pcs resource manage --monitorno longer enables monitor operation for all resources in a group if only one of the resources was requested to become managed (rhbz#1918527)- Misleading error message from
pcs booth syncwhen booth config directory (/etc/booth) is missing (rhbz#1791670) pcs quorum device removeworks again (broken since 0.10.13) (rhbz#2115326)
- CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM auth. (huntr#220307, rhbz#2068456)
- Pcsd does not expose the server name in HTTP headers anymore (rhbz#2058278)
- Set
Strict-Transport-Security: max-age=63072000HTTP header for all responses (rhbz#2097392) - Set HTTP headers to prevent caching everything except static files (rhbz#2097383)
- Set HTTP headers to prevent sending referrer (rhbz#2097391)
- Set cookie option SameSite to Lax (rhbz#2097393)
- Add support for fence_mpath to
pcs stonith update-scsi-devicescommand (rhbz#2023845) - Support for cluster UUIDs. New clusters now get a UUID during setup. Existing
clusters can get a UUID by running the new
pcs cluster config uuid generatecommand (rhbz#1950551) - Add warning regarding move constraints to
pcs status(rhbz#1730232) - Support for output formats
jsonandcmdtopcs resource configandpcs stonith configcommands (rhbz#1874624, rhbz#1909904)
- Agents not conforming to OCF standard are processed as if they conformed to OCF 1.0 - in the same way as before pcs-0.10.12 (rhbz#2050274)
- OCF 1.0 agents not conforming to the schema are processed anyway (rhbz#2050274)
- Booth ticket name validation (rhbz#1791661)
- Adding booth ticket doesn't report 'mode' as an unknown option anymore (rhbz#1786964)
- Preventing fence-loop caused when stonith-watchdog-timeout is set with wrong value (rhbz#1954099)
- Do not allow to create an order constraint for resources in one group as that may block Pacemaker (ghpull#509)
- Agents not complying with OCF 1.0 schema are processed, incompatibilities are listed as warnings. In pcs-0.11, they will be reported as errors and prevent pcs from working with such agents. (rhbz#2050274)
- Pcs was not automatically enabling corosync-qdevice when adding a quorum device to a cluster (broken since pcs-0.10.9) (rhbz#2028902)
resource updatecommand exiting with a traceback when updating a resource with a non-existing resource agent (rhbz#1384485)- pcs_snmp_agent is working again (broken since pcs-0.10.1) (ghpull#431)
- Skip checking of scsi devices to be removed before unfencing to be added devices (rhbz#2032997)
- Make
ocf:linbit:drbdagent pass OCF standard validation (ghissue#441, rhbz#2036633) - Multiple improvements of
pcs resource move --autodeletecommand (rhbz#1990784) - Pcs no longer creates Pacemaker-1.x CIB when
-fis used, so runningpcs cluster cib-upgrademanually is not needed (rhbz#2022463)
- Option
--autodeleteof commandpcs resource moveis fully supported (rhbz#1990784) - Support for OCF 1.1 resource and stonith agents (rhbz#2018969)
- Do not show warning that no stonith device was detected and stonith-enabled is not false when a stonith device is in a group (ghpull#370)
- Misleading error message from
pcs quorum unblockwhenwait_for_all=0(rhbz#1968088) - Misleading error message from
pcs booth setupandpcs booth pullwhen booth config directory (/etc/booth) is missing (rhbz#1791670, ghpull#411, ghissue#225)
- Add add/remove cli syntax for command
pcs stonith update-scsi-devices(rhbz#1992668)
- Fixed an error when creating a resource which defines 'depth' attribute for its operations (rhbz#1998454)
- Do not unfence newly added devices on fenced cluster nodes (rhbz#1991654)
- Fix displaying fencing levels with regular expression targets (rhbz#1533090)
- Support for new role names introduced in pacemaker 2.1 (rhbz#1885293)
- Traceback in some cases when --wait without timeout is used
- Elliptic curve TLS certificates are now supported in pcsd (ghissue#123)
- Support for corosync option
totem.block_unlisted_ips(rhbz#1720221) - Support for displaying status of a single resource or tag (rhbz#1290830)
- Support for displaying status of resources on a specified node (rhbz#1285269)
- New option
--briefforpcs resource disable --safeor its aliaspcs resource safe-disablethat only prints errors (rhbz#1909901) - Support for updating scsi fencing devices without affecting other resources
added in the new command
pcs stonith update-scsi-devices(rhbz#1759995, rhbz#1872378) - Option
--autodeleteforpcs resource movecommand which removes a location constraint used for moving a resource, once the resource has been moved. This feature is in tech-preview state and thus may be changed in the future (rhbz#1847102)
- Node attribute expressions are now correctly reported as not allowed in resource defaults rules (rhbz#1896458)
- Upgreded to jquery 3.6.0 ([rhbz#1882291, rhbz#1886342])
- Man page and help: note that 'pcs resource unclone' accepts clone resources as well (rhbz#1930886)
