely on foot and not use 
any automation magic. I am a bit oldfashioned and rather learn by 
doing wrong than by reading yaml. What in turn prevents any further 
career, but that is an entirely different story.

No automation is the best way to get started, as you should get used
to Pacemaker and the tools/agents, checking logs, "pcs resource
debug- --full " or setting trace_ra=1 for the resource
which will produce a file for each run of any action in
/var/lib/heartbeat/trace_ra/.

That's also where you'll see the difference of bash vs perl, as bash
will show code line-by-line, which makes it easier to debug, but
also shows additional code for the log entries (as it shows all the
calls to show them on screen) vs perl where it will show debug-level
log messages in addition to the usual info/warn/error messages.

Automation will be nice to put on top of the basic skillset to
make deploying, monitoring, etc easier to repeat.


Thanks again, very highly appreciated!

Ede


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Resource Agents: pgsql vs. pgsqlms

2024-07-11 Thread Oyvind Albrigtsen

On 11/07/24 11:33 GMT, Jehan-Guillaume de Rorthais wrote:

On Thu, 11 Jul 2024 10:17:24 +0200
Oyvind Albrigtsen  wrote:
[…]

>Since postgres ha is rather new to us and me having been lucky not
>having had to deal with perl so far, just reading the agents
>themselves does not really shed that much light on this issue.
The pgsql has seen more testing and usage, so I would use that unless
there's a specific reason to use PAF instead.

It's also written in shell, so if you debug by setting trace_ra=1 or
by running "psc resource debug- --full " it will also be easier
to debug, as it will list all the commands/checks it's running.


PAF will output debug messages if debug is enabled on Pacemaker side (in
/etc/sysconfig/pacemaker or /etc/default/pacemaker).

It is true "debug-" commands are not supported with PAF because they
are focused on non-promotable agents[1]. PAF rely on cluster contexts and
notify actions to make various checks, recovery and node election, which are
not set or triggered when using "debug-" commands.

There's also debug-promote and debug-demote, so it should cover most
use-cases.


But this can be emulated I suppose, eg. by setting the `target-role` by hand
and leave the cluster do its magic transitions?


Only negative is that the documentation for promotional pgsql cluster
is dated,


Well, PAF documentation is dated as well, they both deserve some documentation
updates from the authors (erm… I swear I'll do).

[1] as far as I remember, I'm interested to know if this not true anymore.



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Resource Agents: pgsql vs. pgsqlms

2024-07-11 Thread Oyvind Albrigtsen

On 10/07/24 19:18 GMT, Ede Wolf wrote:

Hello,

we are about to set up a postgresql 15 ha solution and since we already
have some experience with pacemaker, this seems the obvious route to go
first.

What however is somewhat confusing are the available resource agents.
By default the pgsql agent is shipped, at least with debian and
SLES, that however has a copyright notice dating back to 2012.

Now, when trying to research postgres and pacemaker, most articles do
talk about PAF, or the pgsqlms resource.

I have so far not been able to find the differences between both, and
in case PAF is, for one reason or the other, the better or more up
to date solution, why is it not shipped by default? At least not with
debian or SLES15?

PAF ended up as a solution due to some changes we couldnt do to the
pgsql agent without the risk of causing issues for existing users
(from what I recall).


Since postgres ha is rather new to us and me having been lucky not
having had to deal with perl so far, just reading the agents
themselves does not really shed that much light on this issue.

The pgsql has seen more testing and usage, so I would use that unless
there's a specific reason to use PAF instead.

It's also written in shell, so if you debug by setting trace_ra=1 or
by running "psc resource debug- --full " it will also be easier
to debug, as it will list all the commands/checks it's running.

Only negative is that the documentation for promotional pgsql cluster
is dated, so some of the settings for the PostgreSQL config files has
either been renamed or removed, but you'll see all those errors before
creating the resource in the cluster IIRC, so just Google those settings
when you get the errors to find their new equivalent.

https://projects.clusterlabs.org/w/cluster_administration/pgsql_replicated_cluster/


Oyvind Albrigtsen


So in case there is some documentation on comparing these two, or some
experience, that would be really helpful

Thanks

Ede
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.15.0

2024-07-08 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.15.0:
4.15.0-rc1: Jul 17.
4.15.0: Jul 24.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.14.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 160 issues and 49 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.15.0

2024-07-01 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.15.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.15.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - configure: check additional paths for programs
 - spec: only require python3-azure-sdk for RHEL < 9
 - fencing: add support for docs["agent_name"] to use the main agent name when 
generating manpages
 - fencing: use formatted strings to avoid failing when plug is int
 - fence2man.xsl: improve text for symlinked agents
 - all agents: dont use Deprecated logging.warn()
 - symlinked agents: set agent_name to use when generating manpages
 - fence_aws: fixes to not fail CI, and dont use boto3 buildreq on CI nodes 
where it's not installed
 - fence_aws: improve list/list-status (to show instance name and status) and 
status actions
 - fence_aws: log error if unknown state returned
 - fence_azure: fix pinning client api versions for compatibility across 
different azure sdk versions
 - fence_docker: add UNIX socket support
 - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer
 - fence_hpblade/fence_mpath/fence_scsi: use r"" for all regular expressions to 
avoid SyntaxWarning errors
 - fence_sbd: --sbd-path defaults to /usr/sbin/sbd

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.14.0...v4.15.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] clutering rabbitmq

2024-06-25 Thread Oyvind Albrigtsen

On 25/06/24 12:21 GMT, Damiano Giuliani wrote:

Hi Oyvind, thanks for the explanation and joining. my only doubt about
using systemd is pacemaker will not check in any way the status of the
rabbitmq cluster but only the status those resources. So basically it could
check all resources up but not a consistent rabbit cluster.
What do u think about it?

Correct. It will be able to start rabbitmq and try to restart (or move
to other node on repeated fails), but wont be able to do any more
advanced checks.

So if you need more advanced checks, or more advanced code being run
during start/stop or anything else more advanced you'll have to either
modify the existing agents or read the developer guide for how to make
one from scratch:
https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc


I also noticed rabbitmq-server-ha resource agent (2444 code lines) but it
doesn't work to me yet (some pid problems)

Really thanks for helping and share ur knowledge

Damian

On Tue, Jun 25, 2024, 12:03 PM Oyvind Albrigtsen 
wrote:


There's also the rabbitmq-cluster agent, but that is also made for
OSP, and seems to wipe data during the start-action.

So the best way is probably to run it via the systemd unit file. Run
"pcs resource list systemd" to find it, and create it the same way
(it doesnt take any parameters, so settings has to be set in e.g.
the config files in /etc/ or similar).


Oyvind Albrigtsen

On 25/06/24 11:48 GMT, Damiano Giuliani wrote:
>I Ken, thanks for answering.
>Yes unfortunately the rabbitmq-cluster agent wipe everything and losing
our
>quorum queue is not an option 😄 we just learnt after a power interrupion
>this! I was super confident about the agent really didn't expected a
>complete wipe and rebuild!lession learned!
>
>If somebody con join the conversation and share how achieve high
>availability rabbimq with pacemaker helping me I would really appreciate!
>
>On Mon, Jun 24, 2024, 5:19 PM Ken Gaillot  wrote:
>
>> Hi,
>>
>> The rabbitmq-cluster agent was written specifically for the OpenStack
>> use case, which is fine with recreating the cluster from scratch after
>> problems. I'm not sure about the other two, and I'm not really familiar
>> with any of the agents. Hopefully someone with more experience with
>> RabbitMQ can jump in.
>>
>> On Thu, 2024-06-20 at 10:33 +0200, Damiano Giuliani wrote:
>> > Hi,
>> >
>> > hope you guys can help me,
>> >
>> > we have builded up a rabbitmq cluster using pacemaker resource called
>> > rabbitmq-cluster.
>> > everything works as exptected till for maintenance reason, we shutted
>> > down the entire cluster gracefully.
>> > at the startup we noticed all the user and permissions were dropped
>> > and probably also the quorum queues.
>> > So investigating the resource agent (rabbitmq-cluster), i find out it
>> > callss this wipe function
>> >
>> > rmq_wipe_data()
>> > {
>> > rm -rf $RMQ_DATA_DIR > /dev/null 2>&1
>> > }
>> >
>> > when the first start function is called
>> >
>> > rmq_start_first()
>> > {
>> > local rc
>> >
>> > ocf_log info "Bootstrapping rabbitmq cluster"
>> > rmq_wipe_data
>> > rmq_init_and_wait
>> > rc=$?
>> >
>> > So probably when all the cluster is fired up by pacemaker all the
>> > rabbitmq istances are wiped out.
>> >
>> > the rabbitmq-cluster is quite old (3-4yo) and probably didnt take
>> > into account quorum queues which are presistent, so a full wipe is
>> > not acceptable.
>> >
>> > So i moved to the RA called rabbitmq-server-ha which is quite huge
>> > and big script but im a bit lost because i notice also this one seems
>> > cleans mnesia folder.
>> >
>> > So the third and last one is the RA rabbitmq-server  which seems
>> > simple resoruce but not manage cluster status but only simple actions
>> > like start stop etc.
>> > i could probably build the cluster using this one + rabbitmq.conf
>> > file where i defined cluster istances, something like this.
>> >
>>
https://www.rabbitmq.com/docs/cluster-formation#peer-discovery-classic-config
>> >
>> > so im a bit lost because seems there is no easy way to build up a
>> > rabbitmq cluster using pacemaker.
>> >
>> > can you guys help me heading on the correct way?
>> >
>> > thanks
>> >
>> > Damiano
>> >
>> >
>> >
>> >
>> > ___
>

Re: [ClusterLabs] clutering rabbitmq

2024-06-25 Thread Oyvind Albrigtsen

There's also the rabbitmq-cluster agent, but that is also made for
OSP, and seems to wipe data during the start-action.

So the best way is probably to run it via the systemd unit file. Run
"pcs resource list systemd" to find it, and create it the same way
(it doesnt take any parameters, so settings has to be set in e.g.
the config files in /etc/ or similar).


Oyvind Albrigtsen

On 25/06/24 11:48 GMT, Damiano Giuliani wrote:

I Ken, thanks for answering.
Yes unfortunately the rabbitmq-cluster agent wipe everything and losing our
quorum queue is not an option 😄 we just learnt after a power interrupion
this! I was super confident about the agent really didn't expected a
complete wipe and rebuild!lession learned!

If somebody con join the conversation and share how achieve high
availability rabbimq with pacemaker helping me I would really appreciate!

On Mon, Jun 24, 2024, 5:19 PM Ken Gaillot  wrote:


Hi,

The rabbitmq-cluster agent was written specifically for the OpenStack
use case, which is fine with recreating the cluster from scratch after
problems. I'm not sure about the other two, and I'm not really familiar
with any of the agents. Hopefully someone with more experience with
RabbitMQ can jump in.

On Thu, 2024-06-20 at 10:33 +0200, Damiano Giuliani wrote:
> Hi,
>
> hope you guys can help me,
>
> we have builded up a rabbitmq cluster using pacemaker resource called
> rabbitmq-cluster.
> everything works as exptected till for maintenance reason, we shutted
> down the entire cluster gracefully.
> at the startup we noticed all the user and permissions were dropped
> and probably also the quorum queues.
> So investigating the resource agent (rabbitmq-cluster), i find out it
> callss this wipe function
>
> rmq_wipe_data()
> {
> rm -rf $RMQ_DATA_DIR > /dev/null 2>&1
> }
>
> when the first start function is called
>
> rmq_start_first()
> {
> local rc
>
> ocf_log info "Bootstrapping rabbitmq cluster"
> rmq_wipe_data
> rmq_init_and_wait
> rc=$?
>
> So probably when all the cluster is fired up by pacemaker all the
> rabbitmq istances are wiped out.
>
> the rabbitmq-cluster is quite old (3-4yo) and probably didnt take
> into account quorum queues which are presistent, so a full wipe is
> not acceptable.
>
> So i moved to the RA called rabbitmq-server-ha which is quite huge
> and big script but im a bit lost because i notice also this one seems
> cleans mnesia folder.
>
> So the third and last one is the RA rabbitmq-server  which seems
> simple resoruce but not manage cluster status but only simple actions
> like start stop etc.
> i could probably build the cluster using this one + rabbitmq.conf
> file where i defined cluster istances, something like this.
>
https://www.rabbitmq.com/docs/cluster-formation#peer-discovery-classic-config
>
> so im a bit lost because seems there is no easy way to build up a
> rabbitmq cluster using pacemaker.
>
> can you guys help me heading on the correct way?
>
> thanks
>
> Damiano
>
>
>
>
> ___
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
--
Ken Gaillot 

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/




___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.14.0

2024-04-24 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.14.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.14.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - doc: writing-python-agents: add description of is_probe() and distro()
 - all agents: remove -S state/status that are either ignored, or
   give an error message in newer versions of Pacemaker
 - configure: fix "C preprocessor "gcc -E" fails sanity check" error
   caused by autoconf 2.72
 - configure: prepare to not build with -ansi by default in the future
 - docs: writing-python-agents: update required Python version to 3.6+
 - spec: use /usr/sbin paths for Fedora 40+
 - LVM-activate: avoid false positive for VG activation (fail when
   system_id_source and volume_list are set)
 - aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
   parameter and AWS Policy based authentication type
 - azure-lb: support IPv6 with Azure load balancer when using socat
 - db2: fix OCF_SUCESS typo in db2_notify
 - docker: return OCF_NOT_RUNNING when Docker isn't running
 - findif.sh: fix corner cases
 - findif.sh: fix loopback handling
 - findif: check that netmaskbits != EOS in addition to != NULL in all cases
 - galera: allow joiner to report non-Primary during initial IST
 - nfsserver: fix "server scope" functionality for both potentially other
   dropins AND multiple ExecStart
 - ocivip: fix PRIMARY_IFACE variable when it returns two lines
 - openstack-info: ensure no newlines in openstack_ports
 - portblock: accept numeric protocol from iptables (to fix regression in
   iptables 1.8.9 that has shipped in some distros)
 - portblock: remove write to tcp_tw_recycle
 - storage_mon: fix file handler out of scope leak and uninitialized values
 - storage_mon: use memset() to fix "uninitialized value" covscan error,
   as qb_ipcc_recv() will always set a message

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.14.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.14.0 rc1

2024-04-17 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.14.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.14.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - all agents: remove -S state/status that are either ignored, or
   give an error message in newer versions of Pacemaker
 - configure: fix "C preprocessor "gcc -E" fails sanity check" error
   caused by autoconf 2.72
 - configure: prepare to not build with -ansi by default in the future
 - docs: writing-python-agents: update required Python version to 3.6+
 - spec: use /usr/sbin paths for Fedora 40+
 - LVM-activate: avoid false positive for VG activation (fail when
   system_id_source and volume_list are set)
 - aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
   parameter and AWS Policy based authentication type
 - azure-lb: support IPv6 with Azure load balancer when using socat
 - db2: fix OCF_SUCESS typo in db2_notify
 - docker: return OCF_NOT_RUNNING when Docker isn't running
 - findif.sh: fix corner cases
 - findif.sh: fix loopback handling
 - findif: check that netmaskbits != EOS in addition to != NULL in all cases
 - galera: allow joiner to report non-Primary during initial IST
 - nfsserver: fix "server scope" functionality for both potentially other
   dropins AND multiple ExecStart
 - ocivip: fix PRIMARY_IFACE variable when it returns two lines
 - openstack-info: ensure no newlines in openstack_ports
 - portblock: accept numeric protocol from iptables (to fix regression in
   iptables 1.8.9 that has shipped in some distros)
 - portblock: remove write to tcp_tw_recycle
 - storage_mon: fix file handler out of scope leak and uninitialized values
 - storage_mon: use memset() to fix "uninitialized value" covscan error,
   as qb_ipcc_recv() will always set a message

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.14.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.14.0

2024-04-08 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.14.0:
4.14.0-rc1: Apr 17.
4.14.0: Apr 24.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.13.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 154 issues and 48 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.14.0

2024-04-08 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.14.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.14.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_ovm (Oracle VM)

- bugfixes and enhancements:
 - all agents: update metadata from I/O to e.g. Power, Network, etc for non-I/O 
agents
 - lib/all agents: use r"" for all regular expressions to avoid SyntaxWarning 
errors
 - fence_aliyun: add credentials file support
 - fence_vmware_rest : report error if the API user has insufficient rights to 
manage
   the fence device
 - fence_zvmip: fix manpage formatting

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.13.1...v4.14.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] deployment of Pacemaker in GCE

2024-03-08 Thread Oyvind Albrigtsen

On 07/03/24 02:28 +, Ali Shahbazifakhr via Users wrote:

Hello,

I am reaching out to inquire about the usage of Pacemaker on Google Compute 
Engine (GCE), specifically in conjunction with Managed Instance Groups (MIG). 
Our team is currently exploring options for implementing high availability and 
failover solutions within our infrastructure on GCE, and we believe that 
Pacemaker may be a viable option for achieving this.

