Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 5 2024
Dec 5 2024
kgaillot added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.
Dec 5 2024, 11:05 AM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
nrwahl2 committed rP814fc6197afd: Test: cts-schemas: Add test for ACL validity after other transformations (authored by nrwahl2).
Test: cts-schemas: Add test for ACL validity after other transformations
nrwahl2 committed rPa80b3dc6d50a: Fix: xml: Ensure ACL permissions are valid after XSL transformations (authored by nrwahl2).
Fix: xml: Ensure ACL permissions are valid after XSL transformations
nrwahl2 committed rP986cc5c4a0f4: Fix: xml: Preserve ACL reference behavior for replaced constraints (authored by nrwahl2).
Fix: xml: Preserve ACL reference behavior for replaced constraints
GitHub <noreply@github.com> committed rPb6914499147c: Merge pull request #3747 from nrwahl2/nrwahl2-T898 (authored by kgaillot).
Merge pull request #3747 from nrwahl2/nrwahl2-T898
GitHub <noreply@github.com> committed rR6830df7dc32c: Merge pull request #2000 from ClusterLabs/fix-openstack-cinder-start (authored by fabbione).
Merge pull request #2000 from ClusterLabs/fix-openstack-cinder-start
fabbione committed rR71bc76dc4fa5: openstack-cinder-volume: wait for volume to be available (authored by fabbione).
openstack-cinder-volume: wait for volume to be available
nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.
@kgaillot Can you weigh in when you have a chance? I know things are especially busy.
I figure it's unwise to work on the xpath case until we agree upon how we ought to address it -- if at all.
Dec 5 2024, 5:17 AM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
Dec 4 2024
Dec 4 2024
kgaillot triaged T925: Fix on-fail handling of nested Pacemaker Remote connections as Normal priority.
clumens committed rP810b24931fc2: Test: cts-scheduler: Remove sed needed for backwards compat. (authored by clumens).
Test: cts-scheduler: Remove sed needed for backwards compat.
GitHub <noreply@github.com> committed rPbda7a0afa66d: Merge pull request #3744 from clumens/cts-substitute (authored by kgaillot).
Merge pull request #3744 from clumens/cts-substitute
nrwahl2 committed rPcdd0f5cc3c4e: Low: log: Allow CIB upgrade messages to start with W, I, D (authored by nrwahl2).
Low: log: Allow CIB upgrade messages to start with W, I, D
nrwahl2 committed rP229c015032d2: Doc: xml: Correct documentation of colocation/order lifetime transform (authored by nrwahl2).
Doc: xml: Correct documentation of colocation/order lifetime transform
nrwahl2 committed rP9d7f363498a1: Low: xml: Warn if schema transformation drops nagios/upstart resources (authored by nrwahl2).
Low: xml: Warn if schema transformation drops nagios/upstart resources
nrwahl2 committed rPcebf97e7623d: Low: xml: Warn if schema transformation drops rkt bundles (authored by nrwahl2).
Low: xml: Warn if schema transformation drops rkt bundles
nrwahl2 committed rP95c26887f6d0: Low: xml: Warn if schema transformation drops restart-type meta-attr (authored by nrwahl2).
Low: xml: Warn if schema transformation drops restart-type meta-attr
nrwahl2 committed rP160c770ed315: Low: xml: Warn if schema transformation drops can_fail or... (authored by nrwahl2).
Low: xml: Warn if schema transformation drops can_fail or...
nrwahl2 committed rP135a9a58e9ac: Low: xml: Warn if schema transformation drops colocation/order lifetimes (authored by nrwahl2).
Low: xml: Warn if schema transformation drops colocation/order lifetimes
nrwahl2 committed rPf695d590481f: Test: cts-scheduler: Split multiple top-level location constraint rules (authored by nrwahl2).
Test: cts-scheduler: Split multiple top-level location constraint rules
nrwahl2 committed rP1e46ec1ad333: Low: xml: Info if schema transformation drops empty groups or clones (authored by nrwahl2).
Low: xml: Info if schema transformation drops empty groups or clones
nrwahl2 committed rP3f27710d3b76: Test: cts-scheduler: Drop nvpairs without value attribute (authored by nrwahl2).
Test: cts-scheduler: Drop nvpairs without value attribute
nrwahl2 committed rP20a68d2e3da4: Low: xml: Warn if schema transformation drops moon phase (authored by nrwahl2).
Low: xml: Warn if schema transformation drops moon phase
nrwahl2 committed rP3cdc28c01fdb: Low: xml: Warn if schema transformation drops remove-after-stop property (authored by nrwahl2).
Low: xml: Warn if schema transformation drops remove-after-stop property
GitHub <noreply@github.com> committed rPee0ce7bb4ef9: Merge pull request #3750 from nrwahl2/nrwahl2-backport (authored by kgaillot).