- Improved error messages when a host is found to be a part of a cluster already (rhbz#1690419)
pcs cluster synccommand now warns reloading corosync config is necessary for changes to take effect (rhbz#1750240)- Show user friendly error if unable to delete a group (due to the group being referenced within configuration) when moving resources out of the the group. (rhbz#1678273)
- Exit with an error if
on-fail=demoteis specified for a resource operation and pacemaker doesn't support it - The
pcs status nodescommand now correctly shows status of nodes that are both in maintenance and standby modes (rhbz#1432097)
- python3-openssl was replaced with python3-cryptography (rhbz#1927404)
pcs acl showreplaced withpcs acl configpcs alert showreplaced withpcs alert config- Undocumented command
pcs cluster certkeyreplaced withpcs pcsd certkey pcs cluster pcsd-statusreplaced withpcs status pcsdorpcs pcsd statuspcs constraint [location | colocation | order | ticket] show | listreplaced withpcs constraint [location | colocation | order | ticket] configpcs property show,pcs property listreplaced withpcs property config- pcsd urls:
/remote/config_backup,/remote/node_available,/remote/node_restart,/remote/resource_status - Undocumented syntax for constraint location rules:
date start=<date> gtreplaced withdate gt <date>date end=<date> ltreplaced withdate lt <date>date start=<date> end=<date> in_rangereplaced withdate in_range <date> to <date>operation=date_specreplaced withdate-spec <date-spec options>- converting invalid score to score-attribute=pingd
- Delimiting stonith devices with a comma in
pcs stonith level add | clear | delete | removecommands, use a space instead pcs stonith level delete | remove [<target>] [<stonith id>]...replaced withpcs stonith level delete | remove [target <target>] [stonith <stonith id>]...pcs stonith level clear [<target> | <stonith ids>]replaced withpcs stonith level clear [target <target> | stonith <stonith id>...]pcs tag listreplaced withpcs tag config
- Support for changing corosync configuration in an existing cluster (rhbz#1457314, rhbz#1667061, rhbz#1856397, rhbz#1774143)
- Command to show structured corosync configuration (see
pcs cluster config showcommand) (rhbz#1667066)
- Improved error message with a hint in
pcs cluster cib-push(ghissue#241) - Option --wait was not working with pacemaker 2.0.5+ (ghissue#260)
- Explicitly close libcurl connections to prevent stalled TCP connections in CLOSE-WAIT state (ghissue#261, rhbz#1885841)
- Fixed parsing negative float numbers on command line (rhbz#1869399)
- Removed unwanted logging to system log (/var/log/messages) (rhbz#1917286)
- Fixed rare race condition in
pcs cluster start --wait(rhbz#1794062) - Better error message when unable to connect to pcsd (rhbz#1619818)
- Commands
pcs config import-cmanandpcs config export pcs-commands|pcs-commands-verbosehave been deprecated (rhbz#1851335) - Entering values starting with '-' (negative numbers) without '--' on command line is now deprecated (rhbz#1869399)
- Support for multiple sets of resource and operation defaults, including support for rules (rhbz#1222691, rhbz#1817547, rhbz#1862966, rhbz#1867516, rhbz#1869399)
- Support for "demote" value of resource operation's "on-fail" option (rhbz#1843079)
- Support for 'number' type in rules (rhbz#1869399)
- It is possible to set custom (promotable) clone id in
pcs resource createandpcs resource clone/promotablecommands (rhbz#1741056)
- Prevent removing non-empty tag by removing tagged resource group or clone (rhbz#1857295)
- Clarify documentation for 'resource move' and 'resource ban' commands with regards to the 'lifetime' option.
- Allow moving both promoted and demoted promotable clone resources (rhbz#1875301)
pcs resource [op] defaults <name>=<value>...commands are deprecated now. Usepcs resource [op] defaults update <name>=<value>...if you only manage one set of defaults, orpcs resource [op] defaults setif you manage several sets of defaults. (rhbz#1817547)
- Web UI sends HTTP headers: Content-Security-Policy, X-Frame-Options and X-Xss-Protection
- When creating a cluster, verify the cluster name does not prevent mounting GFS2 volumes (rhbz#1782553)
- An option to run 'pcs cluster setup' in a local mode (do not connect to any nodes, save corosync.conf to a specified file) (rhbz#1839637)
- Support for pacemaker tags. Pcs provides commands for creating and removing tags, adding and/or removing IDs to/from tags, and listing current tag configuration. (rhbz#1684676)
- Support for tag ids in commands resource enable/disable/manage/unmanage (rhbz#1684676)
pcs resource [safe-]disable --simulatehas a new option--briefto print only a list of affected resources (rhbz#1833114)
- Keep autogenerated IDs of set constraints reasonably short (rhbz#1387358, rhbz#1824206)
- Pcs is now compatible with Ruby 2.7 and Python 3.8. To achieve this, it newly depends on python3-distro package.