Could you kindly provide some insights into how Pacemaker is utilized within 
the GCE environment, particularly in scenarios involving Managed Instance 
Groups? We are interested in understanding the design considerations and best 
practices for implementing Pacemaker with MIG instances.

Additionally, if there are any documentation resources available that explain 
the design and implementation of Pacemaker with MIG instances on GCE, we would 
greatly appreciate it if you could point us in the right direction

I dont have any experience with MIG, but from a quick look it seems
like it can be used to replace and/or autoscale, so I would suggest
not replacing the nodes (as Pacemaker takes care of badly behaving
nodes), and you will have to use "pcs host auth " and "pcs
cluster node add "/"pcs cluster node remove " to
add/remove nodes if you use the autoscale functionality.

You can use fence_gce to fence (reboot) badly behaving nodes:
https://github.com/ClusterLabs/fence-agents/blob/main/agents/gce/fence_gce.py

and the gcp-* agents handle IPs, routes, disks, or load balancer(s):
https://github.com/ClusterLabs/resource-agents/tree/main/heartbeat

There is metadata/desc sections in the code of the agents, so you can
find all the info without having to install the packages.

If you're new to Pacemaker this is a good introduction:
https://www.clusterlabs.org/pacemaker/doc/2.1/Clusters_from_Scratch/singlehtml/

For software that doesnt have a resource agent you can let Pacemaker handle it
via it's systemd or init services/scripts, or make your own agent if
you need e.g. additional monitoring to check that the service is still
alive:
https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc


Oyvind


Looking forward to your response.


[CN100]
Ali Shahbazi
Specialist Enterprise Architecture | IoT Industrial, Solutions System 
Engineering |
T:  | C: 403-702-3093
What's New at CN | Quoi de neuf au 
CN





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Questionsabout GCP VIP setup

2024-02-29 Thread Oyvind Albrigtsen

On 28/02/24 22:26 +, Strahil Nikolov wrote:

Hi Oyvind
I found your e-mail in my spam folder.It seems 'gcloud-ra' doesn't exits and 
it's not needed for the fence agent or the gcp-vpc-move-vip.

Yeah. It was needed in earlier RHELs before we replaced the agents
with Python agents using libraries instead of the CLI tool.

You might still have to install gcloud from the link below if it's
needed to setup your credentials for the agent.

gcloud-ra was just included version that was needed for the agents to
work, and also could be used to setup your credentials. The binary was
simply renamed to gcloud-ra to allow customers to install newer
version alongside it if they needed some newer features.


Oyvind


Best Regards,Strahil Nikolov

 On Wed, Feb 7, 2024 at 13:26, Oyvind Albrigtsen wrote:   
On 07/02/24 11:15 +, Strahil Nikolov via Users wrote:

Hi All,
This is my first cluster in the cloud and I have 2 questions that I'm hoping to 
get a clue.
1. Where I can find the 'gcloud-ra' binary on EL9 system ? I have installed 
resource-agents-cloud but I can't find it.

You need to install gcloud from Google's repository: 
https://cloud.google.com/sdk/gcloud

2. Is gcp-vpc-move-vip a good approach to setup the VIP ?

It should be, yeah. Run "pcs resource describe gcp-vpc-move-vip" for
more info. There's also gcp-vpc-move-route to move a floating IP by
changing an entry in the routing table.


Oyvind

Best Regards,Strahil Nikolov



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] ocf:heartbeat:IPsrcaddr generated failed probe "[findif] failed" on inactive nodes

2024-02-07 Thread Oyvind Albrigtsen

On 07/02/24 14:57 +0100, Adam Cecile wrote:

On 2/7/24 09:49, Oyvind Albrigtsen wrote:

On 07/02/24 09:35 +0100, Adam Cecile wrote:

Hello,


Crm_mon show these errors on my cluster, while everything is 
working as expected:


Failed Resource Actions:
  * Default-Public-IPv4-Is-Default-Src probe on gw-3.domain 
returned 'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 
after 49ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-1.domain 
returned 'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 
after 48ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-2.domain 
returned 'error' ([findif] failed) at Wed Feb  7 08:02:31 2024 
after 64ms


I think pacemaker is unable to check default source address on 
node which are not currently owning the IP addresses, which is 
expected. However Default-Public-IPv4-Is-Default-Src is +INF 
colocated with public IP addresses, so I do not understand why 
such errors are generated on inactive nodes.

This is the probe-action, which will check whether the resource has
the expected status (e.g. stopped for nodes where it's not running).

You can either setup another IP on the same network on the interface
to avoid these errors, or setting cidr_netmask and interface might help.

IPsrcaddr doesnt advertise the interface parameter, so you probably
have to do e.g. "pcs resource update -f
Default-Public-IPv4-Is-Default-Src nic=" to set it anyways,
so findif will be able to use it.

Thanks ! You got it, it was indeed related to that. I tried setting up 
"nic" but it told me the parameter did not exist so I guessed it was 
not possible.


Is that normal to use "private" attribute with --force ?

Nice. It should be announced, so --force is just a way to override it.

I'll make a patch to add it, so the parameters are listed for others
who might use it without another IP in the IP-range on the NIC.




Oyvind Albrigtsen


Here are some config extracts:

primitive Default-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.1 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive IPSEC-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.2 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

primitive Public-IPv4-Gateway Route \
    params destination="0.0.0.0/0" device=eth1 gateway=1.1.1.254 \
    op monitor interval=30 \
    op reload interval=0s timeout=20s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive Default-Public-IPv4-Is-Default-Src IPsrcaddr \
    params cidr_netmask=24 ipaddress=1.1.1.1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

colocation colocation-Default-Public-IPv4-Is-Default-Src-Default-Public-IPv4-INFINITY 
+inf: Default-Public-IPv4-Is-Default-Src Default-Public-IPv4
colocation 
colocation-Default-Public-IPv4-Public-IPv4-Gateway-INFINITY +inf: 
Default-Public-IPv4 Public-IPv4-Gateway
colocation 
colocation-IPSEC-Public-IPv4-Public-IPv4-Gateway-INFINITY +inf: 
IPSEC-Public-IPv4 Public-IPv4-Gateway


order order-Default-Public-IPv4-Default-Public-IPv4-Is-Default-Src-mandatory 
Default-Public-IPv4:start Default-Public-IPv4-Is-Default-Src:start
order order-Default-Public-IPv4-IPSEC-Public-IPv4-mandatory 
Default-Public-IPv4:start IPSEC-Public-IPv4:start
order order-Default-Public-IPv4-Public-IPv4-Gateway-mandatory 
Default-Public-IPv4:start Public-IPv4-Gateway:start



Any hint would be greatly appreciated !

Best regards, Adam.



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Questionsabout GCP VIP setup

2024-02-07 Thread Oyvind Albrigtsen

On 07/02/24 11:15 +, Strahil Nikolov via Users wrote:

Hi All,
This is my first cluster in the cloud and I have 2 questions that I'm hoping to 
get a clue.
1. Where I can find the 'gcloud-ra' binary on EL9 system ? I have installed 
resource-agents-cloud but I can't find it.

You need to install gcloud from Google's repository: 
https://cloud.google.com/sdk/gcloud

2. Is gcp-vpc-move-vip a good approach to setup the VIP ?

It should be, yeah. Run "pcs resource describe gcp-vpc-move-vip" for
more info. There's also gcp-vpc-move-route to move a floating IP by
changing an entry in the routing table.


Oyvind

Best Regards,Strahil Nikolov



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] ocf:heartbeat:IPsrcaddr generated failed probe "[findif] failed" on inactive nodes

2024-02-07 Thread Oyvind Albrigtsen

On 07/02/24 09:35 +0100, Adam Cecile wrote:

Hello,


Crm_mon show these errors on my cluster, while everything is working 
as expected:


Failed Resource Actions:
  * Default-Public-IPv4-Is-Default-Src probe on gw-3.domain returned 
'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 after 49ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-1.domain returned 
'error' ([findif] failed) at Wed Feb  7 08:00:22 2024 after 48ms
  * Default-Public-IPv4-Is-Default-Src probe on gw-2.domain returned 
'error' ([findif] failed) at Wed Feb  7 08:02:31 2024 after 64ms


I think pacemaker is unable to check default source address on node 
which are not currently owning the IP addresses, which is expected. 
However Default-Public-IPv4-Is-Default-Src is +INF colocated with 
public IP addresses, so I do not understand why such errors are 
generated on inactive nodes.

This is the probe-action, which will check whether the resource has
the expected status (e.g. stopped for nodes where it's not running).

You can either setup another IP on the same network on the interface
to avoid these errors, or setting cidr_netmask and interface might help.

IPsrcaddr doesnt advertise the interface parameter, so you probably
have to do e.g. "pcs resource update -f
Default-Public-IPv4-Is-Default-Src nic=" to set it anyways,
so findif will be able to use it.


Oyvind Albrigtsen


Here are some config extracts:

primitive Default-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.1 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive IPSEC-Public-IPv4 IPaddr2 \
    params cidr_netmask=24 ip=1.1.1.2 nic=eth1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

primitive Public-IPv4-Gateway Route \
    params destination="0.0.0.0/0" device=eth1 gateway=1.1.1.254 \
    op monitor interval=30 \
    op reload interval=0s timeout=20s \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s

primitive Default-Public-IPv4-Is-Default-Src IPsrcaddr \
    params cidr_netmask=24 ipaddress=1.1.1.1 \
    op monitor interval=30 \
    op start interval=0s timeout=20s \
    op stop interval=0s timeout=20s \
    meta target-role=Started

colocation colocation-Default-Public-IPv4-Is-Default-Src-Default-Public-IPv4-INFINITY 
+inf: Default-Public-IPv4-Is-Default-Src Default-Public-IPv4
colocation colocation-Default-Public-IPv4-Public-IPv4-Gateway-INFINITY 
+inf: Default-Public-IPv4 Public-IPv4-Gateway
colocation colocation-IPSEC-Public-IPv4-Public-IPv4-Gateway-INFINITY 
+inf: IPSEC-Public-IPv4 Public-IPv4-Gateway


order 
order-Default-Public-IPv4-Default-Public-IPv4-Is-Default-Src-mandatory 
Default-Public-IPv4:start Default-Public-IPv4-Is-Default-Src:start
order order-Default-Public-IPv4-IPSEC-Public-IPv4-mandatory 
Default-Public-IPv4:start IPSEC-Public-IPv4:start
order order-Default-Public-IPv4-Public-IPv4-Gateway-mandatory 
Default-Public-IPv4:start Public-IPv4-Gateway:start



Any hint would be greatly appreciated !

Best regards, Adam.



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] ocf test IPaddr2

2023-11-27 Thread Oyvind Albrigtsen

It would fail if the find interface function doesnt find the
interface for the IP, but in this case you've specified netmask and
nic, so it wont fail that test.

You can use it with the ocf:pacemaker:ping agent which will fail if
the IP is unreachable.


Oyvind

On 24/11/23 17:09 +, Fabrizio Lombardozzi wrote:

Hi all,
is it normal that test is always passed even with a non used IP?

[root@...~]# ping 10.10.62.87
PING 10.10.62.87 (10.10.62.87) 56(84) bytes of data.
From 10.10.62.83 icmp_seq=1 Destination Host Unreachable
From 10.10.62.83 icmp_seq=2 Destination Host Unreachable
From 10.10.62.83 icmp_seq=3 Destination Host Unreachable
^C
--- 10.10.62.87 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3067ms
pipe 4
[root@rmslv-sam-cs9-coll01 ~]# arp 10.10.62.87
Address  HWtype  HWaddress   Flags MaskIface
10.10.62.87  (incomplete)  
ens192

is this the right syntax?
[root@... ~]# ocf-tester  -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 -o 
nic=ens192  /usr/lib/ocf/resource.d/heartbeat/IPaddr2
Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
* Your agent does not support the notify action (optional)
* Your agent does not support the demote action (optional)
* Your agent does not support the promote action (optional)
* Your agent does not support promotable clones (optional)
* Your agent does not support the reload action (optional)
/usr/lib/ocf/resource.d/heartbeat/IPaddr2 passed all tests


here is the verbose output:

[root@... ~]# ocf-tester -v  -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 
-o nic=ens192  /usr/lib/ocf/resource.d/heartbeat/IPaddr2
Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
Testing permissions with uid nobody
Testing: meta-data
Testing: meta-data



1.0


This Linux-specific resource manages IP alias IP addresses.
It can add an IP alias, or remove one.
In addition, it can implement Cluster Alias IP functionality
if invoked as a clone resource.

If used as a clone, "shared address with a trivial, stateless
(autonomous) load-balancing/mutual exclusion on ingress" mode gets
applied (as opposed to "assume resource uniqueness" mode otherwise).
For that, Linux firewall (kernel and userspace) is assumed, and since
recent distributions are ambivalent in plain "iptables" command to
particular back-end resolution, "iptables-legacy" (when present) gets
prioritized so as to avoid incompatibilities (note that respective
ipt_CLUSTERIP firewall extension in use here is, at the same time,
marked deprecated, yet said "legacy" layer can make it workable,
literally, to this day) with "netfilter" one (as in "iptables-nft").
In that case, you should explicitly set clone-node-max >= 2,
and/or clone-max < number of nodes. In case of node failure,
clone instances need to be re-allocated on surviving nodes.
This would not be possible if there is already an instance
on those nodes, and clone-node-max=1 (which is the default).

When the specified IP address gets assigned to a respective interface, the
resource agent sends unsolicited ARP (Address Resolution Protocol, IPv4) or NA
(Neighbor Advertisement, IPv6) packets to inform neighboring machines about the
change. This functionality is controlled for both IPv4 and IPv6 by shared
'arp_*' parameters.


Manages virtual IPv4 and IPv6 addresses (Linux specific 
version)




The IPv4 (dotted quad notation) or IPv6 address (colon hexadecimal notation)
example IPv4 "192.168.1.1".
example IPv6 "2001:db8:DC28:0:0:FC57:D4C8:1FFF".

IPv4 or IPv6 address




The base network interface on which the IP address will be brought
online.
If left empty, the script will try and determine this from the
routing table.

Do NOT specify an alias interface in the form eth0:1 or anything here;
rather, specify the base interface only.
If you want a label, see the iflabel parameter.

Prerequisite:

There must be at least one static IP address, which is not managed by
the cluster, assigned to the network interface.
If you can not assign any static IP address on the interface,
modify this kernel parameter:

sysctl -w net.ipv4.conf.all.promote_secondaries=1 # (or per device)

Network interface





The netmask for the interface in CIDR format
(e.g., 24 and not 255.255.255.0)

If unspecified, the script will also try to determine this from the
routing table.

CIDR netmask





Broadcast address associated with the IP. It is possible to use the
special symbols '+' and '-' instead of the broadcast address. In this
case, the broadcast address is derived by setting/resetting the host
bits of the interface prefix.

Broadcast address





You can specify an additional label for your IP address here.
This label is appended to your interface name.