Merge pull request #3750 from nrwahl2/nrwahl2-backport
nrwahl2 committed rPd73295338f87: Low: log: Allow CIB upgrade messages to start with W, I, D (authored by nrwahl2).
Low: log: Allow CIB upgrade messages to start with W, I, D
nrwahl2 committed rP427eeacc4896: Doc: xml: Correct documentation of colocation/order lifetime transform (authored by nrwahl2).
Doc: xml: Correct documentation of colocation/order lifetime transform
nrwahl2 committed rPc6a330ab3977: Low: xml: Warn if schema transformation drops nagios/upstart resources (authored by nrwahl2).
Low: xml: Warn if schema transformation drops nagios/upstart resources
nrwahl2 committed rPa01ff269149e: Low: xml: Warn if schema transformation drops rkt bundles (authored by nrwahl2).
Low: xml: Warn if schema transformation drops rkt bundles
nrwahl2 committed rPa3dab2f2debb: Low: xml: Warn if schema transformation drops restart-type meta-attr (authored by nrwahl2).
Low: xml: Warn if schema transformation drops restart-type meta-attr
nrwahl2 committed rP7fe0be2d02c0: Low: xml: Warn if schema transformation drops can_fail or... (authored by nrwahl2).
Low: xml: Warn if schema transformation drops can_fail or...
nrwahl2 committed rP66dda8bbd063: Low: xml: Warn if schema transformation drops colocation/order lifetimes (authored by nrwahl2).
Low: xml: Warn if schema transformation drops colocation/order lifetimes
nrwahl2 committed rPa2caf543a62f: Test: cts-scheduler: Split multiple top-level location constraint rules (authored by nrwahl2).
Test: cts-scheduler: Split multiple top-level location constraint rules
nrwahl2 committed rP9f4b5bae511e: Test: cts-scheduler: Drop nvpairs without value attribute (authored by nrwahl2).
Test: cts-scheduler: Drop nvpairs without value attribute
nrwahl2 committed rPfc5a8228b7d9: Low: xml: Info if schema transformation drops empty groups or clones (authored by nrwahl2).
Low: xml: Info if schema transformation drops empty groups or clones
nrwahl2 committed rPd8ad75b43f0b: Low: xml: Warn if schema transformation drops moon phase (authored by nrwahl2).
Low: xml: Warn if schema transformation drops moon phase
nrwahl2 committed rP432684232325: Low: xml: Warn if schema transformation drops remove-after-stop property (authored by nrwahl2).
Low: xml: Warn if schema transformation drops remove-after-stop property
GitHub <noreply@github.com> committed rP9efa85586d60: Merge pull request #3741 from nrwahl2/nrwahl2-T896 (authored by kgaillot).
Merge pull request #3741 from nrwahl2/nrwahl2-T896
kgaillot committed rPf88351669040: Build: maint: fix heading in changelog generation (authored by kgaillot).
Build: maint: fix heading in changelog generation
kgaillot committed rPeed28da0b726: Fix: scheduler: avoid memory leak when freeing node copies (authored by kgaillot).
Fix: scheduler: avoid memory leak when freeing node copies
kgaillot committed rP8a681a200ada: Fix: controller: avoid memory leak when updating join phase (authored by kgaillot).
Fix: controller: avoid memory leak when updating join phase
kgaillot committed rP7ea3c1d57dab: API: libcrmcommon: add pcmk_common_cleanup() (authored by kgaillot).
API: libcrmcommon: add pcmk_common_cleanup()
kgaillot committed rPc95dc1244fbc: Low: various: clean up library memory at child exit (authored by kgaillot).
Low: various: clean up library memory at child exit
kgaillot committed rP1b393b568cc8: Low: pacemaker-remoted: improve exit codes for schema failures (authored by kgaillot).
Low: pacemaker-remoted: improve exit codes for schema failures
GitHub <noreply@github.com> committed rP84299f875e9b: Merge pull request #3748 from kgaillot/release3 (authored by kgaillot).
Merge pull request #3748 from kgaillot/release3
kgaillot updated the task description for T727: Handle output objects in pcmk_update_configured_schema().
kgaillot changed the status of T901: Use asynchronous communication for liblrmd commands with replies from WIP to Open.
kgaillot changed the status of T901: Use asynchronous communication for liblrmd commands with replies, a subtask of T855: Make most remote reads asynchronous, from WIP to Open.
Dec 4 2024, 12:23 PM · Pacemaker (3.0.0), Restricted Project, Restricted Project, Pacemaker Remote, Restricted Project
kgaillot committed rP4bd7b8167e6d: Doc: ChangeLog: update for 3.0.0-rc1 release (authored by kgaillot).
