SUSE-RU-2018:2748-1: moderate: Recommended update for pacemaker

sle-updates at sle-updates at
Tue Sep 18 10:08:05 MDT 2018

   SUSE Recommended Update: Recommended update for pacemaker

Announcement ID:    SUSE-RU-2018:2748-1
Rating:             moderate
References:         #1009076 #1022807 #1028138 #1035822 #1042054 
                    #1053463 #1054389 #1058844 #1059187 #1066710 
                    #1069468 #1070347 #1074039 #1082883 #1090538 
                    #950128 #980341 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise High Availability 12-SP3

   An update that has 17 recommended fixes can now be


   This update for pacemaker provides the following fixes:

   - attrd: Accept connections only after CIB connection is active.
   - attrd,crmd: Erase attributes at attrd start-up, not first join.
   - attrd: Ensure node name is broadcast at start-up.
   - attrd: Make CIB connection function self-contained.
   - attrd,stonithd: More efficient regular expression parsing.
   - attrd: Synchronize attributes held only on own node.
   - attrd,tools: Avoid memory leaks from use of crm_itoa().
   - cib: Broadcasts of cib changes should always pass ACLs check.
   - crmd: Abort transition whenever the quorum is lost.
   - crmd: Ack pending operations that were cancelled due to rsc deletion.
   - crmd: Assert when operation can't be created.
   - crmd: Write faked failures to CIB whenever possible.
   - crmd: Do not assert if LRM query fails.
   - crmd: Do not core dump if remote connection does not exist.
   - crmd: DC should update stonith fail count before aborting transition.
   - crmd: Do not abort for v2 diff LRM refresh if actions are pending.
   - crmd: Eliminate size restriction on node state xpath.
   - crmd: Hard error if remote start fails due to missing key.
   - crmd: Improve lrmd failure handling.
   - crmd,libcrmcommon,libcluster,tools: Handle PID as string properly.
   - crmd,liblrmd,libcrmcommon: Improve remote node disconnection logs.
   - crmd: Match only executed down events.
   - crmd: Quorum gain should always cause new transition.
   - crmd: Return rich error codes from get_lrm_resource().
   - crmd: Scale all cib operation timeouts.
   - crmd: Scale timeouts with the number of remotes too.
   - crmd: Validate CIB diffs better.
   - crm_mon: Make CGI bail out on suspicious arguments.
   - crm_mon: Overcome crm_system_name no longer influenced with argv.
   - crm_resource: Ensure waiting for all messages before exiting.
   - crm_resource: Prevent disconnection from crmd during cleanup.
   - cts: Adjust pacemaker service on startup to prevent triggering
     StopWhenUnneeded of corosync service.
   - Doc: Add documentation for new pcmk_delay_base. (bsc#1074039)
   - extra: Correct ClusterMon metadata.
   - fencing: Do not print events twice when stonith_admin --verbose is used.
   - fencing: Fix a memory leak in stonith_admin --env.
   - iso8601: strftime needs a fully populated struct tm. (bsc#1058844)
   - libcib: Always use current values when unpacking config.
   - libcib: Correctly search for v2 patchset changes.
   - libcib: Ensure xpath result is not empty.
   - libcib: Get remoteness correctly from node status.
   - libcluster,libcrmcommon: Improve BZ2 error messages.
   - libcrmcluster: Improve error checking when updating node name.
   - libcrmcluster: Use crm_strdup_printf() instead of calloc().
   - libcrmcommon: Make sure async connection callback uses negative error
   - libcrmcommon: Avoid memory leak when the schema transform is not found.
   - libcrmcommon: Fix a possible infinite loop in buffer_print.
   - libcrmcommon: Handle schema versions properly.
   - libcrmcommon: Improve user lookup messages.
   - libcrmcommon,liblrmd: Improve remote connection messages.
   - libcrmcommon,liblrmd,lrmd: Improve messages for failed remote sends.
   - libcrmcommon,liblrmd,lrmd: Validate PCMK_remote_port.
   - libcrmcommon,liblrmd: Report meaningful async connection errors.
   - libcrmcommon: Lower watchdog messages when default.
   - libcrmcommon,lrmd: Use meaningful error codes when sending remote
   - libcrmcommon: Return meaningful error codes to connection callbacks.
   - libcrmcommon,tools: Improve XML write error handling.
   - libcrmservice: Prevent an infinite loop on a bad DBus reply.
   - libcrmservice: Avoid memory leak on DBus error.
   - libcrmservice: Follow LSB standard for header block more strictly.
   - libcrmservice,pacemakerd: Improve privilege dropping.
   - libcrmservice: Parse LSB long description correctly.
   - libcrmservices: Avoid assert for HB resource with no parameters.
   - liblrmd: Make sure the operation of a remote resource returns if the
     setup of the key fails. (bsc#1053463)
   - libpe_status: Always log startup-fencing value.
   - libpe_status: Fix precedence of operation in meta-attributes.
   - libpe_status: Limit resource type check to primitives.
   - libpe_status: Make sure monitors are rescheduled, not reloaded.
   - libpe_status: Properly detect when nodes should suicide.
   - libpe_status: Recover after failed demote when appropriate.
   - libpe_status: Use correct default timeout for probes.
   - libpe_status: Validate no-quorum-policy=suicide correctly.
   - libservices: Handle systemd service reloading as OK. (bsc#1059187)
   - logging: Ensure blackbox gets generated on arithmetic error.