pcs statusworks on remote nodes again (broken since pcs-0.10.4) (rhbz#1830552)- Fixed inability to create colocation constraint from web ui (rhbz#1832973)
- Actions going through pcsd no longer time out after 30s (broken since pcs-0.10.5) (rhbz#1833506)
- It is possible to configure a disaster-recovery site and display its status (rhbz#1676431)
- Error messages in cases when cluster is not set up (rhbz#1743731)
- Improved documentation of configuring links in the 'pcs cluster setup' command
- Safe-disabling clones and groups does not fail any more due to their inner resources get stopped (rhbz#1781303)
- Booth documentation clarified (ghissue#231)
- Detection of fence history support (rhbz#1793574)
- Fix documentation and flags regarding bundled/cloned/grouped resources for
pcs (resource | stonith) (cleanup | refresh)(rhbz#1805082) - Improved ACL documentation (rhbz#1722970)
- Added missing Strict-Transport-Security headers to redirects (rhbz#1810017)
- Improved pcsd daemon performance (rhbz#1783106)
- New section in pcs man page summarizing changes in pcs-0.10. Commands removed or changed in pcs-0.10 print errors poiting to that section. (rhbz#1728890)
pcs resource disablecan show effects of disabling resources and prevent disabling resources if any other resources would be affected (rhbz#1631519)pcs resource relationscommand shows relations between resources such as ordering constraints, ordering set constraints and relations defined by resource hierarchy (rhbz#1631514)
- Expired location constraints are now hidden by default when listing
constraints in any way. Using
--allwill list and denote them with(expired). All expired rules are then marked the same way. (rhbz#1442116)
- All node names and scores are validated when running
pcs constraint location avoids/prefersbefore writing configuration to cib (rhbz#1673835) - Fixed crash when an invalid port is given in an address to the
pcs host authcommand (rhbz#1698763) - Command
pcs cluster verifysuggests--fulloption instead of-Voption which is not recognized by pcs (rhbz#1712347) - It is now possible to authenticate remote clusters in web UI even if the local cluster is not authenticated (rhbz#1743735)
- Documentation of
pcs constraint colocation add(rhbz#1734361) - Empty constraint option are not allowed in
pcs constraint orderandpcs constraint colocation addcommands (rhbz#1734361) - More fixes for the case when PATH environment variable is not set
- Fixed crashes and other issues when UTF-8 characters are present in the corosync.conf file (rhbz#1741586)
- Fixed crashes in the
pcs host authcommand (rhbz#1676957) - Fixed id conflict with current bundle configuration in
pcs resource bundle reset(rhbz#1657166) - Options starting with - and -- are no longer ignored for non-root users (broken since pcs-0.10.2) (rhbz#1725183)
- Fixed crashes when pcs is configured that no rubygems are bundled in pcs package (ghissue#208)
- Standby nodes running resources are listed separately in
pcs status nodes - Parsing arguments in the
pcs constraint orderandpcs constraint colocation addcommands has been improved, errors which were previously silent are now reported (rhbz#1734361) - Fixed shebang correction in Makefile (ghissue#206)
- Generate 256 bytes long corosync authkey, longer keys are not supported when FIPS is enabled (rhbz#1740218)
- Command
pcs resource bundle resetno longer accepts the container type (rhbz#1657166)
- Command
pcs config checkpoint difffor displaying differences between two specified checkpoints (rhbz#1655055) - Support for resource instance attributes uniqueness check according to resource agent metadata (rhbz#1665404)
- Command
pcs resource bundle resetfor a bundle configuration resetting (rhbz#1657166) pcs cluster setupnow checks if nodes' addresses match value ofip_version(rhbz#1667053)- Support for sbd option SBD_TIMEOUT_ACTION (rhbz#1664828)
- Support for clearing expired moves and bans of resources (rhbz#1625386)
- Commands for adding, changing and removing corosync links (rhbz#1667058)
- Corosync config file parser updated and made more strict to match changes in corosync
- Allow non-root users to read quorum status (commands
pcs status corosync,pcs status quorum,pcs quorum device status,pcs quorum status) (rhbz#1653316) - Removed command
pcs resource showdropped from usage and man page (rhbz#1656953) - Put proper link options' names to corosync.conf (rhbz#1659051)
- Fixed issuses in configuring links in the 'create cluster' form in web UI (rhbz#1664057)
- Pcs no longer removes empty
meta_attributes,instance_attributesand other nvsets and similar elements from CIB. Such behavior was causing problems when pacemaker ACLs were in effect, leading to inability of pushing modified CIBs to pacemaker. (rhbz#1659144) ipv4-6andipv6-4are now valid values ofip_versionin cluster setup (rhbz#1667040)- Crash when using unsupported options in commands
pcs statusandpcs config(rhbz#1668422) pcs resource group addnow fails gracefully instead of dumping an invalid CIB when a group ID is already occupied by a non-resource element (rhbz#1668223)- pcs no longer spawns unnecessary processes for reading known hosts (rhbz#1676945)
- Lower load caused by periodical config files syncing in pcsd by making it sync less frequently (rhbz#1676957)