The kernel allows alphanumeric labels up to a maximum length of 15
characters including the interface name and colon (e.g. eth0:foobar1234)

A label can be specified in nic parameter but it

Re: [ClusterLabs] IPaddr2 clone deprecated

2023-10-20 Thread Oyvind Albrigtsen

Hi Damiano,

The clusterip functionality was removed from the kernel, and we havent
currently been able to find a way to use the suggested replacement to
perform the same kind of logic:
https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables#cluster


Oyvind

On 20/10/23 11:49 +0200, Damiano Giuliani wrote:

Hi guys,

im trying to create a IPaddr2 cloned resource for one of my project.
i need some kind of simple but effective loadbalancer for my rabbitmq
cluster managed by pacemaker.
My current SO is Almalinux 8.6.
seems IPaddr2 coned resource is not working / supported anymore, probably
because CLUSTERIP is not viable in the latest releases.
if i remeber well on centos7 no issues related.

could u explain me a little bit more ?

below the errors i got:

ClusterIP_start_0 on pcsnode1 'unknown error' (1): call=40,
status=complete, exitreason='iptables failed',

ERROR: iptables failed
Oct 18 10:18:18 rabbitvm1 pacemaker-controld[32192]: notice: Result of
start operation for rabbitmq-vip on rabbitvm1: error (iptables failed)
Oct 18 10:18:18 rabbitvm1 pacemaker-controld[32192]: notice:
rabbitmq-vip_start_0@rabbitvm1 output [ iptables v1.8.4 (nf_tables):
chain name not allowed to start with `-'\n\nTry `iptables -h' or
'iptables --help' for more information.\nocf-exit-reason:iptables
failed\n ]



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.13.1

2023-10-17 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.13.1, which is a
bugfix release for v4.13.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.13.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_azure_arm: fix get virtual machines call for new versions of
   Azure SDK

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.13.0

2023-10-11 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.13.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.13.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - findif.sh: dont use table parameter as it returns no netmask
 - iSCSILogicalUnit/iSCSITarget: add support for scst
 - Delay: increase stop, status and monitor timeouts to 40s to avoid failing
   with default values
 - Delay: remove statement about defaulting to "startdelay" value if not 
specified
 - Filesystem: create systemd drop-in for network filesystems
 - Filesystem: fail if AWS efs-utils not installed when fstype=efs
 - Filesystem: improve stop-action and allow setting term/kill signals and
   signal_delay for large filesystems
 - Filesystem: list_mounts: fix mount command output parsing
 - IPaddr2/IPsrcaddr: add/modify table parameter to be able to find interface
   while using policy based routing
 - IPv6addr: expect ping/pong delay
 - LVM-activate: add degraded_activation and majority_pvs parameters to allow
   failover with missing PVs
 - ZFS: improve volume imported check for newer ZFS releases (#1853)
 - azure-events*: fix for no "Transition Summary" for Pacemaker 2.1+
 - db2: avoid eval with unsanitized values (#1838)
 - ethmonitor: dont log "Interface does not exist" for monitor-action
 - exportfs: make the "fsid=" parameter optional
 - exportfs: move testdir() to start-action to avoid failing during resource
   creation (validate-all) and make it create the directory if it doesnt exist
 - mysql-common: point to log file when start-action fails (#1887)
 - mysql: fix promotion_score bouncing between ~3600 and 1 on demoted nodes
 - mysql: promotable fixes to avoid nodes getting bounced around by setting -v 
1/-v 2,
   and added OCF_CHECK_LEVEL=10 for promotable resources to be able to
   distinguish between promoted and not
 - nfsserver: fix "server scope" functionality to live with additional drop-in 
files
 - nfsserver: prepare the layout for the default /var/lib/nfs if 
nfs_shared_infodir
   isnt defined
 - ocf-shellfuncs: Explicitly specify $OCF_RESOURCE_INSTANCE in the -p parameter
   for compatibility
 - pgsql: dont run promotable and file checks that could be on shared storage
   during validate-all action
 - postfix: update permission check from su to runuser/su (#1880)
 - spec: Migrate to SPDX license
 - spec: remove JFLAGS logic and use %{_smp_mflags} like we do in other projects
 - storage-mon: add daemon/client mode

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.13.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.13.0

2023-10-10 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.13.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.13.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_eaton_ssh

- bugfixes and enhancements:
 - fence_aliyun: support filter for list-action
 - fence_amt/fence_ipmilan/fence_ironic: use shlex instead of pipes when
   available, as pipes is deprecated and will be removed in Python 3.13
 - fence_aws: fail when power action request fails
 - fence_aws: fixes to allow running outside of AWS network
 - fence_azure_arm: add stack cloud support
 - fence_ibm_powervs: improved performance (#542)
 - fence_ipmilan: fix typo in description (#553)
 - fence_scsi: add support for space-separated devices and update in meta-data
 - fence_scsi: automatically detect devices for shared VGs
 - fence_scsi: fix registration handling if ISID conflicts ISID (Initiator
   Session ID) belonging to I_T Nexus changes for RHEL based on the session ID.
   This means that the connection to the device can be set up with different
   ISID on reconnects.
 - fence_scsi: fix registration handling in device 'off' workflows for ISID
 - fence_zvmip: update longdesc to document all required functions
 - fencing: add error message for EC_GENERIC_ERROR
 - build: add test-fencing rule and make it part of "make check"
 - configure: require 3.6 or higher
 - doc: add fa-dev-guide
 - spec: Migrate to SPDX license
 - spec: remove rhel7/centos7 specific Reqs/BuildReqs and BR for
   python-novaclient and python-keystoneclient which arent needed anymore

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.12.1...v4.13.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.13.0 rc1

2023-10-04 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.13.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.13.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - iSCSILogicalUnit/iSCSITarget: add support for scst
 - Delay: increase stop, status and monitor timeouts to 40s to avoid failing
   with default values
 - Delay: remove statement about defaulting to "startdelay" value if not 
specified
 - Filesystem: create systemd drop-in for network filesystems
 - Filesystem: fail if AWS efs-utils not installed when fstype=efs
 - Filesystem: improve stop-action and allow setting term/kill signals and
   signal_delay for large filesystems
 - Filesystem: list_mounts: fix mount command output parsing
 - IPaddr2/IPsrcaddr: add/modify table parameter to be able to find interface
   while using policy based routing
 - IPv6addr: expect ping/pong delay
 - LVM-activate: add degraded_activation and majority_pvs parameters to allow
   failover with missing PVs
 - ZFS: improve volume imported check for newer ZFS releases (#1853)
 - azure-events*: fix for no "Transition Summary" for Pacemaker 2.1+
 - db2: avoid eval with unsanitized values (#1838)
 - ethmonitor: dont log "Interface does not exist" for monitor-action
 - exportfs: make the "fsid=" parameter optional
 - exportfs: move testdir() to start-action to avoid failing during resource
   creation (validate-all) and make it create the directory if it doesnt exist
 - mysql-common: point to log file when start-action fails (#1887)
 - mysql: fix promotion_score bouncing between ~3600 and 1 on demoted nodes
 - mysql: promotable fixes to avoid nodes getting bounced around by setting -v 
1/-v 2,
   and added OCF_CHECK_LEVEL=10 for promotable resources to be able to
   distinguish between promoted and not
 - nfsserver: fix "server scope" functionality to live with additional drop-in 
files
 - nfsserver: prepare the layout for the default /var/lib/nfs if 
nfs_shared_infodir
   isnt defined
 - ocf-shellfuncs: Explicitly specify $OCF_RESOURCE_INSTANCE in the -p parameter
   for compatibility
 - pgsql: dont run promotable and file checks that could be on shared storage
   during validate-all action
 - postfix: update permission check from su to runuser/su (#1880)
 - spec: Migrate to SPDX license
 - spec: remove JFLAGS logic and use %{_smp_mflags} like we do in other projects
 - storage-mon: add daemon/client mode

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.13.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.13.0

2023-09-25 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.13.0:
4.13.0-rc1: Oct  4.
4.13.0: Oct 11.

The storage-mon resource agent has got a new daemon mode that can
be enabled to avoid child processes remaining stuck after I/O has been
unresponsive, so make sure to give it some additional testing. It can
be enabled by setting daemonize=true and check_interval can be used to
change from the default (30s).

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.12.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 154 issues and 48 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] PostgreSQL HA on EL9

2023-09-14 Thread Oyvind Albrigtsen

If you're using network filesystems with the Filesystem agent this
patch might solve your issue:
https://github.com/ClusterLabs/resource-agents/pull/1869


Oyvind

On 13/09/23 17:56 +, Larry G. Mills via Users wrote:


On my RHEL 9 test cluster, both "reboot" and "systemctl reboot" wait
for the cluster to stop everything.

I think in some environments "reboot" is equivalent to "systemctl
reboot --force" (kill all processes immediately), so maybe see if
"systemctl reboot" is better.

>
> On EL7, this scenario caused the cluster to shut itself down on the
> node before the OS shutdown completed, and the DB resource was
> stopped/shutdown before the OS stopped.  On EL9, this is not the
> case, the DB resource is not stopped before the OS shutdown
> completes.  This leads to errors being thrown when the cluster is
> started back up on the rebooted node similar to the following:
>


Ken,

Thanks for the reply - and that's interesting that RHEL9 behaves as expected and AL9 seemingly doesn't.   I 
did try shutting down via "systemctl reboot", but the cluster and resources were still not stopped 
cleanly before the OS stopped.  In fact, the commands "shutdown" and "reboot" are just 
symlinks to systemctl on AL9.2, so that make sense why the behavior is the same.

Just as a point of reference, my systemd version is: systemd.x86_64 
252-14.el9_2.3

Larry
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] General questions on fencing code

2023-07-19 Thread Oyvind Albrigtsen

On 19/07/23 11:24 +0300, Or Raz wrote:

Hi all,
I was looking at the fencing code and I have two questions:

  1. What is the use of the autodetect agent
  ?
  I didn't see any fence_autodetect agent

That's a project on-hold.

  2. What is the use of *.py.py* extension in the files under lib directory
  ?

This is just like the fence agents. The final .py gets removed during
build when Python binary (@PYTHON@), libdir (@FENCEAGENTSLIBDIR@), and other 
@..@ values get replaced by what configure has detected.


Oyvind


Best regards,
*OR*



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] [EXT] Fence Agents Format

2023-07-13 Thread Oyvind Albrigtsen

On 13/07/23 09:45 +0200, Oyvind Albrigtsen wrote:

On 12/07/23 12:57 +, Windl, Ulrich wrote:

Hi!

Some time ago, I had been asking for an improved fencing agent specification, 
because the existing documents made it impossible for me to write a fencing 
agent. I guess with such documentation, the questions below could have been 
answered as well...

I finally got started on it a week or so ago, so hopefully I'll be
able to upload a draft soon.

Here's my initial PR for the new dev guide:
https://github.com/ClusterLabs/fence-agents/pull/552

Oyvind



Oyvind


Regards,
Ulrich

-Original Message-
From: Users  On Behalf Of Or Raz
Sent: Monday, July 10, 2023 11:00 AM
To: users@clusterlabs.org
Subject: [EXT] [ClusterLabs] Fence Agents Format

Hi all,
My team has been working on a new operator which uses some of your Fence Agents (FA, 
i.e. fence_aws, fence_ipmilan, and etc.) to remediate an unhealthy Kubernetes node 
(see fence-agents-remediation 
<https://github.com/medik8s/fence-agents-remediation> ).
After looking on the recommended attributes for new FAs 
<https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md#attribute-specifications>
 , and the valid action attribute values 
<https://github.com/ClusterLabs/fence-agents/blob/main/doc/FenceAgentAPI.md#agent-operations-and-return-values>
 ,
I have some questions on the structure/format of the FAs command attributes and 
their responses:

1.  Will running a fence-agent without mentioning the action field will always choose 
the reboot option (e.g. the following call will reboot the node "fence_aws 
--access-key ACCESS_KEY --secret-key SECRET_KEY --plug i-INSTANCE_ID --region 
AWS_REGION")?
2.  Are there any must-have fields which are shared between all the FAs 
that you support? I assume the answer is no, since I didn't see any must fields 
which are mutual between fence_aws, and fence_ipmilan for instance. A must 
field is a field which is required for running the FA (e.g. access-key for 
fence_aws).
3.  Do the result responses to the FA are identical per action? E.g. For 
the reboot action, I have seen that on success I always receive `Success: 
Rebooted` for fence_aws, and fence_ipmilan. I am an uncertain whether that is 
correct for all the FAs.

Best regards,

OR

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] [EXT] Fence Agents Format

2023-07-13 Thread Oyvind Albrigtsen

On 12/07/23 12:57 +, Windl, Ulrich wrote:

Hi!

Some time ago, I had been asking for an improved fencing agent specification, 
because the existing documents made it impossible for me to write a fencing 
agent. I guess with such documentation, the questions below could have been 
answered as well...

I finally got started on it a week or so ago, so hopefully I'll be
able to upload a draft soon.


Oyvind


Regards,
Ulrich

-Original Message-
From: Users  On Behalf Of Or Raz
Sent: Monday, July 10, 2023 11:00 AM
To: users@clusterlabs.org
Subject: [EXT] [ClusterLabs] Fence Agents Format

Hi all,
My team has been working on a new operator which uses some of your Fence Agents (FA, 
i.e. fence_aws, fence_ipmilan, and etc.) to remediate an unhealthy Kubernetes node 
(see fence-agents-remediation 
 ).
After looking on the recommended attributes for new FAs 

 , and the valid action attribute values 

 ,
I have some questions on the structure/format of the FAs command attributes and 
their responses:

1.  Will running a fence-agent without mentioning the action field will always choose 
the reboot option (e.g. the following call will reboot the node "fence_aws 
--access-key ACCESS_KEY --secret-key SECRET_KEY --plug i-INSTANCE_ID --region 
AWS_REGION")?
2.  Are there any must-have fields which are shared between all the FAs 
that you support? I assume the answer is no, since I didn't see any must fields 
which are mutual between fence_aws, and fence_ipmilan for instance. A must 
field is a field which is required for running the FA (e.g. access-key for 
fence_aws).
3.  Do the result responses to the FA are identical per action? E.g. For 
the reboot action, I have seen that on success I always receive `Success: 
Rebooted` for fence_aws, and fence_ipmilan. I am an uncertain whether that is 
correct for all the FAs.

Best regards,

OR

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Fence Agents Format

2023-07-10 Thread Oyvind Albrigtsen

On 10/07/23 12:00 +0300, Or Raz wrote:

Hi all,
My team has been working on a new operator which uses some of your Fence
Agents (FA, i.e. fence_aws, fence_ipmilan, and etc.) to remediate an
unhealthy Kubernetes node (see fence-agents-remediation
).
After looking on the recommended attributes for new FAs
,
and the valid *action *attribute values

,
I have some questions on the structure/format of the FAs command attributes
and their responses:

  1. Will running a fence-agent without mentioning the action field will
  always choose the *reboot* option (e.g. the following call will reboot
  the node "fence_aws --access-key ACCESS_KEY --secret-key SECRET_KEY --plug
  i-INSTANCE_ID --region AWS_REGION")?

That's the default, yeah. It's probably due to some earlier Pacemaker
versions not specifying action, so we avoid breaking the agents on
those versions by defaulting to the reboot-action.

  2. Are there any must-have fields which are shared between all the FAs
  that you support? I assume the answer is no, since I didn't see any must
  fields which are mutual between *fence_aws*, and *fence_ipmilan* for
  instance. A must field is a field which is required for running the FA
  (e.g. *access-key* for *fence_aws)*.

That depends on what kind of agent it is, so e.g. http(s) agents or
similar will require url and other parameters that are needed.

You can find a list of default/other groups of parameters depending on
agent when you add them via device_opt = [] here:
https://github.com/ClusterLabs/fence-agents/blob/main/lib/fencing.py.py#L492

and full list of common parameters:
https://github.com/ClusterLabs/fence-agents/blob/main/lib/fencing.py.py#L36

  3. Do the result responses to the FA are identical per action? E.g. For
  the *reboot* action, I have seen that on success I always receive
  `Success: Rebooted` for fence_aws, and fence_ipmilan. I am an
  uncertain whether that is correct for all the FAs.

They should, but you should use the return code to check the result.
https://github.com/ClusterLabs/fence-agents/blob/main/lib/fencing.py.py#L20-L32

You can run "echo $?" to show the result after running e.g. fence_aws
-o reboot manually to see which rc it returns, and use incorrect
credentials or similar to see the difference in rc when it fails.