Doc: ChangeLog: update for 3.0.0-rc1 release
kgaillot committed rP27214d09f334: Fix: scheduler: avoid memory leak when freeing node copies (authored by kgaillot).
Fix: scheduler: avoid memory leak when freeing node copies
kgaillot committed rP738c031cabb4: Build: maint: fix heading in changelog generation (authored by kgaillot).
Build: maint: fix heading in changelog generation
kgaillot committed rP0db2909c61da: Fix: controller: avoid memory leak when updating join phase (authored by kgaillot).
Fix: controller: avoid memory leak when updating join phase
kgaillot committed rPa398583a5b08: API: libcrmcommon: add pcmk_common_cleanup() (authored by kgaillot).
API: libcrmcommon: add pcmk_common_cleanup()
kgaillot committed rP8b0addf5d357: Low: various: clean up library memory at child exit (authored by kgaillot).
Low: various: clean up library memory at child exit
kgaillot committed rP18959fe30386: Low: pacemaker-remoted: improve exit codes for schema failures (authored by kgaillot).
Low: pacemaker-remoted: improve exit codes for schema failures
GitHub <noreply@github.com> committed rP784793594607: Merge pull request #3745 from kgaillot/fixes (authored by kgaillot).
Merge pull request #3745 from kgaillot/fixes
GitHub <noreply@github.com> committed rPc6eb7609bc2e: Merge pull request #3746 from HideoYamauchi/systemd_pending10 (authored by kgaillot).
Merge pull request #3746 from HideoYamauchi/systemd_pending10
HideoYamauchi committed rP20b1aaff9bb0: Mid: systemd: Fix when monitor of systemd resource continues to be pending. (authored by HideoYamauchi).
Mid: systemd: Fix when monitor of systemd resource continues to be pending.
HideoYamauchi committed rP6fee07dfc482: Mid: systemd: If the state is Pending at the time of probe, execute follow up… (authored by HideoYamauchi).
Mid: systemd: If the state is Pending at the time of probe, execute follow up…
nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.
CLPR#3747 fixes the case of ACLs that refer to dropped elements, but it doesn't do anything special for replaced elements yet.
Dec 4 2024, 4:57 AM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
Dec 3 2024
Dec 3 2024
clumens committed rP426be6d7ee79: Build: rpm: Ignore the lib-package-without-%mklibname rpmlint error (authored by clumens).
Build: rpm: Ignore the lib-package-without-%mklibname rpmlint error
GitHub <noreply@github.com> committed rPdbe7c9450bab: Merge pull request #3743 from clumens/rpmlint-3.0 (authored by kgaillot).
Merge pull request #3743 from clumens/rpmlint-3.0
GitHub <noreply@github.com> committed rPd6d51e59177d: Merge pull request #3742 from clumens/rpmlint-2.1 (authored by kgaillot).
Merge pull request #3742 from clumens/rpmlint-2.1
clumens committed rP1285c8bdd481: Build: rpm: Ignore the lib-package-without-%mklibname rpmlint error (authored by clumens).
Build: rpm: Ignore the lib-package-without-%mklibname rpmlint error
clumens committed rB9c4f8abdd8cb: Refactor: Remove global booth_conf variable from notify_client. (authored by clumens).
Refactor: Remove global booth_conf variable from notify_client.
clumens committed rB6f8a938be4f9: Refactor: Remove global booth_conf variable from list_peers. (authored by clumens).
Refactor: Remove global booth_conf variable from list_peers.
GitHub <noreply@github.com> committed rB3792d3b47f45: Merge pull request #154 from clumens/notify-client (authored by clumens).
Merge pull request #154 from clumens/notify-client
clumens committed rBcb1c9fa216c0: Refactor: Remove global booth_conf variable from network functions. (authored by clumens).
Refactor: Remove global booth_conf variable from network functions.
Dec 2 2024
Dec 2 2024
kgaillot committed rP1df8cc578c91: Refactor: libcrmcommon: best practices for pcmk__xe_dereference_children() (authored by kgaillot).
Refactor: libcrmcommon: best practices for pcmk__xe_dereference_children()
kgaillot committed rPae127820da1e: Test: libcrmcommon: add unit tests for pcmk__xe_dereference_children() (authored by kgaillot).
Test: libcrmcommon: add unit tests for pcmk__xe_dereference_children()
kgaillot committed rP67a08f0967a3: Refactor: libcrmcommon,libpe_rules: move make_pairs() to libcrmcommon (authored by kgaillot).
Refactor: libcrmcommon,libpe_rules: move make_pairs() to libcrmcommon
kgaillot committed rP98ad0951831b: Refactor: scheduler: convert populate_hash() into an XML child iterator (authored by kgaillot).