- Improve logging of periodical config files syncing in pcsd
- Knet link option
ip_versionhas been removed, it was never supported by corosync. Transport optionip_versionis still in place. (rhbz#1674005) - Several bugs in linklist validation in
pcs cluster setup(rhbz#1667090) - Fixed a typo in documentation (regardles -> regardless) (rhbz#1660702)
- Fixed pcsd crashes when non-ASCII characters are present in systemd journal
- Pcs works even when PATH environment variable is not set (rhbz#1673825)
- Fixed several "Unknown report" error messages
- Pcsd SSL certificates are no longer synced across cluster nodes when creating
new cluster or adding new node to an existing cluster. To enable the syncing,
set
PCSD_SSL_CERT_SYNC_ENABLEDtotruein pcsd config. (rhbz#1673822) - Pcs now reports missing node names in corosync.conf instead of failing silently
- Fixed an issue where some pcs commands could not connect to cluster nodes over IPv6
- Fixed cluster setup problem in web UI when full domain names are used (rhbz#1687965)
- Fixed inability to setup cluster in web UI when knet links are not specified (rhbz#1687562)
--forceworks correctly inpcs quorum unblock(broken since pcs-0.10.1)- Removed
3desfrom allowed knet crypto ciphers since it is actually not supported by corosync - Improved validation of corosync options and their values (rhbz#1679196, rhbz#1679197)
- Do not check whether watchdog is defined as an absolute path when enabling SBD. This check is not needed anymore as we are validating watchdog against list provided by SBD itself.
- Command
pcs resource show, removed in pcs-0.10.1, has been readded as deprecated to ease transition to its replacements. It will be removed again in future. rhbz#1661059
- Pcs-0.10 removes support for CMAN, Corosync 1.x, Corosync 2.x and Pacemaker 1.x based clusters. For managing those clusters use pcs-0.9.x.
- Pcs-0.10 requires Python 3.6 and Ruby 2.2, support for older Python and Ruby versions has been removed.
pcs resource failcount resetcommand has been removed aspcs resource cleanupis doing exactly the same job. (rhbz#1427273)- Deprecated commands
pcs cluster remote-node add | removehave been removed as they were replaced withpcs cluster node add-guest | remove-guest - Ability to create master resources has been removed as they are deprecated in
Pacemaker 2.x (rhbz#1542288)
- Instead of
pcs resource create ... masterusepcs resource create ... promotableorpcs resource create ... clone promotable=true - Instead of
pcs resource masterusepcs resource promotableorpcs resource clone ... promotable=true
- Instead of
- Deprecated --clone option from
pcs resource createcommand - Ability to manage node attributes with
pcs property set|unset|showcommands (using--nodeoption). The same functionality is still available usingpcs node attributecommand. - Undocumented version of the
pcs constraint colocation addcommand, its syntax waspcs constraint colocation add <source resource id> <target resource id> [score] [options] - Deprecated commands
pcs cluster standby | unstandby, usepcs node standby | unstandbyinstead - Deprecated command
pcs cluster quorum unblockwhich was replaced bypcs quorum unblock - Subcommand
pcs status groupsas it was not showing a cluster status but cluster configuration. The same functionality is still available using commandpcs resource group list - Undocumented command
pcs acl target, usepcs acl userinstead
- Validation for an unaccessible resource inside a bundle (rhbz#1462248)
- Options to filter failures by an operation and its interval in
pcs resource cleanupandpcs resource failcount showcommands (rhbz#1427273) - Commands for listing and testing watchdog devices (rhbz#1578891)
- Commands for creating promotable clone resources
pcs resource promotableandpcs resource create ... promotable(rhbz#1542288) pcs resource updateandpcs resource metacommands change master resources to promotable clone resources because master resources are deprecated in Pacemaker 2.x (rhbz#1542288)- Support for the
promoted-maxbundle option replacing themastersoption in Pacemaker 2.x (rhbz#1542288) - Support for OP_NO_RENEGOTIATION option when OpenSSL supports it (even with Python 3.6) (rhbz#1566430)
- Support for container types
rktandpodmaninto bundle commands (rhbz#1619620) - Support for promotable clone resources in pcsd and web UI (rhbz#1542288)
- Obsoleting parameters of resource and fence agents are now supported and preferred over deprecated parameters (rhbz#1436217)
pcs statusnow shows failed and pending fencing actions andpcs status --fullshows the whole fencing history. Pacemaker supporting fencing history is required. (rhbz#1615891)pcs stonith historycommands for displaying, synchronizing and cleaning up fencing history. Pacemaker supporting fencing history is required. (rhbz#1620190)- Validation of node existence in a cluster when creating location constraints (rhbz#1553718)
- Command
pcs client local-authfor authentication of pcs client against local pcsd. This is required when a non-root user wants to execute a command which requires root permissions (e.g.pcs cluster start). (rhbz#1554302) - Command
pcs resource group listwhich has the same functionality as removed commandpcs resource show --groups
- Fixed encoding of the CIB_user_groups cookie in communication between nodes.