Oyvind


Best regards,
*OR*



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.12.1

2023-01-27 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.12.1, which is a
bugfix release for v4.12.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.12.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fencing: add plug_separator to default DEPENDENCY_OPT
 - fence_scsi: skip key generation during validate-all action
 - fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout 
(20s) to remove tmp dirs on fail

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.12.0

2023-01-25 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.12.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.12.0

The most significant enhancements in this release are:
- new resource agents:
 - azure-events-az
 - iface-macvlan

- bugfixes and enhancements:
 - configure/spec: remove google-api-client BuildReq as the gcp-agents build 
fine without it
 - configure: fix bashisms
 - dev-guide: update default branch name
 - ocf-shellfuncs: add ocf_promotion_score() to use crm_attribute -p/crm_master 
depending on Pacemaker version
 - spec: remove redhat-lsb-core dependency (lsb_release)
 - spec: use cluster-glue-devel for opensuse > 15
 - all agents: update to promotable terms
 - CTDB: change public_addresses validate-all warning to info
 - CTDB: move process to root cgroup if realtime scheduling is enabled
 - Filesystem: improve logic for UUID/label and add note that 
/dev/disk/by-{uuid,label}/ are preferred on Linux
 - Filesystem: remove validate-all mountpoint warning as it is auto-created 
during start-action if it doesnt exist
 - IPsrcaddr: detect metric for main table only, and allow specifying metric if 
necessary
 - IPsrcaddr: fix PROTO regex
 - IPsrcaddr: fix monitor/status for default route not being equal to src IP 
before start, and change route src correctly in stop-action
 - IPsrcaddr: use scope host when using non-main tables
 - LVM-activate: use correct return codes to ensure correct action when failing
 - SAPInstance: be more resilient against broken kill.sap files (#1825)
 - VirtualDomain: replace error log messages with calls to ocf_exit_reason
 - WAS6: add missing ] to fix trap condition
 - aws-vpc-move-ip: allow to set the interface label
 - dnsupdate: add CNAME support (#1773)
 - docker-compose: fix number of containers/running containers logic
 - docker/podman/zabbixserver: replace error log messages with calls to 
ocf_exit_reason
 - ethmonitor/ovsmonitor/mariadb: check for bc binary
 - ethmonitor/ovsmonitor/pgsql: remove ignored attrd_updater "-q" parameter
 - exportfs: only grep in rmtab if it exists
 - galera/mariadb/mpathpersist/mysql/pgsql/sg_persist/Stateful: use 
ocf_promotion_score() to avoid issues with deprecated crm_master
 - galera/mpathpersist/sg_persist/IPsrcaddr: only check notify and promotable 
when OCF_CHECK_LEVEL=10
 - iSCSILogicalUnit: fix issue where resource was in stopped state when using 
allowed_initiators parameter (#1766)
 - lvmlockd: add "use_lvmlockd = 1" if it's commented out or missing
 - lvmlockd: fail when use_lvmlockd has not been set
 - mariadb: remove obsolete DEBUG_LOG functionality #1191
 - mysql-common: return error in stop-action if kill fails to stop the process, 
so the node can get fenced
 - mysql-proxy: update metadata to suggest secure location instead of 
/tmp/mysql-proxy.sock
 - nfsserver: add nfsv4_only parameter to make it run without rpc-statd/rpcbind 
services
 - ocf-tester: remove deprecated lrmd/lrmadmin code that hasnt worked since 
pre-pacemaker days
 - ocf-tester: use promotable terms
 - openstack-agents: set domain parameter's default to Default and fix missing 
parameter name in ocf_exit_reason
 - openstack-agents: warn when openstackcli is slow
 - openstack-cinder-volume: dont do volume_local_check during start/stop-action
 - openstack-floating-ip/openstack-virtual-ip: dont fail in validate() during 
probe-calls
 - openstack-floating-ip: fix awk only catching last id for node_port_ids
 - oracle: improve the error message if monpassword was not set. (#1767)
 - podman: add podman parameter error judgment (#1764)
 - portblock: implement blocking of outgoing ports
 - rabbitmq-server-ha: dont mkdir -p when getting meta-data or help
 - storage_mon: use the O_DIRECT flag in open() to eliminate cache effects
 - storage_mon: do random lseek even with O_DIRECT, etc
 - storage_mon: fix bug in checking of number of specified scores.
 - storage_mon: fix build-related issues
 - storage_mon: improve error messages when ioctl() fails
 - storage_mon: make -h exit just after printing help message (#1791)
 - storage_mon: fix bug in handling of child process exit
 - vdo-vol: dont fail probe action when the underlying device doesnt exist

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.12.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.12.0 rc1

2023-01-18 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.12.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.12.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - azure-events-az
 - iface-macvlan

- bugfixes and enhancements:
 - configure/spec: remove google-api-client BuildReq as the gcp-agents build 
fine without it
 - configure: fix bashisms
 - dev-guide: update default branch name
 - ocf-shellfuncs: add ocf_promotion_score() to use crm_attribute -p/crm_master 
depending on Pacemaker version
 - spec: remove redhat-lsb-core dependency (lsb_release)
 - spec: use cluster-glue-devel for opensuse > 15
 - all agents: update to promotable terms
 - CTDB: change public_addresses validate-all warning to info
 - CTDB: move process to root cgroup if realtime scheduling is enabled
 - Filesystem: improve logic for UUID/label and add note that 
/dev/disk/by-{uuid,label}/ are preferred on Linux
 - Filesystem: remove validate-all mountpoint warning as it is auto-created 
during start-action if it doesnt exist
 - IPsrcaddr: detect metric for main table only, and allow specifying metric if 
necessary
 - IPsrcaddr: fix PROTO regex
 - IPsrcaddr: fix monitor/status for default route not being equal to src IP 
before start, and change route src correctly in stop-action
 - IPsrcaddr: use scope host when using non-main tables
 - LVM-activate: use correct return codes to ensure correct action when failing
 - SAPInstance: be more resilient against broken kill.sap files (#1825)
 - VirtualDomain: replace error log messages with calls to ocf_exit_reason
 - WAS6: add missing ] to fix trap condition
 - aws-vpc-move-ip: allow to set the interface label
 - dnsupdate: add CNAME support (#1773)
 - docker-compose: fix number of containers/running containers logic
 - docker/podman/zabbixserver: replace error log messages with calls to 
ocf_exit_reason
 - ethmonitor/ovsmonitor/mariadb: check for bc binary
 - ethmonitor/ovsmonitor/pgsql: remove ignored attrd_updater "-q" parameter
 - exportfs: only grep in rmtab if it exists
 - galera/mariadb/mpathpersist/mysql/pgsql/sg_persist/Stateful: use 
ocf_promotion_score() to avoid issues with deprecated crm_master
 - galera/mpathpersist/sg_persist/IPsrcaddr: only check notify and promotable 
when OCF_CHECK_LEVEL=10
 - iSCSILogicalUnit: fix issue where resource was in stopped state when using 
allowed_initiators parameter (#1766)
 - lvmlockd: add "use_lvmlockd = 1" if it's commented out or missing
 - lvmlockd: fail when use_lvmlockd has not been set
 - mariadb: remove obsolete DEBUG_LOG functionality #1191
 - mysql-common: return error in stop-action if kill fails to stop the process, 
so the node can get fenced
 - mysql-proxy: update metadata to suggest secure location instead of 
/tmp/mysql-proxy.sock
 - nfsserver: add nfsv4_only parameter to make it run without rpc-statd/rpcbind 
services
 - ocf-tester: remove deprecated lrmd/lrmadmin code that hasnt worked since 
pre-pacemaker days
 - ocf-tester: use promotable terms
 - openstack-agents: set domain parameter's default to Default and fix missing 
parameter name in ocf_exit_reason
 - openstack-agents: warn when openstackcli is slow
 - openstack-cinder-volume: dont do volume_local_check during start/stop-action
 - openstack-floating-ip/openstack-virtual-ip: dont fail in validate() during 
probe-calls
 - openstack-floating-ip: fix awk only catching last id for node_port_ids
 - oracle: improve the error message if monpassword was not set. (#1767)
 - podman: add podman parameter error judgment (#1764)
 - portblock: implement blocking of outgoing ports
 - rabbitmq-server-ha: dont mkdir -p when getting meta-data or help
 - storage_mon: use the O_DIRECT flag in open() to eliminate cache effects
 - storage_mon: do random lseek even with O_DIRECT, etc
 - storage_mon: fix bug in checking of number of specified scores.
 - storage_mon: fix build-related issues
 - storage_mon: improve error messages when ioctl() fails
 - storage_mon: make -h exit just after printing help message (#1791)
 - storage_mon: fix bug in handling of child process exit
 - vdo-vol: dont fail probe action when the underlying device doesnt exist

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.12.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.12.0

2023-01-09 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.12.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.12.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_ecloud

- bugfixes and enhancements:
 - all agents: unify ssl parameters to avoid having to use --ssl when using 
--ssl-secure/--ssl-insecure for some agents
 - build: add FENCETMPDIR for state files
 - build: dont rm PKG_CHECK_VAR.m4 when running maintainer-clean
 - build: fix parallel build of lib/
 - build: make xml-check: ignore detected paths in *_file parameters not 
matching saved metadata
 - configure: check for google-auth instead of deprecated oauth2client
 - fencing: add ability to set bool parameters to 0 or false
 - fencing: add plug_separator parameter to be able to specify one that isnt 
part of the plug name(s)
 - fencing: add source_env()
 - spec: fix python3-suds dependency having changed name on opensuse 16+
 - fence_apc/fence_ilo_moonshot: add missing "import logging"
 - fence_apc: add support for firmware version 7 #475
 - fence_cdu: add 8i support (#471)
 - fence_gce: add httplib2 to try/except: pass
 - fence_gce: add timeouts and failure options (#458)
 - fence_gce: add user agent to API requests (#491)
 - fence_gce: inform that SSLError might be caused by old versions of httplib2
 - fence_gce: make zone optional for get_nodes_list (#487)
 - fence_ibm_powervs: add support for proxy, private API servers and get token 
via API key (#490)
 - fence_ibm_powervs: improve defaults based on testing
 - fence_ibm_vpc: add proxy support
 - fence_ibm_vpc: add token cache support
 - fence_ibm_vpc: remove unused "instance" parameter and make limit optional
 - fence_ibmz: add option --load-on-activate
 - fence_kubevirt: take default namespace from context
 - fence_lpar: fix missing import logging, use fail_usage
 - fence_lpar: only output additional error output on DEBUG level
 - fence_lpar: support comanaged LPARs
 - fence_openstack: add --ssl-insecure
 - fence_openstack: add support for reading config from clouds.yaml and openrc
 - fence_openstack: allowing using base os ssl cacert when cacert is not 
specified
 - fence_raritan: also allow pure port number, not only system1/outletX string 
(#473)
 - fence_sbd: improve error handling
 - fence_scsi/fence_mpath: add suppress-errors option (#484)
 - fence_virt: clarify usage of ip= for vsock listener
 - fence_virt: add debug print for static map check
 - fence_virt: add note that reboot-action doesnt power on nodes that are 
powered off
 - fence_virt: allow groups to only specify vm_name without UUID
 - fence_virt: drop last qmf bits (rhel6 era)
 - fence_virt: fix clang build
 - fence_virt: fix cpg plugin build
 - fence_virt: fix serial debug output
 - fence_virt: fix tcp plugin to properly pass info to acl check
 - fence_virt: update man page for serial listener in serial mode
 - fence_virt: update man page to cover all serial listener configs
 - fence_virtd: add info about using multiple uuid/ip entries for groups
 - fence_virtd: add link and non-user socket example to man page
 - fence_virtd: add support for named groups
 - fence_virtd: set secure file permissions for fence_virtd.conf and key file 
if they are not mode 600
 - fence_wti: increase login timeout to avoid random timeouts
 - fence_zvm: deprecate agent
 - fence_zvmip: add --disable-ssl
 - fence_zvmip: show unable to connect error instead of full stacktrace, e.g. 
when not using --ssl for SSL devices

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.11.0...v4.12.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.12.0

2023-01-09 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.12.0:
4.12.0-rc1: Jan 18.
4.12.0: Jan 25

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.11.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 141 issues and 50 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] multiple resources - pgsqlms - and IP(s)

2023-01-04 Thread Oyvind Albrigtsen

On 04/01/23 11:15 +0100, Tomas Jelinek wrote:

Dne 04. 01. 23 v 8:29 Reid Wahl napsal(a):

On Tue, Jan 3, 2023 at 10:53 PM lejeczek via Users
 wrote:




On 03/01/2023 21:44, Ken Gaillot wrote:

On Tue, 2023-01-03 at 18:18 +0100, lejeczek via Users wrote:

On 03/01/2023 17:03, Jehan-Guillaume de Rorthais wrote:

Hi,

On Tue, 3 Jan 2023 16:44:01 +0100
lejeczek via Users  wrote:


To get/have Postgresql cluster with 'pgsqlms' resource, such
cluster needs a 'master' IP - what do you guys do when/if
you have multiple resources off this agent?
I wonder if it is possible to keep just one IP and have all
those resources go to it - probably 'scoring' would be very
tricky then, or perhaps not?

That would mean all promoted pgsql MUST be on the same node at any
time.
If one of your instance got some troubles and need to failover,
*ALL* of them
would failover.

This imply not just a small failure time window for one instance,
but for all
of them, all the users.


Or you do separate IP for each 'pgsqlms' resource - the
easiest way out?

That looks like a better option to me, yes.

Regards,

Not related - Is this an old bug?:

-> $ pcs resource create pgsqld-apps ocf:heartbeat:pgsqlms
bindir=/usr/bin pgdata=/apps/pgsql/data op start timeout=60s
op stop timeout=60s op promote timeout=30s op demote
timeout=120s op monitor interval=15s timeout=10s
role="Master" op monitor interval=16s timeout=10s
role="Slave" op notify timeout=60s meta promotable=true
notify=true master-max=1 --disable
Error: Validation result from agent (use --force to override):
ocf-exit-reason:You must set meta parameter notify=true
for your master resource
Error: Errors have occurred, therefore pcs is unable to continue

pcs now runs an agent's validate-all action before creating a resource.
In this case it's detecting a real issue in your command. The options
you have after "meta" are clone options, not meta options of the
resource being cloned. If you just change "meta" to "clone" it should
work.

Nope. Exact same error message.
If I remember correctly there was a bug specifically
pertained to 'notify=true'


The only recent one I can remember was a core dump.
- Bug 2039675 - pacemaker coredump with ocf:heartbeat:mysql resource
(https://bugzilla.redhat.com/show_bug.cgi?id=2039675)

From a quick inspection of the pcs resource validation code
(lib/pacemaker/live.py:validate_resource_instance_attributes_via_pcmk()),
it doesn't look like it passes the meta attributes. It only passes the
instance attributes. (I could be mistaken.)

The pgsqlms resource agent checks the notify meta attribute's value as
part of the validate-all action. If pcs doesn't pass the meta
attributes to crm_resource, then the check will fail.



Pcs cannot pass meta attributes to crm_resource, because there is 
nowhere to pass them to. As defined in OCF 1.1, only instance 
attributes matter for validation, see https://github.com/ClusterLabs/OCF-spec/blob/main/ra/1.1/resource-agent-api.md#check-levels



The agents are bugged - they depend on meta data being passed to 
validation. This is already tracked and being worked on:


https://github.com/ClusterLabs/resource-agents/pull/1826

I've made a PR to fix it in pgsqlms as well:
https://github.com/ClusterLabs/PAF/pull/216


Bug 2157872 - resource-agents: fix validate-all issue with new 
pcs/pacemaker by only running some checks when OCF_CHECK_LEVEL=10

https://bugzilla.redhat.com/show_bug.cgi?id=2157872

2149113 - pcs can't create MS SQL Server cluster resources
https://bugzilla.redhat.com/show_bug.cgi?id=2149113


Regards,
Tomas


I'm on C8S with resource-agents-paf-4.9.0-35.el8.x86_64.

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/






___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] modified RA can't be used

2022-06-27 Thread Oyvind Albrigtsen

You need to update the agent name in the metadata section to be the
same as the filename.


Oyvind

On 27/06/22 14:54 +0200, Lentes, Bernd wrote:

Hi,

i adapted the RA ocf/heartbeat/VirtualDomain to my needs and renamed it to 
VirtualDomain.ssh
When i try to use it now, i get an error message.
I start e.g. "crm configure edit vm-idcc-devel" to modify an existing 
VirtualDomain that it uses the new RA
and want to save it i get the following error:
ERROR: ocf:heartbeat:VirtualDomain.ssh: got no meta-data, does this RA exist?
ERROR: ocf:heartbeat:VirtualDomain.ssh: got no meta-data, does this RA exist?
ERROR: ocf:heartbeat:VirtualDomain.ssh: no such resource agent

The RA exists in the filesystem and has the same permissions as the original:
ha-idg-1:~ # ll /usr/lib/ocf/resource.d/heartbeat/Virt*
-rwxr-xr-x 1 root root 35607 Feb 15 07:21 
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain
-rwxr-xr-x 1 root root 35747 Jun 27 14:22 
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh

The difference is only in one line i added:
ha-idg-1:~ # diff /usr/lib/ocf/resource.d/heartbeat/VirtualDomain 
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh
732a733,734

 ssh -i /root/ssh/id_rsa.mcd.shutdown mcd.shutdown@${DOMAIN_NAME} shutdown.bat
 ## new by bernd.len...@helmholtz-muenchen.de 26062022


I also copied the new RA to another folder ... same problem.
When i try to get info about the new RA i get the same error:
ha-idg-1:~ # crm ra info ocf:heartbeat:VirtualDomain.ssh
ERROR: ocf:heartbeat:VirtualDomain.ssh: got no meta-data, does this RA exist?

The VirtualDomain is shutdown. It's a two-node cluster with SLES 12 SP5,
RA exists on both nodes and is identical:

ha-idg-1:~ # sha1sum /usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh
8d075cb0745c674525802f94d4d7d2b88af8156c  
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh

ha-idg-2:~ # sha1sum /usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh
8d075cb0745c674525802f94d4d7d2b88af8156c  
/usr/lib/ocf/resource.d/heartbeat/VirtualDomain.ssh

Any ideas ?

