I am happy to announce the latest release of pcs, version 0.10.1.
Source code is available at: https://github.com/ClusterLabs/pcs/archive/0.10.1.tar.gz or https://github.com/ClusterLabs/pcs/archive/0.10.1.zip This is the first final release of the pcs-0.10 branch. Pcs-0.10 is the new main pcs branch supporting Corosync 3.x and Pacemaker 2.x clusters while dropping support for older Corosync and Pacemaker versions. Pcs-0.9, being in maintenance mode, continues to support Corosync 1.x/2.x and Pacemaker 1.x clusters. Main changes compared to 0.9 branch: * Corosync 3.x and Kronosnet is supported while Corosync 2.x and older as well as CMAN are not * Node names are now fully supported * Pacemaker 2.x is supported while Pacemaker 1.x is not * Promotable clone resources replaced master resources; creating master resources is no longer possible but managing existing master resources is supported * Options starting with '-' and '--' are no longer accepted by commands for which those options have no effect * Obsoleting parameters of resource and fence agents are now supported and preferred over deprecated parameters * Several deprecated and / or undocumented pcs commands / options have been removed * Python 3.6+ and Ruby 2.2+ is now required Complete change log for this release against 0.9.163: ## [0.10.1] - 2018-11-23 ### Removed - Pcs-0.10 removes support for CMAN, Corosync 1.x, Corosync 2.x and Pacemaker 1.x based clusters. For managing those clusters use pcs-0.9.x. - Pcs-0.10 requires Python 3.6 and Ruby 2.2, support for older Python and Ruby versions has been removed. - `pcs resource failcount reset` command has been removed as `pcs resource cleanup` is doing exactly the same job. ([rhbz#1427273]) - Deprecated commands `pcs cluster remote-node add | remove` have been removed as they were replaced with `pcs cluster node add-guest | remove-guest` - Ability to create master resources has been removed as they are deprecated in Pacemaker 2.x ([rhbz#1542288]) - Instead of `pcs resource create ... master` use `pcs resource create ... promotable` or `pcs resource create ... clone promotable=true` - Instead of `pcs resource master` use `pcs resource promotable` or `pcs resource clone ... promotable=true` - Deprecated --clone option from `pcs resource create` command - Ability to manage node attributes with `pcs property set|unset|show` commands (using `--node` option). The same functionality is still available using `pcs node attribute` command. - Undocumented version of the `pcs constraint colocation add` command, its syntax was `pcs constraint colocation add <source resource id> <target resource id> [score] [options]` - Deprecated commands `pcs cluster standby | unstandby`, use `pcs node standby | unstandby` instead - Deprecated command `pcs cluster quorum unblock` which was replaced by `pcs quorum unblock` - Subcommand `pcs status groups` as it was not showing a cluster status but cluster configuration. The same functionality is still available using command `pcs resource group list` - Undocumented command `pcs acl target`, use `pcs acl user` instead ### Added - Validation for an unaccessible resource inside a bundle ([rhbz#1462248]) - Options to filter failures by an operation and its interval in `pcs resource cleanup` and `pcs resource failcount show` commands ([rhbz#1427273]) - Commands for listing and testing watchdog devices ([rhbz#1578891]) - Commands for creating promotable clone resources `pcs resource promotable` and `pcs resource create ... promotable` ([rhbz#1542288]) - `pcs resource update` and `pcs resource meta` commands change master resources to promotable clone resources because master resources are deprecated in Pacemaker 2.x ([rhbz#1542288]) - Support for the `promoted-max` bundle option replacing the `masters` option in Pacemaker 2.x ([rhbz#1542288]) - Support for OP_NO_RENEGOTIATION option when OpenSSL supports it (even with Python 3.6) ([rhbz#1566430]) - Support for container types `rkt` and `podman` into bundle commands ([rhbz#1619620]) - Support for promotable clone resources in pcsd and web UI ([rhbz#1542288]) - Obsoleting parameters of resource and fence agents are now supported and preferred over deprecated parameters ([rhbz#1436217]) - `pcs status` now shows failed and pending fencing actions and `pcs status --full` shows the whole fencing history. Pacemaker supporting fencing history is required. ([rhbz#1615891]) - `pcs stonith history` commands for displaying, synchronizing and cleaning up fencing history. Pacemaker supporting fencing history is required. ([rhbz#1620190]) - Validation of node existence in a cluster when creating location constraints ([rhbz#1553718]) - Command `pcs client local-auth` for authentication of pcs client against local pcsd. This is required when a non-root user wants to execute a command which requires root permissions (e.g. `pcs cluster start`). ([rhbz#1554302]) - Command `pcs resource group list` which has the same functionality as removed command `pcs resource show --groups` ### Fixed - Fixed encoding of the CIB_user_groups cookie in communication between nodes. - `pcs cluster cib-push diff-against=` does not consider an empty diff as an error ([ghpull#166]) - `pcs cluster cib-push diff-against=` exits gracefully with an error message if crm_feature_set < 3.0.9 ([rhbz#1488044]) - `pcs resource update` does not create an empty meta_attributes element any more ([rhbz#1568353]) - `pcs resource debug-*` commands provide debug messages even with pacemaker-1.1.18 and newer ([rhbz#1574898]) - Improve `pcs quorum device add` usage and man page ([rhbz#1476862]) - Removing resources using web UI when the operation takes longer than expected ([rhbz#1579911]) - Removing a cluster node no longer leaves the node in the CIB and therefore cluster status even if the removal is run on the node which is being removed ([rhbz#1595829]) - Possible race condition causing an HTTP 408 error when sending larger files via pcs ([rhbz#1600169]) - Configuring QDevice works even if NSS with the new db format (cert9.db, key4.db, pkcs11.txt) is used ([rhbz#1596721]) - Options starting with '-' and '--' are no longer accepted by commands for which those options have no effect ([rhbz#1533866]) - When a user makes an error in a pcs command, usage for that specific command is printed instead of printing the whole usage - Show more user friendly error message when testing watchdog device and multiple devices are present ([rhbz#1578891]) - Do not distinguish between supported and unsupported watchdog devices as SBD cannot reliably provide such information ([rhbz#1578891]) - `pcs config` no longer crashes when `crm_mon` prints something to stderr ([rhbz#1578955]) - `pcs resource bundle update` cmd for bundles which are using unsupported container backend ([rhbz#1619620]) - Do not crash if unable to load SSL certificate or key, log errors and exit gracefully instead ([rhbz#1638852]) - Fixed several issues in parsing `pcs constraint colocation add` command. - All `remove` subcommands now have `delete` aliases and vice versa. Previously, only some of them did and it was mostly undocumented. - The `pcs acl role delete` command no longer deletes ACL users and groups with no ACL roles assigned ### Changed - Authentication has been overhauled ([rhbz#1549535]): - The `pcs cluster auth` command only authenticates nodes in a local cluster and does not accept a node list. - The new command for authentication is `pcs host auth`. It allows to specify host names, addresses and pcsd ports. - Previously, running `pcs cluster auth A B C` caused A, B and C to be all authenticated against each other. Now, `pcs host auth A B C` makes the local host authenticated against A, B and C. This allows better control of what is authenticated against what. - The `pcs pcsd clear-auth` command has been replaced by `pcs pcsd deauth` and `pcs host deauth` commands. The new commands allows to deauthenticate a single host / token as well as all hosts / tokens. - These changes are not backward compatible. You should use the `pcs host auth` command to re-authenticate your hosts. - The `pcs cluster setup` command has been overhauled ([rhbz#1158816], [rhbz#1183103]): - It works with Corosync 3.x only and supports knet as well as udp/udpu. - Node names are now supported. - The number of Corosync options configurable by the command has been significantly increased. - The syntax of the command has been completely changed to accommodate the changes and new features. - Corosync encryption is enabled by default when knet is used ([rhbz#1648942]) - The `pcs cluster node add` command has been overhauled ([rhbz#1158816], [rhbz#1183103]) - It works with Corosync 3.x only and supports knet as well as udp/udpu. - Node names are now supported. - The syntax of the command has been changed to accommodate new features and to be consistent with other pcs commands. - The `pcs cluster node remove` has been overhauled ([rhbz#1158816], [rhbz#1595829]): - It works with Corosync 3.x only and supports knet as well as udp/udpu. - It is now possible to remove more than one node at once. - Removing a cluster node no longer leaves the node in the CIB and therefore cluster status even if the removal is run on the node which is being removed - Node names are fully supported now and are no longer coupled with node addresses. It is possible to set up a cluster where Corosync communicates over different addresses than pcs/pcsd. ([rhbz#1158816], [rhbz#1183103]) - Node names are now required while node addresses are optional in the `pcs cluster node add-guest` and `pcs cluster node add-remove` commands. Previously, it was the other way around. - Web UI has been updated following changes in authentication and support for Corosync 3.x ([rhbz#1158816], [rhbz#1183103], [rhbz#1549535]) - Commands related to resource failures have been overhauled to support changes in pacemaker. Failures are now tracked per resource operations on top of resources and