pcs cluster cib-push diff-against=does not consider an empty diff as an error (ghpull#166)pcs cluster cib-push diff-against=exits gracefully with an error message if crm_feature_set < 3.0.9 (rhbz#1488044)pcs resource updatedoes not create an empty meta_attributes element any more (rhbz#1568353)pcs resource debug-*commands provide debug messages even with pacemaker-1.1.18 and newer (rhbz#1574898)- Improve
pcs quorum device addusage and man page (rhbz#1476862) - Removing resources using web UI when the operation takes longer than expected (rhbz#1579911)
- Removing a cluster node no longer leaves the node in the CIB and therefore cluster status even if the removal is run on the node which is being removed (rhbz#1595829)
- Possible race condition causing an HTTP 408 error when sending larger files via pcs (rhbz#1600169)
- Configuring QDevice works even if NSS with the new db format (cert9.db, key4.db, pkcs11.txt) is used (rhbz#1596721)
- Options starting with '-' and '--' are no longer accepted by commands for which those options have no effect (rhbz#1533866)
- When a user makes an error in a pcs command, usage for that specific command is printed instead of printing the whole usage
- Show more user friendly error message when testing watchdog device and multiple devices are present (rhbz#1578891)
- Do not distinguish between supported and unsupported watchdog devices as SBD cannot reliably provide such information (rhbz#1578891)
pcs configno longer crashes whencrm_monprints something to stderr (rhbz#1578955)pcs resource bundle updatecmd for bundles which are using unsupported container backend (rhbz#1619620)- Do not crash if unable to load SSL certificate or key, log errors and exit gracefully instead (rhbz#1638852)
- Fixed several issues in parsing
pcs constraint colocation addcommand. - All
removesubcommands now havedeletealiases and vice versa. Previously, only some of them did and it was mostly undocumented. - The
pcs acl role deletecommand no longer deletes ACL users and groups with no ACL roles assigned
- Authentication has been overhauled (rhbz#1549535):
- The
pcs cluster authcommand only authenticates nodes in a local cluster and does not accept a node list. - The new command for authentication is
pcs host auth. It allows to specify host names, addresses and pcsd ports. - Previously, running
pcs cluster auth A B Ccaused A, B and C to be all authenticated against each other. Now,pcs host auth A B Cmakes the local host authenticated against A, B and C. This allows better control of what is authenticated against what. - The
pcs pcsd clear-authcommand has been replaced bypcs pcsd deauthandpcs host deauthcommands. The new commands allows to deauthenticate a single host / token as well as all hosts / tokens. - These changes are not backward compatible. You should use the
pcs host authcommand to re-authenticate your hosts.
- The
- The
pcs cluster setupcommand has been overhauled (rhbz#1158816, rhbz#1183103):- It works with Corosync 3.x only and supports knet as well as udp/udpu.
- Node names are now supported.
- The number of Corosync options configurable by the command has been significantly increased.
- The syntax of the command has been completely changed to accommodate the changes and new features.
- Corosync encryption is enabled by default when knet is used (rhbz#1648942)
- The
pcs cluster node addcommand has been overhauled (rhbz#1158816, rhbz#1183103)- It works with Corosync 3.x only and supports knet as well as udp/udpu.
- Node names are now supported.
- The syntax of the command has been changed to accommodate new features and to be consistent with other pcs commands.
- The
pcs cluster node removehas been overhauled (rhbz#1158816, rhbz#1595829):- It works with Corosync 3.x only and supports knet as well as udp/udpu.
- It is now possible to remove more than one node at once.
- Removing a cluster node no longer leaves the node in the CIB and therefore cluster status even if the removal is run on the node which is being removed
- Node names are fully supported now and are no longer coupled with node addresses. It is possible to set up a cluster where Corosync communicates over different addresses than pcs/pcsd. (rhbz#1158816, rhbz#1183103)
- Node names are now required while node addresses are optional in the
pcs cluster node add-guestandpcs cluster node add-removecommands. Previously, it was the other way around. - Web UI has been updated following changes in authentication and support for Corosync 3.x (rhbz#1158816, rhbz#1183103, rhbz#1549535)
- Commands related to resource failures have been overhauled to support changes in pacemaker. Failures are now tracked per resource operations on top of resources and nodes. (rhbz#1427273, rhbz#1588667)
--watchdogand--deviceoptions ofpcs stonith sbd enableandpcs stonith sbd device setupcommands have been replaced withwatchdoganddeviceoptions respectively- Update pacemaker daemon names to match changes in pacemaker-2.0 (rhbz#1573344)
- Watchdog devices are validated against a list provided by sbd (rhbz#1578891)
- Resource operation option
requiresis no longer accepted to match changes in pacemaker-2.0 (rhbz#1605185) - Update pacemaker exit codes to match changes in pacemaker-2.0 (rhbz#1536121)
pcs cluster cib-upgradeno longer exits with an error if the CIB schema is already the latest available (this has been changed in pacemaker-2.0)- Pcs now configures corosync to put timestamps in its log (rhbz#1615420)
- Option
-Vhas been replaced with--fulland a CIB file can be specified only using option-finpcs cluster verify - Master resources are now called promotable clone resources to match changes in pacemaker-2.0 (rhbz#1542288)
- Key size of default pcsd self-generated certificates increased from 2048b to 3072b (rhbz#1638852)
- pcsd.service now depends on network-online.target (rhbz#1640477)
- Split command
pcs resource [show]into two new commands:pcs resource [status]- same aspcs resource [show]pcs resource config- same aspcs resource [show] --fullor resource id specified instead of --full Respective changes have been made topcs stonith [show]command.