Bernd


--

Bernd Lentes
System Administrator
Institute for Metabolism and Cell Death (MCD)
Building 25 - office 122
HelmholtzZentrum München
bernd.len...@helmholtz-muenchen.de
phone: +49 89 3187 1241
fax: +49 89 3187 2294
http://www.helmholtz-muenchen.de/mcd


Public key:

30 82 01 0a 02 82 01 01 00 b3 72 3e ce 2c 0a 6f 58 49 2c 92 23 c7 b9 c1 ff 6c 
3a 53 be f7 9e e9 24 b7 49 fa 3c e8 de 28 85 2c d3 ed f7 70 03 3f 4d 82 fc cc 
96 4f 18 27 1f df 25 b3 13 00 db 4b 1d ec 7f 1b cf f9 cd e8 5b 1f 11 b3 a7 48 
f8 c8 37 ed 41 ff 18 9f d7 83 51 a9 bd 86 c2 32 b3 d6 2d 77 ff 32 83 92 67 9e 
ae ae 9c 99 ce 42 27 6f bf d8 c2 a1 54 fd 2b 6b 12 65 0e 8a 79 56 be 53 89 70 
51 02 6a eb 76 b8 92 25 2d 88 aa 57 08 42 ef 57 fb fe 00 71 8e 90 ef b2 e3 22 
f3 34 4f 7b f1 c4 b1 7c 2f 1d 6f bd c8 a6 a1 1f 25 f3 e4 4b 6a 23 d3 d2 fa 27 
ae 97 80 a3 f0 5a c4 50 4a 45 e3 45 4d 82 9f 8b 87 90 d0 f9 92 2d a7 d2 67 53 
e6 ae 1e 72 3e e9 e0 c9 d3 1c 23 e0 75 78 4a 45 60 94 f8 e3 03 0b 09 85 08 d0 
6c f3 ff ce fa 50 25 d9 da 81 7b 2a dc 9e 28 8b 83 04 b4 0a 9f 37 b8 ac 58 f1 
38 43 0e 72 af 02 03 01 00 01





___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.11.0

2022-04-06 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.11.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.11.0

The most significant enhancements in this release are:
- new resource agents:
 - corosync-qnetd
 - ocivip
 - rabbitmq-server-ha (migrated from the RabbitMQ project (#1698)

- bugfixes and enhancements:
 - Filesystem: fix logic for UUID/label devices with space between parameter 
and UUID/label
 - db2/openstack-info: fix bashisms
 - Filesystem: add support for Amazon EFS mount helper
 - Filesystem: fix OpenBSD check in fstype_supported()
 - Filesystem: unmount bind mounts before unmount file system
 - IPaddr2: allow to disable Duplicate Address Detection for IPv6
 - IPaddr2: allow to send IPv6 Neighbor Advertisements in background
 - IPsrcaddr: add warning about possible issues when used with DHCP
 - IPsrcaddr: fixes to use findif.sh to detect secondary interfaces
 - LVM-activate: change lvm_status return value from OCF_NOT_RUNNING to 
OCF_ERR_GENERIC to avoid fencing (#1753)
 - LVM-activate: replace error log messages with calls to ocf_exit_reason 
(#1730)
 - LinuxSCSI: replace error log messages with calls to ocf_exit_reason
 - Route: return OCF_NOT_RUNNING for probe action when interface or route 
doesnt exist
 - asterisk: fix sipsak check during start-action (#1715)
 - build: workaround gcc 12 warning
 - configure: only run ci/build.sh when shellcheck is present
 - db2: only warn when notify isnt set, and use ocf_local_nodename() to get 
node name
 - db2: use -l forever instead of -t nodes -l reboot, as they conflict with 
eachother
 - gcp-ilb: only check if log_cmd binary is available if log_enable is true
 - ipsec: add missing $ to make variable expand in check (#1755)
 - mysql-common: fix local SSL connection by using --ssl-mode=REQUIRED which is 
available on 5.7+ (--ssl is not available in 8.0)
 - nginx: replace error log messages with calls to ocf_exit_reason
 - nvmet-subsystem: fix allowed_initiators to avoid only running once (found by 
shellcheck)
 - ocf-distro: improve RHEL based distro detection (added AlmaLinux, Oracle 
Linux, and Rocky Linux)
 - ocf-shellfuncs: parametrise the log destination by OCF_RESKEY_trace_dir
 - ocf-shellfuncs: quote pid in ocf_pidfile_status
 - openstack-*: add insecure parameter
 - openstack-*: add support for multiple setup options (incl. 
clouds.yaml/openrc)
 - openstack-info: align op timeout with other openstack agents
 - podman: remove anonymous volumes during stop-action
 - rabbitmq-server-ha: Fix SERVER_START_ARGS sname/name use for FQDN
 - rabbitmq-server-ha: Revert "OCF RA: Do not start rabbitmq if notification of 
start is not about us" (#1713)
 - spec: fix Requires to allow install on opensuse
 - spec: fix mount.cifs if() for RHEL/CentOS 9+

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.11.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.11.0 rc1

2022-03-30 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.11.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.11.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - corosync-qnetd
 - ocivip
 - rabbitmq-server-ha (migrated from the RabbitMQ project (#1698)

- bugfixes and enhancements:
 - Filesystem: add support for Amazon EFS mount helper
 - Filesystem: fix OpenBSD check in fstype_supported()
 - Filesystem: unmount bind mounts before unmount file system
 - IPaddr2: allow to disable Duplicate Address Detection for IPv6
 - IPaddr2: allow to send IPv6 Neighbor Advertisements in background
 - IPsrcaddr: add warning about possible issues when used with DHCP
 - IPsrcaddr: fixes to use findif.sh to detect secondary interfaces
 - LVM-activate: change lvm_status return value from OCF_NOT_RUNNING to 
OCF_ERR_GENERIC to avoid fencing (#1753)
 - LVM-activate: replace error log messages with calls to ocf_exit_reason 
(#1730)
 - LinuxSCSI: replace error log messages with calls to ocf_exit_reason
 - Route: return OCF_NOT_RUNNING for probe action when interface or route 
doesnt exist
 - asterisk: fix sipsak check during start-action (#1715)
 - build: workaround gcc 12 warning
 - configure: only run ci/build.sh when shellcheck is present
 - db2: only warn when notify isnt set, and use ocf_local_nodename() to get 
node name
 - db2: use -l forever instead of -t nodes -l reboot, as they conflict with 
eachother
 - gcp-ilb: only check if log_cmd binary is available if log_enable is true
 - ipsec: add missing $ to make variable expand in check (#1755)
 - mysql-common: fix local SSL connection by using --ssl-mode=REQUIRED which is 
available on 5.7+ (--ssl is not available in 8.0)
 - nginx: replace error log messages with calls to ocf_exit_reason
 - nvmet-subsystem: fix allowed_initiators to avoid only running once (found by 
shellcheck)
 - ocf-distro: improve RHEL based distro detection (added AlmaLinux, Oracle 
Linux, and Rocky Linux)
 - ocf-shellfuncs: parametrise the log destination by OCF_RESKEY_trace_dir
 - ocf-shellfuncs: quote pid in ocf_pidfile_status
 - openstack-*: add insecure parameter
 - openstack-*: add support for multiple setup options (incl. 
clouds.yaml/openrc)
 - openstack-info: align op timeout with other openstack agents
 - podman: remove anonymous volumes during stop-action
 - rabbitmq-server-ha: Fix SERVER_START_ARGS sname/name use for FQDN
 - rabbitmq-server-ha: Revert "OCF RA: Do not start rabbitmq if notification of 
start is not about us" (#1713)
 - spec: fix Requires to allow install on opensuse
 - spec: fix mount.cifs if() for RHEL/CentOS 9+

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.11.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.11.0

2022-03-23 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.11.0:
4.11.0-rc1: Mar 30.
4.11.0: Apr 6.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.10.0...main

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 133 issues and 50 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] PAF CentOS RPM

2022-02-22 Thread Oyvind Albrigtsen

On 22/02/22 11:59 +0100, Jehan-Guillaume de Rorthais wrote:

Hello,

On Tue, 22 Feb 2022 09:27:16 +
lejeczek via Users  wrote:


...
Perhaps as the author(s) you can chip in and/or help via comments to
rectify this:

...

  Problem: package resource-agents-paf-4.9.0-7.el8.x86_64 requires


PAF doesn't share the same release plans than the resource-agents project, but
it seems RH included it in their build process as part as the resource-agents
one, releasing it with the same version number:
https://bugzilla.redhat.com/show_bug.cgi?id=1872754

RH is delivering PAF since the RHSA-2021:4139 security fixes and update,
in november 2021: https://access.redhat.com/errata/RHSA-2021:4139

I wasn't aware of this packaging and how it is built, neither of the repository
it is delivered to.

I am only aware of the RPM I am delivering on github, and the one provided by
the PGDG repository: https://yum.postgresql.org/packages/


...
How I understand that is that CentOS guys/community have PAF in
'resilientstorage' repo.


I have no idea why the PAF package is in this repo and not in the
HighAvailability one where I suppose it should be host. Compare:

* http://mirror.centos.org/centos/8-stream/HighAvailability/x86_64/os/Packages/
* http://mirror.centos.org/centos/8-stream/ResilientStorage/x86_64/os/Packages/

Ping Oyvind, maybe you have some input about this as the resource-agents
package maintainer?

I dont know how it got excluded on CentOS Stream only, but I've
created a bz to fix it:
https://bugzilla.redhat.com/show_bug.cgi?id=2056926


Oyvind Albrigtsen


Regards,



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.11.0

2021-11-24 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.11.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.11.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_cyberpower_ssh
 - fence_ibm_vpc
 - fence_ibm_powervs
 - fence_raritan_px3

- bugfixes and enhancements:
 - configure: fix --with-agents to not match *virt in regex
 - fencing: encode instead of failing for chinese or other non-utf8 character 
sets
 - spec: add dependency for new split azure sdk packages for Fedora 35+
 - fence_aliyun: optimize log output (#449)
 - fence_amt_ws: fix "or" causing dead code
 - fence_amt_ws: fix --boot-option (choices are uppercased while getting parsed)
 - fence_azure_arm: fix support for sovereign clouds and MSI for new versions of
   azure libraries (#439)
 - fence_gce: add operation checks and multiple plug/zone support (#400)
 - fence_kdump: accept message from multiple addresses (useful for RRP 
clusters) (#374)
 - fence_kdump: properly support -v[X] and -vvv (and combinations)
 - fence_kubevirt: fix kubevirt VM status
 - fence_kubevirt: add --ssl-insecure parameter
 - fence_kubevirt: make apiversion a parameter
 - fence_kubevirt: set default power-timeout to 40s
 - fence_mpath/fence_scsi: use store path detected by configure
 - fence_pve: Replace "nodename" with "pmx-node" (matching original intent) 
(#424)
 - fence_vmware_soap: use --login-timeout option (#447)
 - fence_zvmip: add ssl/tls support
 - fence_zvmip: use ssl by default

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.10.0...v4.11.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.10.0

2021-11-03 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.10.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.10.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - VirtualDomain: added the ability to unset utilization variables (#1703)
 - all agents: specify agent and OCF versions corrently in metadata
 - configure: use new SYSTEMD_ parameters
 - gcp-pd-move/gcp-vpc-move-route: dont fail failed resources instantly (caused 
by OCF_ERR_CONFIGURED)
 - iSCSILogicalUnit: do not use lio_iblock with lio-t
 - metadata.rng: update to support resource agent version according to the OCF 
standard
 - nfsnotify: fix default value for "notify_args"
 - nfsnotify: fix rpcuser error when resource start on debian (#1696)
 - nfsserver: fix NFSv4 lock failover: set NFS Server Scope (#1688)
 - ocf.py: add agent and OCF version parameters (both defaults to 1.0)
 - portblock: use ss when available, netstat is "obsolete"
 - ra-dev-guide: update agent/OCF version info (#1699)
 - storage-mon: update metadata to suggest usage in combination with 
HealthSMART agent
 - symlink: fix symlink vs target realpath comparison (#1691)
 - tickle_tcp: fix build issue on opensuse 15.3
 - tools: add nfsconvert for RHEL-based distros

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.10.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.10.0 rc1

2021-10-27 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.10.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.10.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - VirtualDomain: added the ability to unset utilization variables (#1703)
 - all agents: specify agent and OCF versions corrently in metadata
 - configure: use new SYSTEMD_ parameters
 - gcp-pd-move/gcp-vpc-move-route: dont fail failed resources instantly (caused 
by OCF_ERR_CONFIGURED)
 - iSCSILogicalUnit: do not use lio_iblock with lio-t
 - metadata.rng: update to support resource agent version according to the OCF 
standard
 - nfsnotify: fix default value for "notify_args"
 - nfsnotify: fix rpcuser error when resource start on debian (#1696)
 - nfsserver: fix NFSv4 lock failover: set NFS Server Scope (#1688)
 - ocf.py: add agent and OCF version parameters (both defaults to 1.0)
 - portblock: use ss when available, netstat is "obsolete"
 - ra-dev-guide: update agent/OCF version info (#1699)
 - storage-mon: update metadata to suggest usage in combination with 
HealthSMART agent
 - symlink: fix symlink vs target realpath comparison (#1691)
 - tickle_tcp: fix build issue on opensuse 15.3
 - tools: add nfsconvert for RHEL-based distros


The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.10.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.10.0

2021-10-18 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.10.0:
4.10.0-rc1: Oct 27.
4.10.0: Nov 3.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.9.0...master

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 130 issues and 58 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Antw: [EXT] resource‑agents v4.9.0

2021-08-19 Thread Oyvind Albrigtsen

On 19/08/21 12:13 +0200, Ulrich Windl wrote:

Hi!

Just one point: The description "ocf-shellfuncs: Remove a bashism in" seems
incomplete.

Nice catch.

Just a bad rewrite of commit text for the changelog:
Remove a bashism in ocf-shellfuncs.in


Regards,
Ulrich


Oyvind Albrigtsen  schrieb am 19.08.2021 um 09:51 in

Nachricht <20210819075143.n7z2n7xjqzids...@redhat.com>:

ClusterLabs is happy to announce resource‑agents v4.9.0.