nodes. ([rhbz#1427273], [rhbz#1588667]) - `--watchdog` and `--device` options of `pcs stonith sbd enable` and `pcs stonith sbd device setup` commands have been replaced with `watchdog` and `device` options respectively - Update pacemaker daemon names to match changes in pacemaker-2.0 ([rhbz#1573344]) - Watchdog devices are validated against a list provided by sbd ([rhbz#1578891]) - Resource operation option `requires` is no longer accepted to match changes in pacemaker-2.0 ([rhbz#1605185]) - Update pacemaker exit codes to match changes in pacemaker-2.0 ([rhbz#1536121]) - `pcs cluster cib-upgrade` no longer exits with an error if the CIB schema is already the latest available (this has been changed in pacemaker-2.0) - Pcs now configures corosync to put timestamps in its log ([rhbz#1615420]) - Option `-V` has been replaced with `--full` and a CIB file can be specified only using option `-f` in `pcs cluster verify` - Master resources are now called promotable clone resources to match changes in pacemaker-2.0 ([rhbz#1542288]) - Key size of default pcsd self-generated certificates increased from 2048b to 3072b ([rhbz#1638852]) - pcsd.service now depends on network-online.target ([rhbz#1640477]) - Split command `pcs resource [show]` into two new commands: - `pcs resource [status]` - same as `pcs resource [show]` - `pcs resource config` - same as `pcs resource [show] --full` or resource id specified instead of --full Respective changes have been made to `pcs stonith [show]` command. - Previously, `pcs cluster sync` synchronized only corosync configuration across all nodes configured in the cluster. This command will be changed in the future to sync all cluster configuration. New subcommand `pcs cluster sync corosync` has been introduced to sync only corosync configuration. For now, both commands have the same functionality. ### Security - CVE-2018-1086: Debug parameter removal bypass, allowing information disclosure ([rhbz#1557366]) - CVE-2018-1079: Privilege escalation via authorized user malicious REST call ([rhbz#1550243]) ### Deprecated - The `masters` bundle option is obsoleted by the `promoted-max` option in Pacemaker 2.x and therefore in pcs ([rhbz#1542288]) - `pcs cluster uidgid rm`, use `pcs cluster uidgid delete` or `pcs cluster uidgid remove` instead Thanks / congratulations to everyone who contributed to this release, including Bruno Travouillon, Ivan Devat, Jan Pokorný, Ondrej Mular and Tomas Jelinek. Cheers, Tomas [ghpull#166]: https://github.com/ClusterLabs/pcs/pull/166 [rhbz#1158816]: https://bugzilla.redhat.com/show_bug.cgi?id=1158816 [rhbz#1183103]: https://bugzilla.redhat.com/show_bug.cgi?id=1183103 [rhbz#1427273]: https://bugzilla.redhat.com/show_bug.cgi?id=1427273 [rhbz#1436217]: https://bugzilla.redhat.com/show_bug.cgi?id=1436217 [rhbz#1462248]: https://bugzilla.redhat.com/show_bug.cgi?id=1462248 [rhbz#1476862]: https://bugzilla.redhat.com/show_bug.cgi?id=1476862 [rhbz#1488044]: https://bugzilla.redhat.com/show_bug.cgi?id=1488044 [rhbz#1533866]: https://bugzilla.redhat.com/show_bug.cgi?id=1533866 [rhbz#1536121]: https://bugzilla.redhat.com/show_bug.cgi?id=1536121 [rhbz#1542288]: https://bugzilla.redhat.com/show_bug.cgi?id=1542288 [rhbz#1549535]: https://bugzilla.redhat.com/show_bug.cgi?id=1549535 [rhbz#1550243]: https://bugzilla.redhat.com/show_bug.cgi?id=1550243 [rhbz#1553718]: https://bugzilla.redhat.com/show_bug.cgi?id=1553718 [rhbz#1554302]: https://bugzilla.redhat.com/show_bug.cgi?id=1554302 [rhbz#1557366]: https://bugzilla.redhat.com/show_bug.cgi?id=1557366 [rhbz#1566430]: https://bugzilla.redhat.com/show_bug.cgi?id=1566430 [rhbz#1568353]: https://bugzilla.redhat.com/show_bug.cgi?id=1568353 [rhbz#1573344]: https://bugzilla.redhat.com/show_bug.cgi?id=1573344 [rhbz#1574898]: https://bugzilla.redhat.com/show_bug.cgi?id=1574898 [rhbz#1578891]: https://bugzilla.redhat.com/show_bug.cgi?id=1578891 [rhbz#1578955]: https://bugzilla.redhat.com/show_bug.cgi?id=1578955 [rhbz#1579911]: https://bugzilla.redhat.com/show_bug.cgi?id=1579911 [rhbz#1588667]: https://bugzilla.redhat.com/show_bug.cgi?id=1588667 [rhbz#1595829]: https://bugzilla.redhat.com/show_bug.cgi?id=1595829 [rhbz#1596721]: https://bugzilla.redhat.com/show_bug.cgi?id=1596721 [rhbz#1600169]: https://bugzilla.redhat.com/show_bug.cgi?id=1600169 [rhbz#1605185]: https://bugzilla.redhat.com/show_bug.cgi?id=1605185 [rhbz#1615420]: https://bugzilla.redhat.com/show_bug.cgi?id=1615420 [rhbz#1615891]: https://bugzilla.redhat.com/show_bug.cgi?id=1615891 [rhbz#1619620]: https://bugzilla.redhat.com/show_bug.cgi?id=1619620 [rhbz#1620190]: https://bugzilla.redhat.com/show_bug.cgi?id=1620190 [rhbz#1638852]: https://bugzilla.redhat.com/show_bug.cgi?id=1638852 [rhbz#1640477]: https://bugzilla.redhat.com/show_bug.cgi?id=1640477 [rhbz#1648942]: https://bugzilla.redhat.com/show_bug.cgi?id=1648942 _______________________________________________ Users mailing list: Users@clusterlabs.org https://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org