In T898#14811, @nrwahl2 wrote:

In T898#14801, @kgaillot wrote:

Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."

I'd also be fine with warning at the end if any ACLs use xpath, period. It's broader scope than necessary, but it avoids the need to clutter the stylesheet and the logs with individual warnings for each relevant transformation. (We could some of the log clutter by having one warning per step in the pipeline, but that may be a gnarly template to catch every case in a single template.)

Thu, Dec 5, 3:10 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Restricted Project

nrwahl2 committed rP4fffdc78f37d: Test: cts-schemas: Add test for ACL validity after other transformations (authored by nrwahl2).

Test: cts-schemas: Add test for ACL validity after other transformations

Thu, Dec 5, 3:05 PM

nrwahl2 committed rPbfa25605aef2: Fix: xml: Ensure ACL permissions are valid after XSL transformations (authored by nrwahl2).

Fix: xml: Ensure ACL permissions are valid after XSL transformations

Thu, Dec 5, 3:05 PM

nrwahl2 committed rP7e7aa7db86bf: Fix: xml: Preserve ACL reference behavior for replaced constraints (authored by nrwahl2).

Fix: xml: Preserve ACL reference behavior for replaced constraints

Thu, Dec 5, 3:05 PM

GitHub <noreply@github.com> committed rPe1a48fb64a58: Merge pull request #3754 from nrwahl2/nrwahl2-backport (authored by kgaillot).

Merge pull request #3754 from nrwahl2/nrwahl2-backport

Thu, Dec 5, 3:05 PM

nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.

In T898#14801, @kgaillot wrote:

Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."

Thu, Dec 5, 1:56 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Restricted Project

nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.

In T898#14801, @kgaillot wrote:

Do you know what version of libxslt added support for dyn:evaluate? We only require 2.9.2 currently. I wouldn't mind using it to reduce the scope of the log further, but it's not necessary.

Thu, Dec 5, 1:51 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Restricted Project

kgaillot triaged T926: Add --health option to crm_attribute and attrd_updater as Wishlist priority.

Thu, Dec 5, 12:06 PM · Restricted Project, Restricted Project, Restricted Project

clumens committed rPf27e4ab5c1e7: Test: cts-scheduler: Remove sed needed for backwards compat. (authored by clumens).

Test: cts-scheduler: Remove sed needed for backwards compat.

Thu, Dec 5, 11:06 AM

GitHub <noreply@github.com> committed rPd0b8bf43d57e: Merge pull request #3752 from clumens/cts-substitute-3.0 (authored by kgaillot).

Merge pull request #3752 from clumens/cts-substitute-3.0

Thu, Dec 5, 11:06 AM

kgaillot added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.

Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."

Thu, Dec 5, 11:05 AM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Restricted Project

nrwahl2 committed rP814fc6197afd: Test: cts-schemas: Add test for ACL validity after other transformations (authored by nrwahl2).

Test: cts-schemas: Add test for ACL validity after other transformations

Thu, Dec 5, 10:45 AM

nrwahl2 committed rPa80b3dc6d50a: Fix: xml: Ensure ACL permissions are valid after XSL transformations (authored by nrwahl2).

Fix: xml: Ensure ACL permissions are valid after XSL transformations

Thu, Dec 5, 10:45 AM

nrwahl2 committed rP986cc5c4a0f4: Fix: xml: Preserve ACL reference behavior for replaced constraints (authored by nrwahl2).

Fix: xml: Preserve ACL reference behavior for replaced constraints

Thu, Dec 5, 10:45 AM

GitHub <noreply@github.com> committed rPb6914499147c: Merge pull request #3747 from nrwahl2/nrwahl2-T898 (authored by kgaillot).

Merge pull request #3747 from nrwahl2/nrwahl2-T898

Thu, Dec 5, 10:45 AM

GitHub <noreply@github.com> committed rR6830df7dc32c: Merge pull request #2000 from ClusterLabs/fix-openstack-cinder-start (authored by fabbione).

Merge pull request #2000 from ClusterLabs/fix-openstack-cinder-start

Thu, Dec 5, 5:41 AM

fabbione committed rR71bc76dc4fa5: openstack-cinder-volume: wait for volume to be available (authored by fabbione).

openstack-cinder-volume: wait for volume to be available

Thu, Dec 5, 5:41 AM

nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.

@kgaillot Can you weigh in when you have a chance? I know things are especially busy.
I figure it's unwise to work on the xpath case until we agree upon how we ought to address it -- if at all.

Thu, Dec 5, 5:17 AM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Restricted Project

Wed, Dec 4

kgaillot triaged T925: Fix on-fail handling of nested Pacemaker Remote connections as Normal priority.