Source code is available at:
https://github.com/ClusterLabs/resource‑agents/releases/tag/v4.9.0

The most significant enhancements in this release are:
‑ new resource agents:
  ‑ gcp‑ilb
  ‑ nvmet‑subsystem/nvmet‑namespace/nvmet‑port
  ‑ openstack‑virtual‑ip
  ‑ smb‑share
  ‑ storage‑mon

‑ bugfixes and enhancements:
  ‑ CTDB: replace timeout override with ctdb_timeout parameter (#1661)
  ‑ Filesystem: do not call partprobe for bind mounts
  ‑ LVM‑activate: disable VG autoactivation in system_id access_mode
  ‑ LVM‑activate: fix drop‑in check to avoid re‑creating drop‑in file when

it

already exists
  ‑ SAPInstance: Fix for issue #1680 ‑ SAPInstance fails to detect systemd
integration (#1681)
  ‑ SAPInstance: add systemd compatability (#1662)
  ‑ VirtualDomain: add code to set the host_memory value for Utilization
(#1649)
  ‑ VirtualDomain: add start_resources parameter that ensures needed

virtual

storage pools and networks are up and refreshed when enabled
  ‑ VirtualDomain: drop prefix xenmigr from migrate uri
  ‑ azure‑events: update api_version
  ‑ build: fix out‑of‑tree build for man pages
  ‑ configure: add /usr/local/share to fallback path to be scanned for
docbook path
  ‑ configure: test for json and remove hardcoded #! in openstack‑info
  ‑ db2: add PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED status to

promote‑check

  ‑ dummy: add missing action to dummy_usage function
  ‑ findif: popen requires pclose and not fclose (#1664)
  ‑ gcp‑vpc‑move‑route: add serviceaccount JSON file support
  ‑ gcp‑vpc‑move‑vip.in: add retry to avoid failing on first failed request
  ‑ gcp‑vpc‑move‑vip: add serviceaccount JSON file support
  ‑ iSCSILogicalUnit: lio‑t: support setting product_id
  ‑ lvmlockd: remove cmirrord support as it's incompatible with lvmlockd
  ‑ mdraid: add option description for OCF_CHECK_LEVEL
  ‑ mysql: add support for local SSL connection (#1682)
  ‑ ocf‑shellfuncs: Remove a bashism in
  ‑ openstack‑cinder‑volume: CLI output parsing fixes, fetch of node ID
consistency, monitor action simplification, and return error when validate
fails
  ‑ openstack‑floating‑ip: return error when validate fails and small log
message fixes.
  ‑ openstack‑info: run validate in start action. (#1639)
  ‑ openstack‑info: updates due to API output format changes and attempt to



future‑proof parsing of the output.
  ‑ podman: workaround race during container creation
  ‑ spec: remove chkconfig dependency for Fedora < 34

The full list of changes for resource‑agents is available at:
https://github.com/ClusterLabs/resource‑agents/blob/v4.9.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource‑agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/




___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.9.0

2021-08-19 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.9.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.9.0

The most significant enhancements in this release are:
- new resource agents:
 - gcp-ilb
 - nvmet-subsystem/nvmet-namespace/nvmet-port
 - openstack-virtual-ip
 - smb-share
 - storage-mon

- bugfixes and enhancements:
 - CTDB: replace timeout override with ctdb_timeout parameter (#1661)
 - Filesystem: do not call partprobe for bind mounts
 - LVM-activate: disable VG autoactivation in system_id access_mode
 - LVM-activate: fix drop-in check to avoid re-creating drop-in file when it 
already exists
 - SAPInstance: Fix for issue #1680 - SAPInstance fails to detect systemd 
integration (#1681)
 - SAPInstance: add systemd compatability (#1662)
 - VirtualDomain: add code to set the host_memory value for Utilization (#1649)
 - VirtualDomain: add start_resources parameter that ensures needed virtual
   storage pools and networks are up and refreshed when enabled
 - VirtualDomain: drop prefix xenmigr from migrate uri
 - azure-events: update api_version
 - build: fix out-of-tree build for man pages
 - configure: add /usr/local/share to fallback path to be scanned for docbook 
path
 - configure: test for json and remove hardcoded #! in openstack-info
 - db2: add PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED status to promote-check
 - dummy: add missing action to dummy_usage function
 - findif: popen requires pclose and not fclose (#1664)
 - gcp-vpc-move-route: add serviceaccount JSON file support
 - gcp-vpc-move-vip.in: add retry to avoid failing on first failed request
 - gcp-vpc-move-vip: add serviceaccount JSON file support
 - iSCSILogicalUnit: lio-t: support setting product_id
 - lvmlockd: remove cmirrord support as it's incompatible with lvmlockd
 - mdraid: add option description for OCF_CHECK_LEVEL
 - mysql: add support for local SSL connection (#1682)
 - ocf-shellfuncs: Remove a bashism in
 - openstack-cinder-volume: CLI output parsing fixes, fetch of node ID 
consistency, monitor action simplification, and return error when validate fails
 - openstack-floating-ip: return error when validate fails and small log 
message fixes.
 - openstack-info: run validate in start action. (#1639)
 - openstack-info: updates due to API output format changes and attempt to 
future-proof parsing of the output.
 - podman: workaround race during container creation
 - spec: remove chkconfig dependency for Fedora < 34

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.9.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.9.0 rc1

2021-08-12 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.9.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.9.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - gcp-ilb
 - nvmet-subsystem/nvmet-namespace/nvmet-port
 - openstack-virtual-ip
 - smb-share
 - storage-mon

- bugfixes and enhancements:
 - CTDB: replace timeout override with ctdb_timeout parameter (#1661)
 - Filesystem: do not call partprobe for bind mounts
 - LVM-activate: disable VG autoactivation in system_id access_mode
 - LVM-activate: fix drop-in check to avoid re-creating drop-in file when it 
already exists
 - SAPInstance: Fix for issue #1680 - SAPInstance fails to detect systemd 
integration (#1681)
 - SAPInstance: add systemd compatability (#1662)
 - VirtualDomain: add code to set the host_memory value for Utilization (#1649)
 - VirtualDomain: add start_resources parameter that ensures needed virtual
   storage pools and networks are up and refreshed when enabled
 - VirtualDomain: drop prefix xenmigr from migrate uri
 - azure-events: update api_version
 - build: fix out-of-tree build for man pages
 - configure: add /usr/local/share to fallback path to be scanned for docbook 
path
 - configure: test for json and remove hardcoded #! in openstack-info
 - db2: add PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED status to promote-check
 - dummy: add missing action to dummy_usage function
 - findif: popen requires pclose and not fclose (#1664)
 - gcp-vpc-move-route: add serviceaccount JSON file support
 - gcp-vpc-move-vip.in: add retry to avoid failing on first failed request
 - gcp-vpc-move-vip: add serviceaccount JSON file support
 - iSCSILogicalUnit: lio-t: support setting product_id
 - lvmlockd: remove cmirrord support as it's incompatible with lvmlockd
 - mdraid: add option description for OCF_CHECK_LEVEL
 - mysql: add support for local SSL connection (#1682)
 - ocf-shellfuncs: Remove a bashism in
 - openstack-cinder-volume: CLI output parsing fixes, fetch of node ID 
consistency, monitor action simplification, and return error when validate fails
 - openstack-floating-ip: return error when validate fails and small log 
message fixes.
 - openstack-info: run validate in start action. (#1639)
 - openstack-info: updates due to API output format changes and attempt to 
future-proof parsing of the output.
 - podman: workaround race during container creation
 - spec: remove chkconfig dependency for Fedora < 34

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.9.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.9.0

2021-08-03 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.9.0:
4.9.0-rc1: Aug 12.
4.9.0: Aug 19.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.8.0...master

I've modified the corresponding milestones at:
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 129 issues and 57 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.10.0

2021-07-15 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.10.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.10.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_cdu
 - fence_kubevirt

- bugfixes and enhancements:
 - log exceptions to be more detailed when failing
 - build: expose delay-check to be able to skip the other tests when debugging
 - spec: export PYTHON to avoid configure ignoring it
 - fence_azure_arm: corrections to support Azure SDK >= 15 - including backward 
compatibility (#415)
 - fence_gce: make serviceaccount work with new libraries
 - fence_sbd: log warning when disable-timeout is enabled

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.9.0...v4.10.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.9.0

2021-06-04 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.9.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.9.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: enable fence_virtd cpg plugin by default
 - build: tidy up module sources
 - fence_aws: add filter parameter to be able to limit which nodes are listed
 - fence_gce: default method moved back to powercycle (#389)
 - fence_lindypdu: new fence agent
 - fence_mpath: watchdog retries support
 - fence_openstack: major rework of the agent. (#397)
 - fence_redfish: add missing diag logic
 - fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds 
on some archs
 - fence_virt: fix required=1 parameters that used to not be required and add 
deprecated=1 for old deprecated params
 - fencing: add multi plug support for reboot-action
 - fencing: add stonith_status_sleep parameter for sleep between status calls 
during a STONITH action
 - fencing: fix issue with hardcoded help text length for metadata
 - virt: drop fence_virtd non-modular build
 - virt: drop null, libvirt-qmf, pm-fence plugins
 - virt: fixes and cleanup of deadcode

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.8.0...v4.9.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.8.0

2021-03-24 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.8.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.8.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - awsvip: dont partially match similar IPs during monitor-action
 - aws agents: dont spam log files when getting token
 - galera/rabbitmq-cluster/redis: run crm_mon without performing validation
   to solve pcmk version mismatch issues between host and container(s)
 - podman: return OCF_NOT_RUNNING when monitor cmd fails (not running)
 - Filesystem: change force_unmount default to safe for RHEL9+
 - Route: return OCF_NOT_RUNNING status if iface doesn't exist.
 - VirtualDomain: fix pid_status() on EL8 (and other distros with newer 
versions of qemu) (#1614)
 - anything: only write PID to pidfile (when sh prints message(s))
 - azure-lb: redirect stdout and stderr to /dev/null to avoid nc dying with 
EPIPE error
 - configure: dont use OCF_ROOT_DIR from glue.h
 - docker-compose: use -f $YML in all calls to avoid issues when not using 
default YML file
 - gcp-vpc-move-route, gcp-vpc-move-vip: add project ID parameter
 - gcp-vpc-move-route: fix stop-action when route stopped, and fix 
check_conflicting_routes()
 - gcp-vpc-move-route: make "vpc_network" optional
 - gcp-vpc-move-vip: correctly return error when no instances are returned
 - ldirectord: added real servers threshold settings
 - mysql-common: check datadir permissions
 - nfsclient: fix stop-action when export not present
 - nfsserver: error-check unbind_tree
 - pgsql: make wal receiver check compatible with PostgreSQL >= 11
 - spec: add BuildRequires for google lib

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.8.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.8.0

2021-03-17 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.8.0.

The fence-virt repository has been merged into fence-agents, so be
sure to give fence_virt, fence_xvm and fence_virtd some additional
testing to ensure it doesnt have any issues we havent caught in our
initial testing.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.8.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_gce: adds cloud-platform scope for bare metal API and optional proxy 
flags (#382)
 - fence_gce: support google-auth and oauthlib and fallback to deprecated libs 
when not available
 - fence_redfish: add diag-action
 - spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
 - spec: undo autosetup change that breaks builds w/git commit hashes
 - spec: use python3 path for newer releases

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.7.1...v4.8.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.8.0 rc1

2021-03-17 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.8.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.8.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - Filesystem: change force_unmount default to safe for RHEL9+
 - Route: return OCF_NOT_RUNNING status if iface doesn't exist.
 - VirtualDomain: fix pid_status() on EL8 (and other distros with newer 
versions of qemu) (#1614)
 - anything: only write PID to pidfile (when sh prints message(s))
 - azure-lb: redirect stdout and stderr to /dev/null to avoid nc dying with 
EPIPE error
 - configure: dont use OCF_ROOT_DIR from glue.h
 - docker-compose: use -f $YML in all calls to avoid issues when not using 
default YML file
 - gcp-vpc-move-route, gcp-vpc-move-vip: add project ID parameter
 - gcp-vpc-move-route: fix stop-action when route stopped, and fix 
check_conflicting_routes()
 - gcp-vpc-move-route: make "vpc_network" optional
 - gcp-vpc-move-vip: correctly return error when no instances are returned
 - ldirectord: added real servers threshold settings
 - mysql-common: check datadir permissions
 - nfsclient: fix stop-action when export not present
 - nfsserver: error-check unbind_tree
 - pgsql: make wal receiver check compatible with PostgreSQL >= 11
 - spec: add BuildRequires for google lib

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.8.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.8.0

2021-03-09 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.8.0:
4.8.0-rc1: Mar 17.
4.8.0: Mar 24.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.7.0...master

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 119 issues and 57 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-virt: consider to merge into fence-agents git repository

2021-03-05 Thread Oyvind Albrigtsen

Hi,

We are considering to merge the fence-virt repo into the fence-agents
git repository.

Tell us if you have any objections to merging the git repositories, so
we can take any objections into consideration.


Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] fence-agents v4.7.1

2021-02-08 Thread Oyvind Albrigtsen

Correction: bugfix release for v4.7.0.

On 08/02/21 12:01 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v4.7.1, which is a
bugfix release for v4.7.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
- fence_aws/fence_gce: allow building without cloud libs
- fence_gce: default to onoff
- fence_gce: add service account authentication
- fence_gce: fix 'googleapiclient' has no attribute '__version__'
  issue with newer versions of googleapiclient
- fence_ipmilan: create fence_ipmilanplus symlink with lanplus
  enabled by default
- fence_lpar: make managed a required parameter
- fence_vbox: do not flood shell history with vboxmanage calls
- fence_zvmip: fix shell-timeout when using new disable-timeout parameter
- spec: dont build -all subpackage as noarch (due to different
  dependencies per arch)

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.7.1

2021-02-08 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.7.1, which is a
bugfix release for v4.7.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_aws/fence_gce: allow building without cloud libs
 - fence_gce: default to onoff
 - fence_gce: add service account authentication
 - fence_gce: fix 'googleapiclient' has no attribute '__version__'
   issue with newer versions of googleapiclient
 - fence_ipmilan: create fence_ipmilanplus symlink with lanplus
   enabled by default
 - fence_lpar: make managed a required parameter
 - fence_vbox: do not flood shell history with vboxmanage calls
 - fence_zvmip: fix shell-timeout when using new disable-timeout parameter
 - spec: dont build -all subpackage as noarch (due to different
   dependencies per arch)

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] CVE-2020-11078 vulnerable to resource-agents module

2021-02-02 Thread Oyvind Albrigtsen

There is no fix for this in the agents, so you just need to check that
you're using httplib2 v0.18.0 or later, or that your distros httplib2
package changelog mentions that the CVE has been fixed to ensure you
wont be vulnerable.

https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq


Oyvind

On 01/02/21 12:54 +, S Sathish S wrote:

Hi Team,

Any update on below query.

Thanks and Regards,
S Sathish S
From: S Sathish S
Sent: Wednesday, January 27, 2021 3:33 PM
To: 'users@clusterlabs.org' 
Subject: CVE-2020-11078 vulnerable to resource-agents module

Hi Team,

We need to know whether CVE-2020-11078 vulnerable to resource-agents module, 
kindly confirm on this.

https://github.com/ClusterLabs/resource-agents --> 3.9.5


Thanks and Regards,
S Sathish S



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] fence-agents v4.7.0

2020-12-09 Thread Oyvind Albrigtsen

Updating subject to the correct version.

On 09/12/20 10:20 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v4.7.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.0

The most significant enhancements in this release are:
- new fence agents:
- fence_crosslink

- bugfixes and enhancements:
- build: add pkg-config file
- build: depend on config changes to rebuild when running make after running 
./configure
- fence_aws: add support for IMDSv2
- fence_gce: add baremetal support and parameter to set API call 
timeout/retries (#355)
- fence_mpath, fence_scsi: capture stderr in run_cmd()
- fence_mpath, fence_scsi: improve logging for failed res/key get
- fence_scsi: dont write key to device if it's already registered, and open 
file correctly to avoid using regex against end-of-file
- fencing: add disable-timeout parameter, and make it default when run from 
Pacemaker (at least 2.0+)
- spec: add pkg-config file, and set version for obsoletes to avoid failing to 
build on Fedora 33
- spec: make telnet a weak dependency

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.6.0...v4.7.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.6.0

2020-12-09 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.7.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.7.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_crosslink

- bugfixes and enhancements:
 - build: add pkg-config file
 - build: depend on config changes to rebuild when running make after running 
./configure
 - fence_aws: add support for IMDSv2
 - fence_gce: add baremetal support and parameter to set API call 
timeout/retries (#355)
 - fence_mpath, fence_scsi: capture stderr in run_cmd()
 - fence_mpath, fence_scsi: improve logging for failed res/key get
 - fence_scsi: dont write key to device if it's already registered, and open 
file correctly to avoid using regex against end-of-file
 - fencing: add disable-timeout parameter, and make it default when run from 
Pacemaker (at least 2.0+)
 - spec: add pkg-config file, and set version for obsoletes to avoid failing to 
build on Fedora 33
 - spec: make telnet a weak dependency

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.6.0...v4.7.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.7.0