- Previously,
pcs cluster syncsynchronized only corosync configuration across all nodes configured in the cluster. This command will be changed in the future to sync all cluster configuration. New subcommandpcs cluster sync corosynchas been introduced to sync only corosync configuration. For now, both commands have the same functionality.
- CVE-2018-1086: Debug parameter removal bypass, allowing information disclosure (rhbz#1557366)
- CVE-2018-1079: Privilege escalation via authorized user malicious REST call (rhbz#1550243)
- The
mastersbundle option is obsoleted by thepromoted-maxoption in Pacemaker 2.x and therefore in pcs (rhbz#1542288) pcs cluster uidgid rm, usepcs cluster uidgid deleteorpcs cluster uidgid removeinstead
- Added
pcs status boothas an alias topcs booth status - A warning is displayed in
pcs statusand a stonith device detail in web UI when a stonith device has itsmethodoption set tocycle(rhbz#1523378)
--skip-offlineis no longer ignored in thepcs quorum device removecommand- pcs now waits up to 5 minutes (previously 10 seconds) for pcsd restart when synchronizing pcsd certificates
- Usage and man page now correctly state it is possible to enable or disable several stonith devices at once
- It is now possible to set the
actionoption of stonith devices in web UI by using force (rhbz#1421702) - Do not crash when
--waitis used inpcs stonith create(rhbz#1522813) - Nodes are now authenticated after running
pcs cluster autheven if an existing corosync.conf defines no nodes (ghissue#153, rhbz#1517333) - Pcs now properly exits with code 1 when an error occurs in
pcs cluster node add-remoteandpcs cluster node add-guestcommands (rhbz#1464781) - Fixed a crash in the
pcs booth synccommand (rhbz#1527530) - Always replace the whole CIB instead of applying a diff when crm_feature_set <= 3.0.8 (rhbz#1488044)
- Fixed
pcs cluster authin a cluster when not authenticated and using a non-default port (rhbz#1415197) - Fixed
pcs cluster authin a cluster when previously authenticated using a non-default port and reauthenticating using an implicit default port (rhbz#1415197)
pcs status --fullnow displays information about tickets (rhbz#1389943)- Support for managing qdevice heuristics (rhbz#1389209)
- SNMP agent providing information about cluster to the master agent. It supports only python 2.7 for now (rhbz#1367808).
- Fixed crash when loading a huge xml (rhbz#1506864)
- Fixed adding an existing cluster into the web UI (rhbz#1415197)
- False warnings about failed actions when resource is master/unmaster from the web UI (rhbz#1506220)
pcs resource|stonith cleanupno longer deletes the whole operation history of resources. Instead, it only deletes failed operations from the history. The original functionality is available in thepcs resource|stonith refreshcommand. (rhbz#1508351, rhbz#1508350)
- List of pcs and pcsd capabilities (rhbz#1230919)
- Fixed
pcs cluster authwhen already authenticated and using different port (rhbz#1415197) - It is now possible to restart a bundle resource on one node (rhbz#1501274)
resource updateno longer exits with an error when theremote-nodemeta attribute is set to the same value that it already has (rhbz#1502715, ghissue#145)- Listing and describing resource and stonith agents no longer crashes when agents' metadata contain non-ascii characters (rhbz#1503110, ghissue#151)
- Configurable pcsd port (rhbz#1415197)
- Description of the
--forceoption added to man page and help (rhbz#1491631)
- Fixed some crashes when pcs encounters a non-ascii character in environment variables, command line arguments and so on (rhbz#1435697)
- Fixed detecting if systemd is in use (ghissue#118)
- Upgrade CIB schema version when
resource-discoveryoption is used in location constraints (rhbz#1420437) - Fixed error messages in
pcs cluster report(rhbz#1388783) - Increase request timeout when starting a cluster with large number of nodes to prevent timeouts (rhbz#1463327)
- Fixed "Unable to update cib" error caused by invalid resource operation IDs
pcs resource op defaultsnow fails on an invalid option (rhbz#1341582)- Fixed behaviour of
pcs cluster verifycommand when entered with the filename argument (rhbz#1213946)
- CIB changes are now pushed to pacemaker as a diff in commands overhauled to the new architecture (previously the whole CIB was pushed). This resolves race conditions and ACLs related errors when pushing CIB. (rhbz#1441673)
- All actions / operations defined in resource agent's metadata (except meta-data, status and validate-all) are now copied to the CIB when creating a resource. (rhbz#1418199, ghissue#132)
- Improve documentation of the
pcs stonith confirmcommand (rhbz#1489682)
- This is the last version fully supporting CMAN clusters and python 2.6. Support for these will be gradually dropped.