Wed, Dec 4, 7:17 PM · Restricted Project, Restricted Project, Restricted Project

kgaillot triaged T924: Convert crm_report to C as Wishlist priority.

Wed, Dec 4, 7:06 PM · Restricted Project, Restricted Project

clumens committed rP810b24931fc2: Test: cts-scheduler: Remove sed needed for backwards compat. (authored by clumens).

Test: cts-scheduler: Remove sed needed for backwards compat.

Wed, Dec 4, 6:54 PM

GitHub <noreply@github.com> committed rPbda7a0afa66d: Merge pull request #3744 from clumens/cts-substitute (authored by kgaillot).

Merge pull request #3744 from clumens/cts-substitute

Wed, Dec 4, 6:53 PM

nrwahl2 committed rPcdd0f5cc3c4e: Low: log: Allow CIB upgrade messages to start with W, I, D (authored by nrwahl2).

Low: log: Allow CIB upgrade messages to start with W, I, D

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP229c015032d2: Doc: xml: Correct documentation of colocation/order lifetime transform (authored by nrwahl2).

Doc: xml: Correct documentation of colocation/order lifetime transform

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP9d7f363498a1: Low: xml: Warn if schema transformation drops nagios/upstart resources (authored by nrwahl2).

Low: xml: Warn if schema transformation drops nagios/upstart resources

Wed, Dec 4, 6:52 PM

nrwahl2 committed rPcebf97e7623d: Low: xml: Warn if schema transformation drops rkt bundles (authored by nrwahl2).

Low: xml: Warn if schema transformation drops rkt bundles

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP95c26887f6d0: Low: xml: Warn if schema transformation drops restart-type meta-attr (authored by nrwahl2).

Low: xml: Warn if schema transformation drops restart-type meta-attr

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP160c770ed315: Low: xml: Warn if schema transformation drops can_fail or... (authored by nrwahl2).

Low: xml: Warn if schema transformation drops can_fail or...

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP135a9a58e9ac: Low: xml: Warn if schema transformation drops colocation/order lifetimes (authored by nrwahl2).

Low: xml: Warn if schema transformation drops colocation/order lifetimes

Wed, Dec 4, 6:52 PM

nrwahl2 committed rPf695d590481f: Test: cts-scheduler: Split multiple top-level location constraint rules (authored by nrwahl2).

Test: cts-scheduler: Split multiple top-level location constraint rules

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP1e46ec1ad333: Low: xml: Info if schema transformation drops empty groups or clones (authored by nrwahl2).

Low: xml: Info if schema transformation drops empty groups or clones

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP3f27710d3b76: Test: cts-scheduler: Drop nvpairs without value attribute (authored by nrwahl2).

Test: cts-scheduler: Drop nvpairs without value attribute

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP20a68d2e3da4: Low: xml: Warn if schema transformation drops moon phase (authored by nrwahl2).

Low: xml: Warn if schema transformation drops moon phase

Wed, Dec 4, 6:52 PM

nrwahl2 committed rP3cdc28c01fdb: Low: xml: Warn if schema transformation drops remove-after-stop property (authored by nrwahl2).

Low: xml: Warn if schema transformation drops remove-after-stop property

Wed, Dec 4, 6:52 PM

GitHub <noreply@github.com> committed rPee0ce7bb4ef9: Merge pull request #3750 from nrwahl2/nrwahl2-backport (authored by kgaillot).

Merge pull request #3750 from nrwahl2/nrwahl2-backport

Wed, Dec 4, 6:52 PM

kgaillot edited the content of Pacemaker Release Checklist.

Wed, Dec 4, 6:35 PM · Restricted Project

kgaillot triaged T923: Document the 'container' resource meta-attribute as Wishlist priority.

Wed, Dec 4, 5:52 PM · Restricted Project, Restricted Project

kgaillot triaged T922: Improve fencing documentation as Wishlist priority.

Wed, Dec 4, 5:12 PM · Restricted Project, Restricted Project, Restricted Project

kgaillot triaged T921: Document sbd integration in Pacemaker Explained as Wishlist priority.

Wed, Dec 4, 4:01 PM · Restricted Project, Restricted Project, Restricted Project

nrwahl2 committed rPd73295338f87: Low: log: Allow CIB upgrade messages to start with W, I, D (authored by nrwahl2).

Low: log: Allow CIB upgrade messages to start with W, I, D

Wed, Dec 4, 3:04 PM

nrwahl2 committed rP427eeacc4896: Doc: xml: Correct documentation of colocation/order lifetime transform (authored by nrwahl2).