2020-12-09 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.7.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.7.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - ocf-shellfuncs: make ocf_is_bash4() detect Bash v4 or greater (which it was 
supposed to according to the comments)
 - ocft: fix OCF_RESKEY_CRM_meta_timeout
 - crypt: avoid failing for LVM exclusive volumes by not running full sanity 
check during probes
 - LVM-activate: use systemd drop-in to stop before blk-availability.service
 - ocf-distro: improve robustness and specificity (#1558)
 - crypt: allow encrypted_dev to be symlink to support using devices in 
/dev/disk/... or by UUID
 - iface-vlan: vlan_{interface,id} do not have to be unique
 - Build: fix systemd paths when using non standard prefix
 - Configure: default to build heartbeat agents only
 - Configure: use pkg-config to detect systemd-paths to make CI able to define 
them the same way for all CL-projects
 - CI: add pkg-config file
 - AWS agents: add support for IMDSv2
 - Filesystem: Default fast_stop to no for RHEL 9+ and for other distros
 - Filesystem: POSIX-compliant syntax for portability
 - Filesystem: make mmap search not match partial matches
 - Filesystem: support whitespace in device or directory name
 - LVM-activate: use systemd drop-in to stop before blk-availability.service
 - SAPInstance: introduce MINIMAL_PROBE resource parameter (#1564)
 - asterisk: chown directory if not writable by user (#1583)
 - aws-vpc-move-ip: add "region" parameter
 - aws-vpc-move-ip: added optional eni lookup (defaults to instance id)
 - aws-vpc-move-ip: don't warn for expected scenarios
 - aws-vpc-move-ip: use "region" parameter for all commands
 - azure-events: import URLError and encode postData when necessary
 - azure-events: only decode() when exec() output not of type str
 - azure-events: report error if jsondata not received
 - azure-lb: don't redirect nc listener output to pidfile
 - crypt: allow encrypted_dev to be symlink to support using devices in 
/dev/disk/... or by UUID
 - crypt: avoid failing for LVM exclusive volumes by not running full sanity 
check during probes
 - crypt: fix missing && to set exit_reason
 - crypt: make key_file and crypt_type parameters not unique
 - docker-compose: use "docker ps" to improve status accuracy (#1523)
 - ethmonitor: make regex also match vlan interfaces
 - galera/redis: support RHEL 8.1 pacemaker
 - galera/redis: use --output-as for crm_mon w/newer Pacemaker, and prepare for 
Promoted role
 - galera: fix automatic recovery when a cluster was not gracefully stopped
 - galera: fix check_user configuration with clustercheck
 - galera: recover after network split in a 2-node cluster
 - galera: recover from joining a non existing cluster
 - galera: set bootstrap attribute before promote
 - gcp-pd-move: fixes to not match partial disk_name and make regional PD's work
 - gcp-vpc-move-vip: add support for multiple alias IP ranges on one node
 - gcp-vpc-move-vip: fix sort for list of dicts in Python3
 - gcp-vpc-move-vip: improve metadata and log messages
 - iSCSILogicalUnit: lio-t: add pscsi LIO-T backing store
 - iSCSITarget: add support for LIO-T incoming CHAP auth for TPG
 - iface-vlan: vlan_{interface,id} does not have to be unique
 - kamailio: use correct pkill parameters
 - man: use OCF_CHECK_LEVEL for depth parameters in pcs examples
 - man: use promotable keyword in manpage examples
 - mdraid: fix bashism
 - nfsnotify/nfsserver: fix SELinux issue due to newer ls versions giving 
additional output
 - nfsserver: stop nfsdcld if present during stop-action
 - ocf-distro: improve robustness and specificity (#1558)
 - ocf.py: fix problem when OCF_RESKEY_CRM_meta_interval is not set
 - ocf.py: fix usage for py2 when self param is involved
 - ocf_version_cmp(): enable comparing versions containing git hashes and more
 - pgsql: support RHEL 8.1 pacemaker
 - podman: recover from killed conmon side process
 - podman: recover from podman's storage being out of sync
 - send_arp (libnet): use sigaction() instead of deprecated siginterrupt()
 - send_ua/IPv6addr: use sigaction() instead of deprecated siginterrupt()
 - spec: fix lsb_release dependency
 - spec: ldirectord: added perl-IO-Socket-INET6 dependency on Fedora
 - spec: make Samba/CIFS dependency weak for Fedora 32 and RHEL/CentOS 8 and 
remove the
   dependency for later Fedora/RHEL/CentOS versions
 - spec: dont use Recommends for RHEL/CentOS 7 or older (where it's not 
supported)
 - sybaseASE: add logfile parameter
 - sybaseASE: run verify_all() for start operation only

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.7.0/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all 

[ClusterLabs] resource-agents v4.7.0 rc1

2020-12-02 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.7.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.7.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - Build: fix systemd paths when using non standard prefix
 - Configure: default to build heartbeat agents only
 - Configure: use pkg-config to detect systemd-paths to make CI able to define 
them the same way for all CL-projects
 - CI: add pkg-config file
 - AWS agents: add support for IMDSv2
 - Filesystem: Default fast_stop to no for RHEL 9+ and for other distros
 - Filesystem: POSIX-compliant syntax for portability
 - Filesystem: make mmap search not match partial matches
 - Filesystem: support whitespace in device or directory name
 - LVM-activate: use systemd drop-in to stop before blk-availability.service
 - SAPInstance: introduce MINIMAL_PROBE resource parameter (#1564)
 - asterisk: chown directory if not writable by user (#1583)
 - aws-vpc-move-ip: add "region" parameter
 - aws-vpc-move-ip: added optional eni lookup (defaults to instance id)
 - aws-vpc-move-ip: don't warn for expected scenarios
 - aws-vpc-move-ip: use "region" parameter for all commands
 - azure-events: import URLError and encode postData when necessary
 - azure-events: only decode() when exec() output not of type str
 - azure-events: report error if jsondata not received
 - azure-lb: don't redirect nc listener output to pidfile
 - crypt: allow encrypted_dev to be symlink to support using devices in 
/dev/disk/... or by UUID
 - crypt: avoid failing for LVM exclusive volumes by not running full sanity 
check during probes
 - crypt: fix missing && to set exit_reason
 - crypt: make key_file and crypt_type parameters not unique
 - docker-compose: use "docker ps" to improve status accuracy (#1523)
 - ethmonitor: make regex also match vlan interfaces
 - galera/redis: support RHEL 8.1 pacemaker
 - galera/redis: use --output-as for crm_mon w/newer Pacemaker, and prepare for 
Promoted role
 - galera: fix automatic recovery when a cluster was not gracefully stopped
 - galera: fix check_user configuration with clustercheck
 - galera: recover after network split in a 2-node cluster
 - galera: recover from joining a non existing cluster
 - galera: set bootstrap attribute before promote
 - gcp-pd-move: fixes to not match partial disk_name and make regional PD's work
 - gcp-vpc-move-vip: add support for multiple alias IP ranges on one node
 - gcp-vpc-move-vip: fix sort for list of dicts in Python3
 - gcp-vpc-move-vip: improve metadata and log messages
 - iSCSILogicalUnit: lio-t: add pscsi LIO-T backing store
 - iSCSITarget: add support for LIO-T incoming CHAP auth for TPG
 - iface-vlan: vlan_{interface,id} does not have to be unique
 - kamailio: use correct pkill parameters
 - man: use OCF_CHECK_LEVEL for depth parameters in pcs examples
 - man: use promotable keyword in manpage examples
 - mdraid: fix bashism
 - nfsnotify/nfsserver: fix SELinux issue due to newer ls versions giving 
additional output
 - nfsserver: stop nfsdcld if present during stop-action
 - ocf-distro: improve robustness and specificity (#1558)
 - ocf.py: fix problem when OCF_RESKEY_CRM_meta_interval is not set
 - ocf.py: fix usage for py2 when self param is involved
 - ocf_version_cmp(): enable comparing versions containing git hashes and more
 - pgsql: support RHEL 8.1 pacemaker
 - podman: recover from killed conmon side process
 - podman: recover from podman's storage being out of sync
 - send_arp (libnet): use sigaction() instead of deprecated siginterrupt()
 - send_ua/IPv6addr: use sigaction() instead of deprecated siginterrupt()
 - spec: fix lsb_release dependency
 - spec: ldirectord: added perl-IO-Socket-INET6 dependency on Fedora
 - spec: make Samba/CIFS dependency weak for Fedora 32 and RHEL/CentOS 8 and 
remove the
   dependency for later Fedora/RHEL/CentOS versions
 - spec: dont use Recommends for RHEL/CentOS 7 or older (where it's not 
supported)
 - sybaseASE: add logfile parameter
 - sybaseASE: run verify_all() for start operation only

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.7.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.7.0

2020-11-23 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.7.0:
4.7.0-rc1: Dec 2.
4.7.0: Dec 9.

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.6.1...master

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 118 issues and 57 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Pacemaker/corosync with PostgreSQL 12

2020-09-04 Thread Oyvind Albrigtsen

Add the "recovery.conf" parameters to postgresql.conf (except the
standby one) and touch standby.signal (which does the same thing).

After you've verified that it's working and stop PostgreSQL you simply
rm standby.signal and the "recovery.conf" specific parameters, and the
resource agent will properly add/remove them when appropriate.

On 04/09/20 08:47 +, Ларионов Андрей Валентинович wrote:

Hello,

Please, can you provide example, explanation or give link to existing 
documentation - how to use
pacemaker/corosync for HA Cluster for PostgreSQL 12.x?
Problem is what in PostgreSQL 12 file "recovery.conf" is deprecated, not used 
now.

--
WBR,
Andrey Larionov




___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.6.0

2020-09-02 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.6.0.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.6.0

The most significant enhancements in this release are:
- new fence agents:
 - fence_ibmz for IBM z LPARs
 - fence_skalar for Skala-R virtualization platform

- bugfixes and enhancements:
 - build: add PHONY target to use directory dependencies for parallel builds
 - build: add directory dependencies to avoid edge-case where generating
   manpages could happen before fencing.py was generated
 - configure: fix agent filtering
 - fence_aws: fix fence race, logging improvement and new debug option
 - fence_aws: catch ConnectionError and suppress traceback for caught exceptions
 - fence_aws: fix Python 3 encoding issue
 - fence_aws: improve boto3_debug boolean handling
 - fence_aws: improve connect parameter logic, so region can be specified as
   parameter, while using role or keys from ~/.aws/config
 - fence_aws: improve logging and metadata/usage text
 - fence_azure_arm: fixes to make MSI support work
 - fence_azure_arm: log metadata when debugging
 - fence_compute/fence_evacuate: fix --insecure parameter that was enabled by
   default
 - fence_evacuate: enable evacuation of instances using private flavors
 - fence_gce: disable Google API cache discovery
 - fence_ipmilan: add ability to increase ipmitool verbosity
 - fence_lpar: fix list-status action for hmc-version 4 and IVM
 - fence_lpar: fix parse error from long command line
 - fence_lpar: reduce code duplication in get_lpar_list
 - fence_mpath: allow spaces for comma-separated devices and add support for
   space-separated devices
 - fence_mpath: fix --reserve parameter typo
 - fence_openstack: import novaclient and keystone only when needed
 - fence_redfish/fence_vmware_soap: suppress warnings correctly with new
   python-requests
 - fence_scsi use clusterwide nodeID instead of local nodelist ID of node
 - fence_scsi: add readonly parameter
 - fence_virsh/fence_vbox: fix status-based actions
 - fence_vmware_cloud: improve exception handling in send_command()
 - fence_vmware_rest: add filter parameter
 - fence_vmware_rest: dont fail when receiving "more than 1000 VM" error during
   monitor-action
 - fence_vmware_rest: fix encoding to avoid issues with UTF-8 encoded comments
 - fence_vmware_rest: improve exception handling in send_command()
 - fence_vmware_rest: support UTF-8 VM names
 - fence_vmware_soap: log exception message for SSLError exception
 - fencing: add verbose_level option
 - fencing: only use inetX_only parameters for SSH based agents and fence_zvmip,
   and fix syntax issue for Gawk v5+
 - spec: add -aws and -gce dependency to -all subpackage
 - spec: add missing BuildRequires found when backporting to Fedora
 - spec: add novaclient dependency for fence_compute depends on novaclient
 - spec: fix openstack BuildRequires for distros without Python 3
 - spec: use Python 3 when PYTHON not defined and pass PYTHON  path when running
   rpmbuild

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-agents/compare/v4.5.2...v4.6.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Custom resource agent

2020-07-14 Thread Oyvind Albrigtsen

You should be able to make your custom agent by following this doc:
https://github.com/ClusterLabs/resource-agents/blob/master/doc/dev-guides/ra-dev-guide.asc

Oyvind

On 13/07/20 10:08 +0200, Sim wrote:

Hi,
I need to create a cluster with these characteristics:

NODE1 (Master)
NODE2 (Slave)

Example sequence to moving the role from NODE1 to NODE2:

- NODE1: stopped a process with "systemctl stop"
- NODE1: executed a script with parameter "slave"
- NODE1: executed again the process with "systemctl start"
- NODE2: stopped a process with "systemctl stop"
- NODE2: executed a script "master"
- NODE2: executed again the process with "systemctl start"

I only found ocf_heartbeat_anything but I don't know if it's right for me.
Any suggestions?

Regards
Sim



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.6.1

2020-06-18 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.6.1, which is a
bugfix release for v4.6.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.6.1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - dummypy: add agent to Makefiles/configure and change from f-strings to make 
it
   compatible with Python < 3.6

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.6.0

2020-06-18 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.6.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.6.0

The most significant enhancements in this release are:
- new resource agents:
 - crypt
 - mdraid
 - docker-compose
 - dummypy

- bugfixes and enhancements:
 - ocf_is_ms(): also check OCF_RESKEY_CRM_meta_promotable to make it work 
w/Pacemaker 2.x
 - pgsql: use XML output for better backward and forward compatibility, and 
"Promoted"
   keyword to be ready for Pacemaker 2.1
 - ldirectord: add support for ldaps
 - Filesystem: set "fast_stop" default to "no" for GFS2 filesystems as they are
   likely to use more than 6 seconds to stop
 - exportfs: fix ocft script failure
 - build: fix failing to run "ln -s" if link already exists
 - Multiple RA: fix bashisms
 - Filesystem: add lustre as networked filesystem
 - Multiple RA: use secure tmp file location
 - Squid: added squid_opts parameter to metadata
 - ZFS: importforce should not be a unique parameter.
 - aliyun-vpc-move-ip: log output when failing and add debug logging
 - aws-vpc-move-ip/aws-vpc-route53: add awscli parameter for consistency with
   other AWS agents
 - aws-vpc-move-ip: delete remaining route entries
 - aws-vpc-route53: cleanup and improvements
 - aws-vpc-route53: add support for public and secondary private IPs
 - azure-events: handle exceptions in urlopen()
 - clvm: fix _default variables for daemon_options and activate_vgs
 - db2: HADR add STANDBY/REMOTE_CATCHUP_PENDING/DISCONNECTED to correctly
   promote standby node when master node disappears (e.g. via fencing)
 - exportfs: add symlink support
 - galera: fix value used for connecting with empty password.
 - gcp-pd-move: fixes and improvements
 - gcp-vpc-move-route/gcp-vpc-move-vip: disable google api cache discovery
 - nfsserver: fix NFSv4-only support
 - nfsserver: prevent error messages when /etc/sysconfig/nfs does not exist
 - ocf-shellfuncs: fix ocf_is_clone() (clone_max can be 0 with cloned resources)
 - ocf.py: eliminated logging.basicConfig(), which made all log data appear in
   stderr as well
 - oracle: increase security of monitor user in oracle
 - pgsql: support to crm_mon output for Pacemaker-2.0.3.
 - podman: make sure to remove containers with lingering exec sessions
 - rabbitmq-cluster: increase the rabbitmqctl wait timeout during start()
 - redis: run validate-action during start
 - tomcat: only create directory during start action

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.6.0/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.6.0 rc1

2020-06-11 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.6.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.6.0rc1

The most significant enhancements in this release are:
- new resource agents:
 - crypt
 - mdraid
 - docker-compose
 - dummypy

- bugfixes and enhancements:
 - Filesystem: add lustre as networked filesystem
 - Multiple RA: use secure tmp file location
 - Squid: added squid_opts parameter to metadata
 - ZFS: importforce should not be a unique parameter.
 - aliyun-vpc-move-ip: log output when failing and add debug logging
 - aws-vpc-move-ip/aws-vpc-route53: add awscli parameter for consistency with
   other AWS agents
 - aws-vpc-move-ip: delete remaining route entries
 - aws-vpc-route53: cleanup and improvements
 - aws-vpc-route53: add support for public and secondary private IPs
 - azure-events: handle exceptions in urlopen()
 - clvm: fix _default variables for daemon_options and activate_vgs
 - db2: HADR add STANDBY/REMOTE_CATCHUP_PENDING/DISCONNECTED to correctly
   promote standby node when master node disappears (e.g. via fencing)
 - exportfs: add symlink support
 - galera: fix value used for connecting with empty password.
 - gcp-pd-move: fixes and improvements
 - gcp-vpc-move-route/gcp-vpc-move-vip: disable google api cache discovery
 - nfsserver: fix NFSv4-only support
 - nfsserver: prevent error messages when /etc/sysconfig/nfs does not exist
 - ocf-shellfuncs: fix ocf_is_clone() (clone_max can be 0 with cloned resources)
 - ocf.py: eliminated logging.basicConfig(), which made all log data appear in
   stderr as well
 - oracle: increase security of monitor user in oracle
 - pgsql: support to crm_mon output for Pacemaker-2.0.3.
 - podman: make sure to remove containers with lingering exec sessions
 - rabbitmq-cluster: increase the rabbitmqctl wait timeout during start()
 - redis: run validate-action during start
 - tomcat: only create directory during start action

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.6.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.6.0

2020-06-04 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.6.0:
4.6.0-rc1: June 11.
4.6.0: June 18.