- Option to create a cluster with or without corosync encryption enabled, by default the encryption is disabled (rhbz#1165821)
- It is now possible to disable, enable, unmanage and manage bundle resources and set their meta attributes (rhbz#1447910)
- Pcs now warns against using the
actionoption of stonith devices (rhbz#1421702)
- Fixed crash of the
pcs cluster setupcommand when the--forceflag was used (rhbz#1176018) - Fixed crash of the
pcs cluster destroy --allcommand when the cluster was not running (rhbz#1176018) - Fixed crash of the
pcs config restorecommand when restoring pacemaker authkey (rhbz#1176018) - Fixed "Error: unable to get cib" when adding a node to a stopped cluster (rhbz#1176018)
- Fixed a crash in the
pcs cluster node add-remotecommand when an id conflict occurs (rhbz#1386114) - Fixed creating a new cluster from the web UI (rhbz#1284404)
pcs cluster node add-guestnow works with the flag--skip-offline(rhbz#1176018)pcs cluster node remove-guestcan be run again when the guest node was unreachable first time (rhbz#1176018)- Fixed "Error: Unable to read /etc/corosync/corosync.conf" when running
pcs resource create(rhbz#1386114) - It is now possible to set
debugandverboseparameters of stonith devices (rhbz#1432283) - Resource operation ids are now properly validated and no longer ignored in
pcs resource create,pcs resource updateandpcs resource op addcommands (rhbz#1443418) - Flag
--forceworks correctly when an operation is not successful on some nodes duringpcs cluster node add-remoteorpcs cluster node add-guest(rhbz#1464781)
- Binary data are stored in corosync authkey (rhbz#1165821)
- It is now mandatory to specify container type in the
resource bundle createcommand - When creating a new cluster, corosync communication encryption is disabled by default (in 0.9.158 it was enabled by default, in 0.9.157 and older it was disabled)
- Support for bundle resources (CLI only) (rhbz#1433016)
- Commands for adding and removing guest and remote nodes including handling pacemaker authkey (CLI only) (rhbz#1176018, rhbz#1254984, rhbz#1386114, rhbz#1386512)
- Command
pcs cluster node clearto remove a node from pacemaker's configuration and caches - Backing up and restoring cluster configuration by
pcs config backupandpcs config restorecommands now support corosync and pacemaker authkeys (rhbz#1165821, rhbz#1176018)
pcs cluster remote-node addandpcs cluster remote-node removecommands have been deprecated in favor ofpcs cluster node add-guestandpcs cluster node remove-guestcommands (rhbz#1386512)
- Fixed a bug which under specific conditions caused pcsd to crash on start when running under systemd (ghissue#134)
pcs resource unmanagenow sets the unmanaged flag to primitive resources even if a clone or master/slave resource is specified. Thus the primitive resources will not become managed just by uncloning. This also prevents some discrepancies between disabled monitor operations and the unmanaged flag. (rhbz#1303969)pcs resource unmanage --monitornow properly disables monitor operations even if a clone or master/slave resource is specified. (rhbz#1303969)--helpoption now shows help just for the specified command. Previously the usage for a whole group of commands was shown.- Fixed a crash when
pcs cluster cib-pushis called with an explicit value of the--waitflag (rhbz#1422667) - Handle pcsd crash when an unusable address is set in
PCSD_BIND_ADDR(rhbz#1373614) - Removal of a pacemaker remote resource no longer causes the respective remote node to be fenced (rhbz#1390609)
- Newly created clusters are set up to encrypt corosync communication (rhbz#1165821, ghissue#98)
- Resources in location constraints now may be specified by resource name patterns in addition to resource names (rhbz#1362493)
- Proxy settings description in pcsd configuration file (rhbz#1315627)
- Man page for pcsd (rhbz#1378742)
- Pcs now allows to set
trace_raandtrace_fileoptions ofocf:heartbeatandocf:pacemakerresources (rhbz#1421702) pcs resource describeandpcs stonith describecommands now show all information about the specified agent if the--fullflag is usedpcs resource manage | unmanageenables respectively disables monitor operations when the--monitorflag is specified (rhbz#1303969)- Support for shared storage in SBD. Currently, there is very limited support in web UI (rhbz#1413958)
- It is now possible to specify more than one resource in the
pcs resource enableandpcs resource disablecommands.