   - lrmd: Always use most recent remote proxy.
   - lrmd: Do not reject protocol 1.0 clients. (bsc#1009076)
   - lrmd: Prevent double free after unregistering stonith device for
     monitoring. (bsc#1035822)
   - lrmd: Tweak TLS listener messages.
   - pacemaker_remote: Warn if TLS key can't be read at start-up.
   - pacemaker.service: Recommend not to limit tasks. (bsc#1028138,
   - PE: Allow all resources to stop prior to probes completing.
   - PE: Make sure bare metal remotes are probed as now they can run
   - PE: Correctly implement pe_order_implies_first_printed.
   - PE: Detailed resource information should include connection resource
   - PE: Do not re-add a node's default score for each location constraint.
   - PE: Ensure stop operations occur after stopped remote connections have
     been brought up.
   - PE: Ensure unrecoverable remote nodes are fenced even if no resources
     can run on them.
   - PE: Exclude resources and nodes from the symmetric_default constraint in
     some circumstances.
   - PE: Flag resources that are acting as remote nodes.
   - PE: Ignore optional unfencing events and report the fencing type.
   - PE: Improved logging of reasons for stop/restart actions.
   - pengine: Avoid fence loop for remote nodes.
   - pengine: Fix a null pointer dereference when unpacking tickets.
   - pengine: Detect proper clone name at startup.
   - pengine: Do not ignore permanent master scores at startup.
   - pengine: Do not keep unique instances on same node.
   - pengine: Schedule reload and restart in separate transition.
   - pengine: Handle resource migrating behind a migrating remote connection.
   - pengine: If ignoring failure, also ignore migration-threshold.
   - pengine: Improve messages when assigning resources to nodes.
   - pengine: Make sure calculated resource scores are consistent on
     different architectures. (bsc#1054389)
   - pengine: Fix a memory leak when writing graph to file.
   - pengine: Re-enable unrecoverable remote fencing.
   - pengine: Reset loss-policy from fence to stop if no fencing.
   - pengine,tools,libpe_status: Avoid unnecessary use of pe_find_current.
   - pengine: Use newer Pacemaker Remote terminology.
   - pengine: Validate more function arguments.
   - pengine: Fix swapped warning message arguments leading to segfault.
   - PE: Only allowed nodes need to be considered when ordering resource
     startup after all recovery.
   - PE: Only re-trigger unfencing on nodes that ran operations with the old
   - PE: Remote connection resources are safe to require only quorum.
   - PE: Resources are allowed to stop before their state is known everywhere.
   - PE: Restore the ability to send the transition graph via the disk if it
     gets too big.
   - PE: Unfencing: Correctly detect changes to device definitions.
   - portability: The difference of time_t values is given by difftime().
   - RA: ClusterMon: Correctly handle "update" parameter.
   - RA: NodeUtilization RA is now shipped by resource-agents package.
   - remote: Allow cluster and remote LRM API versions to diverge.
   - spec: Make sure shadow package is installed before adding user and group.
   - spec: Prevent overwriting existing sysconfig files by conditionally
     running %fillup_only. (bsc#1022807, bsc#980341)
   - stonith-ng: Add pcmk_delay_base as static base-delay. (bsc#1074039)
   - stonith-ng: Advertise pcmk_on_action via metadata.
   - stonith-ng: Avoid double-free of pending-ops in free_device.
   - stonith-ng: Make fencing-device reappear properly after reenabling.
   - systemd: Add TasksMax comment to pacemaker_remote unit. (bsc#1028138,
   - systemd unit files: Enable TasksMax=infinity. (bsc#1028138, bsc#1066710)
   - systemd unit files: Restore DBus dependency.
   - TE: Don't bump counters when action or synapse is invalid.
   - tools: Add version options for cibsecret.
   - tools: Allow crm_resource to be called without arguments.
   - tools: allow crm_resource to operate on anonymous clones in unknown
   - tools: Do not fail if already at the latest schema in cibadmin --upgrade.
   - tools: Differentiate trace log level for RAs.
   - tools: Do not expect reply to failed send.
   - tools: Ensure the crm_resource data set is initialized.
   - tools: Ensure that crm_resource works if no command is specified.
   - tools: Implement clean-up dry-run correctly.
   - tools: Improve crm_master and crm_standby option handling.
   - tools: Improve crm_resource help. (bsc#950128)
   - tools: Add missing break statement in attrd_updater.
   - tools: Re-enable crm_resource --lifetime option. (bsc#950128)
   - tools: Set meta_timeout env when crm_resource --force-* executes RA.
   - tools: Set the correct OCF_RESOURCE_INSTANCE env when crm_resource
     --force-* executes RA.
   - tools: Fix a use-after-free error in crm_diff.
   - tools: Warn if crm_resource --wait is called in mixed-version cluster.
   - Prevent notify actions from causing --wait to hang.
   - Install /etc/pacemaker directory for storing authkey file. (bsc#1082883)
   - Replace references to /var/adm/fillup-templates with new %_fillupdir
     macro. (bsc#1069468)

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1917=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1917=1

Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):



More information about the sle-updates mailing list