Refactor: scheduler: convert populate_hash() into an XML child iterator
kgaillot committed rP68185beaf6f4: Refactor: libcrmcommon,libpe_rules: move unpack_attr_set() to libcrmcommon (authored by kgaillot).
Refactor: libcrmcommon,libpe_rules: move unpack_attr_set() to libcrmcommon
kgaillot committed rPfee6dfc526d4: Log: libcrmcommon: drop unhelpful trace message (authored by kgaillot).
Log: libcrmcommon: drop unhelpful trace message
kgaillot committed rPf9bed602ba0e: Test: libcrmcommon: add unit tests for pcmk__unpack_nvpair_block() (authored by kgaillot).
Test: libcrmcommon: add unit tests for pcmk__unpack_nvpair_block()
GitHub <noreply@github.com> committed rPd0ba99354972: Merge pull request #3730 from kgaillot/rules (authored by kgaillot).
Merge pull request #3730 from kgaillot/rules
kgaillot removed a project from T743: Use either "server" or "addr" consistently for Pacemaker Remote nodes: Pacemaker (3.0.0).
clumens committed rPe7e916339ef3: Build: rpm: Ignore the lib-package-without-%mklibname rpmlint error (authored by clumens).
Build: rpm: Ignore the lib-package-without-%mklibname rpmlint error
GitHub <noreply@github.com> committed rP9848d752782f: Merge pull request #3739 from clumens/rpmlint (authored by kgaillot).
Merge pull request #3739 from clumens/rpmlint
GitHub <noreply@github.com> committed rK40d33fb3d45b: Merge pull request #429 from kronosnet/stable1-proposed (authored by fabbione).
Merge pull request #429 from kronosnet/stable1-proposed
fabbione committed rK5d4bde7d794c: Convert time_t to unsigned long long before formatting (#431) (authored by fabbione).
Convert time_t to unsigned long long before formatting (#431)
fabbione committed rKc7610532347b: Check packets come from the correct interface (authored by chrissie-c).
Check packets come from the correct interface
Nov 28 2024
Nov 28 2024
oalbrigt committed rR87337ac4da93: awsvip: let user specify which interface to use, and make the parameter… (authored by oalbrigt).
awsvip: let user specify which interface to use, and make the parameter…
aws.sh: add get_interface_mac()
GitHub <noreply@github.com> committed rRf7379f469cf3: Merge pull request #1997 from oalbrigt/awsvip-interface (authored by oalbrigt).
Merge pull request #1997 from oalbrigt/awsvip-interface
oalbrigt committed rR320b3ae9a530: spec: update Requires paths for RHEL10/CentOS 10 (authored by oalbrigt).
spec: update Requires paths for RHEL10/CentOS 10
GitHub <noreply@github.com> committed rR2c57669e54b9: Merge pull request #1998 from oalbrigt/spec-update-reqs (authored by oalbrigt).
Merge pull request #1998 from oalbrigt/spec-update-reqs
Nov 26 2024
Nov 26 2024
GitHub <noreply@github.com> committed rS6cc9ac9ce975: Merge pull request #156 from gao-yan/SBD_DELAY_START-bool-false (authored by wenningerk).
Merge pull request #156 from gao-yan/SBD_DELAY_START-bool-false
gao-yan committed rS12528cdf4d64: Fix: sbd-inquisitor: avoid parsing SBD_DELAY_START as a time duration if its… (authored by gao-yan).
Fix: sbd-inquisitor: avoid parsing SBD_DELAY_START as a time duration if its…
Nov 25 2024
Nov 25 2024
totemknet: Handle new knet2 datafd API
GitHub <noreply@github.com> committed rK08e8fa7e97b9: Add optional header to messages sent back to the application (#433) (authored by chrissie-c).
Add optional header to messages sent back to the application (#433)
spec: Use GitHub source URL
oalbrigt committed rRb8d3ecc6a8ce: aws.sh/ocf-shellfuncs: add ability to fresh token if it's invalid (authored by oalbrigt).
aws.sh/ocf-shellfuncs: add ability to fresh token if it's invalid
oalbrigt committed rRcc5ffa5e599c: aws.sh: chmod 600 $TOKEN_FILE, add get_instance_id() with DMI support, and use… (authored by oalbrigt).
aws.sh: chmod 600 $TOKEN_FILE, add get_instance_id() with DMI support, and use…
GitHub <noreply@github.com> committed rR5c7cdd9ab8ca: Merge pull request #1995 from oalbrigt/aws-improvements (authored by oalbrigt).
Merge pull request #1995 from oalbrigt/aws-improvements
Nov 21 2024
Nov 21 2024
HideoYamauchi committed rR46715c638829: High: storage-mon: Correct the timing of setting notification values to storage… (authored by HideoYamauchi).
High: storage-mon: Correct the timing of setting notification values to storage…