New agents:
- crypt
- mdraid
- docker-compose

Full list of changes:
https://github.com/ClusterLabs/resource-agents/compare/v4.5.0...master

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 117 issues and 55 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] unable to start fence_scsi on a new add node

2020-04-20 Thread Oyvind Albrigtsen

Sound like you need to increase the number of journals for your GFS2
filesystem.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/global_file_system_2/s1-manage-addjournalfs


Oyvind

On 19/04/20 11:03 +, Stefan Sabolowitsch wrote:

Andrei,
i found this.
if i try to mount the volume by hand, i get this error message

[root@logger log]# mount /dev/mapper/vg_cluster-lv_cluster /data-san
mount: mount /dev/mapper/vg_cluster-lv_cluster on /data-san failed: to many 
users
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] iSCSILogicalUnit - scsi_id and multiple clusters

2020-03-11 Thread Oyvind Albrigtsen

On 06/03/20 13:22 +0200, Strahil Nikolov wrote:

On March 6, 2020 11:06:13 AM GMT+02:00, Oyvind Albrigtsen  
wrote:

Hi Strahil,

It seems like it tries to set one based on the resource name, and from
a quick check it seems like it also did on RHEL 7.5.

https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/iSCSILogicalUnit.in#L57


Oyvind

On 05/03/20 23:15 +0200, Strahil Nikolov wrote:

Hey Community,

I finaly got some time to report  an issue with iSCSILogicalUnit and

scsi_id  ( https://github.com/ClusterLabs/resource-agents/issues/1463
).


The  issue was observed a while ago on RHEL 7.5 and SLES 12 SP4.

Do you know if any change was made to:
A)  Either make 'scsi_id'  a mandatory option
B)  When 'scsi_id' is   not provided by the admin,  a random one is

picked (permanently)


If not, then the github issue is relevant.

Sadly, my exam (EX436) is on monday and I can't test it before that.

Best Rregards,
Strahil Nikolov
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Thanks for the reply, Oyvind

In an environment with naming convention that allows globally non-unique  
resource names - this could cause the behaviour I have described in github (2 
clusters,  2 separate luns,  client's multipath aggregates them in 1 lun with 4 
paths).

Do you think that a better approach will be to  mark 'scsi_id' as mandatory 
option (of course  we can bypass with  'pcs  --force') or  we should randomly 
set one on resource creation if the value is not defined ?
Of course  ,  the algorithm can get a little modification  - a random seed  for 
example.

The second & third  options will be harder  to implement as we got both pcs  & 
crmsh actively used among distributions,  but will add some 'dummy proofness'. For me 
the first option is easiest to implement.

Adding info about it in metadata might be the best way to go.

Making it mandatory might annoy users who use Ansible or other
solutions to setup having to change their Playbooks to set it.



Best Regards,
Strahil Nikolov



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.5.0

2020-03-06 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.5.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.5.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - iSCSILogicalUnit: fix default value for OCF_RESKEY_liot_bstype
 - aws-vpc-move-ip: add parameter for role to use to query/update route table
 - Filesystem: add trigger_udev_rules_if_need() for -U, -L, or /dev/xxx device
 - Filesystem: refresh UUID in the start phase
 - IPaddr2: add noprefixroute parameter
 - IPaddr2: add info to metadata that ipt_CLUSTERIP "iptables" extension is not 
"nft" backend compatible, and iptables-legacy support for distros that still support it
 - IPsrcaddr: replace local rule if using local table, and set src back to 
primary for device on stop
 - IPsrcaddr: fix failure during probe when using destination/table parameters
 - LVM-activate: add OCF_CHECK_LEVEL 10 check that can be enabled to verify vg or lv 
validity with an additional "read 1 byte" test in special cases like iSCSI SAN
 - MailTo: fix variable expansion
 - SAPInstance: clear the $DIR_EXECUTABLE variable so we catch the situation 
when we lose the directory with binaries after first sapinstance_init invokation
 - aliyun-vpc-move-ip: add support for both 'go' and 'python' versions of 
Aliyun CLI, and auto-detect which to use by default
 - apache: use get_release_id() to detect OS/distro, and fix LOAD_STATUS_MODULE 
issue
 - azure-lb set socat to default on SUSE distributions.
 - exportfs: allow multiple exports of same directory
 - iSCSILogicalUnit: add liot_bstype to handle block/fileio for targetcli, and 
change behavior of lio-t with portals which do not use 0.0.0.0
 - ldirectord: support sched-flags
 - lvmlockd: fix for LVM2 v2.03+ removing lvmetad
 - mysql-common: return correct rc during start-action
 - oralsnr: allow using the same tns_admin directory for different listeners
 - pgsql: Support for PostgreSQL 12
 - podman: improve the code for checking if an image exists
 - rabbitmq-cluster: ensure we delete nodename if stop action fails
 - redis: validate_all: fix file status tests
 - spec: add missing requirement (lsb-release)

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.5.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] iSCSILogicalUnit - scsi_id and multiple clusters

2020-03-06 Thread Oyvind Albrigtsen

Hi Strahil,

It seems like it tries to set one based on the resource name, and from
a quick check it seems like it also did on RHEL 7.5.

https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/iSCSILogicalUnit.in#L57


Oyvind

On 05/03/20 23:15 +0200, Strahil Nikolov wrote:

Hey Community,

I finaly got some time to report  an issue with iSCSILogicalUnit and scsi_id  ( 
https://github.com/ClusterLabs/resource-agents/issues/1463 ).

The  issue was observed a while ago on RHEL 7.5 and SLES 12 SP4.

Do you know if any change was made to:
A)  Either make 'scsi_id'  a mandatory option
B)  When 'scsi_id' is   not provided by the admin,  a random one is picked 
(permanently)

If not, then the github issue is relevant.

Sadly, my exam (EX436) is on monday and I can't test it before that.

Best Rregards,
Strahil Nikolov
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.5.0 rc1

2020-02-28 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.5.0 rc1.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.5.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - Filesystem: add trigger_udev_rules_if_need() for -U, -L, or /dev/xxx device
 - Filesystem: refresh UUID in the start phase
 - IPaddr2: add noprefixroute parameter
 - IPaddr2: add info to metadata that ipt_CLUSTERIP "iptables" extension is not 
"nft" backend compatible, and iptables-legacy support for distros that still support it
 - IPsrcaddr: replace local rule if using local table, and set src back to 
primary for device on stop
 - IPsrcaddr: fix failure during probe when using destination/table parameters
 - LVM-activate: add OCF_CHECK_LEVEL 10 check that can be enabled to verify vg or lv 
validity with an additional "read 1 byte" test in special cases like iSCSI SAN
 - MailTo: fix variable expansion
 - SAPInstance: clear the $DIR_EXECUTABLE variable so we catch the situation 
when we lose the directory with binaries after first sapinstance_init invokation
 - aliyun-vpc-move-ip: add support for both 'go' and 'python' versions of 
Aliyun CLI, and auto-detect which to use by default
 - apache: use get_release_id() to detect OS/distro, and fix LOAD_STATUS_MODULE 
issue
 - azure-lb set socat to default on SUSE distributions.
 - exportfs: allow multiple exports of same directory
 - iSCSILogicalUnit: add liot_bstype to handle block/fileio for targetcli, and 
change behavior of lio-t with portals which do not use 0.0.0.0
 - ldirectord: support sched-flags
 - lvmlockd: fix for LVM2 v2.03+ removing lvmetad
 - mysql-common: return correct rc during start-action
 - oralsnr: allow using the same tns_admin directory for different listeners
 - pgsql: Support for PostgreSQL 12
 - podman: improve the code for checking if an image exists
 - rabbitmq-cluster: ensure we delete nodename if stop action fails
 - redis: validate_all: fix file status tests
 - spec: add missing requirement (lsb-release)

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.5.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] fence-virt v1.0.0

2020-02-25 Thread Oyvind Albrigtsen

On 25/02/20 15:59 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v1.0.0.

Correction: fence-virt


The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v1.0.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
- build: try to detect initscripts directory
- fence_virtd: accept SIGTERM while waiting for initialization
- fence_virtd: add manpages to service file

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.9.0...v1.0.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-virt v1.0.0

2020-02-25 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v1.0.0.

The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v1.0.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: try to detect initscripts directory
 - fence_virtd: accept SIGTERM while waiting for initialization
 - fence_virtd: add manpages to service file

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.9.0...v1.0.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] announcement: schedule for resource-agents release 4.5.0

2020-02-20 Thread Oyvind Albrigtsen

Hi,

This is a tentative schedule for resource-agents v4.5.0:
4.5.0-rc1: February 27.
4.5.0: March 5.

PostgreSQL 12 support has been added to the pgsql agent, so make sure
to give it some additional testing with v12 and older versions to
ensure it's working correctly.

I've modified the corresponding milestones at
https://github.com/ClusterLabs/resource-agents/milestones

If there's anything you think should be part of the release
please open an issue, a pull request, or a bugzilla, as you see
fit.

If there's anything that hasn't received due attention, please
let us know.

Finally, if you can help with resolving issues consider yourself
invited to do so. There are currently 105 issues and 54 pull
requests still open.


Cheers,
Oyvind Albrigtsen

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] fence-virt v0.9.0

2019-11-21 Thread Oyvind Albrigtsen

There's also been added a spec-file and RPM build targets for
RPM-based distros, so give it a shot and create a Pull Request or
Issue on GitHub if Requires/BuildRequires or similar needs to be
updated for a distro.

On 21/11/19 13:00 +0100, Oyvind Albrigtsen wrote:

ClusterLabs is happy to announce fence-agents v0.9.0, which is the
last pre-1.0 release.

The entire build system has been reworked with automake/libtool, so
give it some additional testing before upgrading distro packages.

The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v0.9.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
- build: rework build system to use automake/libtool
- fence-virt: add vsock support
- fence_virt: rename challenge functions
- fence_virt: dont report success for incorrect parameters
- fence_virt: mcast: config: warn when provided mcast addr is not used
- fence_virtd: fix segfault in vl_get when no domains are found
- fence_virtd: fix transposed arguments in startup message
- fence_virtd: return control to main loop on select interruption

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.4.0...v0.9.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-virt v0.9.0

2019-11-21 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v0.9.0, which is the
last pre-1.0 release.

The entire build system has been reworked with automake/libtool, so
give it some additional testing before upgrading distro packages.

The source code is available at:
https://github.com/ClusterLabs/fence-virt/releases/tag/v0.9.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - build: rework build system to use automake/libtool
 - fence-virt: add vsock support
 - fence_virt: rename challenge functions
 - fence_virt: dont report success for incorrect parameters
 - fence_virt: mcast: config: warn when provided mcast addr is not used
 - fence_virtd: fix segfault in vl_get when no domains are found
 - fence_virtd: fix transposed arguments in startup message
 - fence_virtd: return control to main loop on select interruption

The full list of changes for fence-agents is available at:
https://github.com/ClusterLabs/fence-virt/compare/v0.4.0...v0.9.0

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] fence-agents v4.5.2

2019-10-23 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce fence-agents v4.5.2, which is a
bugfix release for v4.5.1.

The source code is available at:
https://github.com/ClusterLabs/fence-agents/releases/tag/v4.5.2

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - fence_compute: disable service after force-down to avoid issues w/OSP16+
 - fence_rhevm: added cookie file management
 - fence_vmware_rest: improve logging
 - spec: add openstack subpackage

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The fence-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.4.0

2019-10-23 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.4.0.

Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.4.0

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - NodeUtilization: fix Xen detection and improve logging
 - All RA: Use _default variables for all parameters
 - Build: improvements and fixes to make "make rpm" work on all archs in CI
 - CTDB: add support for v4.9+
 - Delay: protect grep regex argument from shell globbing
 - Filesystem: don't call readlink on path if it doesnt exist
 - Filesystem: fix to avoid killing all root user processeswhen bind mounting a 
directory on /
 - Filesystem: improve "/" check for bind mounts
 - IPaddr2: fix to work properly with unsanitized IPv6 addresses
 - IPsrcaddr: add destination and table parameters
 - LVM-activate: add partial-activation support
 - LVM-activate: fix monitor might hang due to lvm_validate, which was added by 
accident
 - LVM-activate: move pvscan --cache to validate
 - Route: dont fence node when parameters arent set
 - apache: check if SUSE binaries are executable
 - apache: fix to also detect mod_status.so when it is a symlink
 - apache: improve PidFile pattern to support multiple instances
 - apache: load status module on SUSE distros
 - aws-vpc-route53: improved API error handling and fix to avoid race-condition 
during probe
 - aws-vpc-route53: replace ec2metada with curl to fetch the IP address 
directly from EC2 metadata
 - azure-lb: add support for using socat instead of nc
 - docker: improve the check for the docker daemon being up
 - exportfs: doc clarification for clientspec format
 - gcp-pd-move: add stackdriver_logging parameter
 - iSCSILogicalUnit: only create acls if it doesnt exist
 - mysql/mariadb/galera: use runuser/su to avoid using SELinux DAC_OVERRIDE
 - mysql: add support for SSL replication
 - nfsserver: performance improvements for systemd enabled systems
 - ora-common: fix to fail when sid parameter is invalid
 - podman: generate drop-in dependencies for podman containers
 - podman: only use exec to manage container's lifecycle
 - rabbitmq-cluster: also restore users/perms/policies when starting in single 
node mode
 - redis: fix master_is_active() erroneously reporting there is master when 
there is not (fixes issue #1399)
 - redis: use optimal password passing method and warning filtering workaround

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.4.0/ChangeLog

Everyone is encouraged to download and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


[ClusterLabs] resource-agents v4.4.0 rc1

2019-10-16 Thread Oyvind Albrigtsen

ClusterLabs is happy to announce resource-agents v4.4.0 rc1.
Source code is available at:
https://github.com/ClusterLabs/resource-agents/releases/tag/v4.4.0rc1

The most significant enhancements in this release are:
- bugfixes and enhancements:
 - All RA: Use _default variables for all parameters
 - Build: improvements and fixes to make "make rpm" work on all archs in CI
 - CTDB: add support for v4.9+
 - Delay: protect grep regex argument from shell globbing
 - Filesystem: don't call readlink on path if it doesnt exist
 - Filesystem: fix to avoid killing all root user processeswhen bind mounting a 
directory on /
 - Filesystem: improve "/" check for bind mounts
 - IPaddr2: fix to work properly with unsanitized IPv6 addresses
 - IPsrcaddr: add destination and table parameters
 - LVM-activate: add partial-activation support
 - LVM-activate: fix monitor might hang due to lvm_validate, which was added by 
accident
 - LVM-activate: move pvscan --cache to validate
 - Route: dont fence node when parameters arent set
 - apache: check if SUSE binaries are executable
 - apache: fix to also detect mod_status.so when it is a symlink
 - apache: improve PidFile pattern to support multiple instances
 - apache: load status module on SUSE distros
 - aws-vpc-route53: improved API error handling and fix to avoid race-condition 
during probe
 - aws-vpc-route53: replace ec2metada with curl to fetch the IP address 
directly from EC2 metadata
 - azure-lb: add support for using socat instead of nc
 - docker: improve the check for the docker daemon being up
 - exportfs: doc clarification for clientspec format
 - gcp-pd-move: add stackdriver_logging parameter
 - iSCSILogicalUnit: only create acls if it doesnt exist
 - mysql/mariadb/galera: use runuser/su to avoid using SELinux DAC_OVERRIDE
 - mysql: add support for SSL replication
 - nfsserver: performance improvements for systemd enabled systems
 - ora-common: fix to fail when sid parameter is invalid
 - podman: generate drop-in dependencies for podman containers
 - podman: only use exec to manage container's lifecycle
 - rabbitmq-cluster: also restore users/perms/policies when starting in single 
node mode
 - redis: fix master_is_active() erroneously reporting there is master when 
there is not (fixes issue #1399)
 - redis: use optimal password passing method and warning filtering workaround

The full list of changes for resource-agents is available at:
https://github.com/ClusterLabs/resource-agents/blob/v4.4.0rc1/ChangeLog

Everyone is encouraged to download and test the new release candidate.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

Many thanks to all the contributors to this release.


Best,
The resource-agents maintainers
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


Re: [ClusterLabs] Where is the syntax for parameter types?

2019-10-16 Thread Oyvind Albrigtsen

On 16/10/19 10:53 +0200, Ulrich Windl wrote:

Hi!

I just discovered an interesting problem with my own RA that allows a boolean 
parameter:
Where is the exact syntax for "boolean" defined, and who's responsible for 
checking it? The RA or (e.g.) crm?
The concrete problem is that my RA expected the boolean parameter to be either '0' or 
'1', but crm shell was happy with the value "true".
So where is the document describing the parameter types' syntax, and who is 
responsible for checking that? RA's validate-all?

This is done by the validate-all action for the RA.

Sounds like the agent should use "ocf_is_true" instead of checking
against a specific value.

Feel free to create a pull request or issue on
https://github.com/ClusterLabs/resource-agents.


Oyvind


Regards,
Ulrich


___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


  1   2   >