- Python 3: pcs no longer spams stderr with error messages when communicating with another node
- Stopping a cluster does not timeout too early and it generally works better even if the cluster is running Virtual IP resources (rhbz#1334429)
pcs booth removenow works correctly even if the booth resource group is disabled (another fix) (rhbz#1389941)- Fixed Cross-site scripting (XSS) vulnerability in web UI (CVE-2017-2661, rhbz#1434111)
- Pcs no longer allows to create a stonith resource based on an agent whose name contains a colon (rhbz#1415080)
- Pcs command now launches Python interpreter with "sane" options (python -Es) (rhbz#1328882)
- Clufter is now supported on both Python 2 and Python 3 (rhbz#1428350)
- Do not colorize clufter output if saved to a file
- Fencing levels now may be targeted in CLI by a node name pattern or a node attribute in addition to a node name (rhbz#1261116)
pcs cluster cib-pushallows to push a diff obtained internally by comparing CIBs in specified files (rhbz#1404233, rhbz#1419903)- Added flags
--wait,--disabled,--group,--after,--beforeinto the commandpcs stonith create - Added commands
pcs stonith enableandpcs stonith disable - Command line option --request-timeout (rhbz#1292858)
- Check whenever proxy is set when unable to connect to a node (rhbz#1315627)
pcs node [un]standbyandpcs node [un]maintenanceis now atomic even if more than one node is specified (rhbz#1315992)- Restarting pcsd initiated from pcs is now a synchronous operation (rhbz#1284404)
- Stopped bundling fonts used in pcsd web UI (ghissue#125)
- In
pcs resource createflags--masterand--clonechanged to keywordsmasterandclone - libcurl is now used for node to node communication
- When upgrading CIB to the latest schema version, check for minimal common version across the cluster (rhbz#1389443)
pcs booth removenow works correctly even if the booth resource group is disabled (rhbz#1389941)- Adding a node in a CMAN cluster does not cause the new node to be fenced immediately (rhbz#1394846)
- Show proper error message when there is an HTTP communication failure (rhbz#1394273)
- Fixed searching for files to remove in the
/var/libdirectory (ghpull#119, ghpull#120) - Fixed messages when managing services (start, stop, enable, disable...)
- Fixed disabling services on systemd systems when using instances (rhbz#1389501)
- Fixed parsing commandline options (rhbz#1404229)
- Pcs does not exit with a false error message anymore when pcsd-cli.rb outputs to stderr (ghissue#124)
- Pcs now exits with an error when both
--alland a list of nodes is specified in thepcs cluster start | stop | enable | disablecommands (rhbz#1339355) - built-in help and man page fixes and improvements (rhbz#1347335)
- In
pcs resource createthe flag--cloneno longer steals arguments from the keywordsmetaandop(rhbz#1395226) pcs resource createdoes not produce invalid cib when group id is already occupied with non-resource element (rhbz#1382004)- Fixed misbehavior of the flag
--masterinpcs resource createcommand (rhbz#1378107) - Fixed tacit acceptance of invalid resource operation in
pcs resource create(rhbz#1398562) - Fixed misplacing metadata for disabling when running
pcs resource createwith flags--cloneand--disabled(rhbz#1402475) - Fixed incorrect acceptance of the invalid attribute of resource operation in
pcs resource create(rhbz#1382597) - Fixed validation of options of resource operations in
pcs resource create(rhbz#1390071) - Fixed silent omission of duplicate options (rhbz#1390066)
- Added more validation for resource agent names (rhbz#1387670)
- Fixed network communication issues in pcsd when a node was specified by an IPv6 address
- Fixed JS error in web UI when empty cluster status is received (rhbz#1396462)
- Fixed sending user group in cookies from Python 3
- Fixed pcsd restart in Python 3
- Fixed parsing XML in Python 3 (caused crashes when reading resource agents metadata) (rhbz#1419639)
- Fixed the recognition of the structure of a resource agent name that contains a systemd instance (rhbz#1419661)
- Ruby 1.8 and 1.9 is no longer supported due to bad libcurl support
- Show daemon status in
pcs statuson non-systemd machines - SBD support for cman clusters (rhbz#1380352)
- Alerts management in pcsd (rhbz#1376480)
- Get all information about resource and stonith agents from pacemaker. Pcs now supports the same set of agents as pacemaker does. (rhbz#1262001, ghissue#81)
pcs resource createnow exits with an error if more than one resource agent matches the specified short agent name instead of randomly selecting one of the agents- Allow to remove multiple alerts and alert recipients at once
- When stopping a cluster with some of the nodes unreachable, stop the cluster completely on all reachable nodes (rhbz#1380372)
- Fixed pcsd crash when rpam rubygem is installed (ghissue#109)
- Fixed occasional crashes / failures when using locale other than en_US.UTF8 (rhbz#1387106)
- Fixed starting and stopping cluster services on systemd machines without
the
serviceexecutable (ghissue#115)
- There is no change log for this and previous releases. We are sorry.
- Take a look at git history if you are interested.