Doc: xml: Correct documentation of colocation/order lifetime transform

Wed, Dec 4, 3:04 PM

nrwahl2 committed rPc6a330ab3977: Low: xml: Warn if schema transformation drops nagios/upstart resources (authored by nrwahl2).

Low: xml: Warn if schema transformation drops nagios/upstart resources

Wed, Dec 4, 3:04 PM

nrwahl2 committed rPa01ff269149e: Low: xml: Warn if schema transformation drops rkt bundles (authored by nrwahl2).

Low: xml: Warn if schema transformation drops rkt bundles

Wed, Dec 4, 3:04 PM

nrwahl2 committed rPa3dab2f2debb: Low: xml: Warn if schema transformation drops restart-type meta-attr (authored by nrwahl2).

Low: xml: Warn if schema transformation drops restart-type meta-attr

Wed, Dec 4, 3:04 PM

nrwahl2 committed rP7fe0be2d02c0: Low: xml: Warn if schema transformation drops can_fail or... (authored by nrwahl2).

Low: xml: Warn if schema transformation drops can_fail or...

Wed, Dec 4, 3:04 PM

nrwahl2 committed rP66dda8bbd063: Low: xml: Warn if schema transformation drops colocation/order lifetimes (authored by nrwahl2).

Low: xml: Warn if schema transformation drops colocation/order lifetimes

Wed, Dec 4, 3:04 PM

nrwahl2 committed rPa2caf543a62f: Test: cts-scheduler: Split multiple top-level location constraint rules (authored by nrwahl2).

Test: cts-scheduler: Split multiple top-level location constraint rules

Wed, Dec 4, 3:04 PM

nrwahl2 committed rP9f4b5bae511e: Test: cts-scheduler: Drop nvpairs without value attribute (authored by nrwahl2).

Test: cts-scheduler: Drop nvpairs without value attribute

Wed, Dec 4, 3:04 PM

nrwahl2 committed rPfc5a8228b7d9: Low: xml: Info if schema transformation drops empty groups or clones (authored by nrwahl2).

Low: xml: Info if schema transformation drops empty groups or clones

Wed, Dec 4, 3:04 PM

nrwahl2 committed rPd8ad75b43f0b: Low: xml: Warn if schema transformation drops moon phase (authored by nrwahl2).

Low: xml: Warn if schema transformation drops moon phase

Wed, Dec 4, 3:04 PM

nrwahl2 committed rP432684232325: Low: xml: Warn if schema transformation drops remove-after-stop property (authored by nrwahl2).

Low: xml: Warn if schema transformation drops remove-after-stop property

Wed, Dec 4, 3:04 PM

GitHub <noreply@github.com> committed rP9efa85586d60: Merge pull request #3741 from nrwahl2/nrwahl2-T896 (authored by kgaillot).

Merge pull request #3741 from nrwahl2/nrwahl2-T896

Wed, Dec 4, 3:04 PM

kgaillot committed rPf88351669040: Build: maint: fix heading in changelog generation (authored by kgaillot).

Build: maint: fix heading in changelog generation

Wed, Dec 4, 2:51 PM

kgaillot committed rPeed28da0b726: Fix: scheduler: avoid memory leak when freeing node copies (authored by kgaillot).

Fix: scheduler: avoid memory leak when freeing node copies

Wed, Dec 4, 2:51 PM

kgaillot committed rP8a681a200ada: Fix: controller: avoid memory leak when updating join phase (authored by kgaillot).

Fix: controller: avoid memory leak when updating join phase

Wed, Dec 4, 2:51 PM

kgaillot committed rP7ea3c1d57dab: API: libcrmcommon: add pcmk_common_cleanup() (authored by kgaillot).

API: libcrmcommon: add pcmk_common_cleanup()

Wed, Dec 4, 2:51 PM

kgaillot committed rPc95dc1244fbc: Low: various: clean up library memory at child exit (authored by kgaillot).

Low: various: clean up library memory at child exit

Wed, Dec 4, 2:51 PM

kgaillot committed rP1b393b568cc8: Low: pacemaker-remoted: improve exit codes for schema failures (authored by kgaillot).

Low: pacemaker-remoted: improve exit codes for schema failures

Wed, Dec 4, 2:51 PM

GitHub <noreply@github.com> committed rP84299f875e9b: Merge pull request #3748 from kgaillot/release3 (authored by kgaillot).

Merge pull request #3748 from kgaillot/release3

Wed, Dec 4, 2:51 PM

kgaillot updated the task description for T727: Handle output objects in pcmk_update_configured_schema().

Wed, Dec 4, 12:52 PM · Restricted Project, Restricted Project, Restricted Project

kgaillot changed the status of T901: Use asynchronous communication for liblrmd commands with replies from WIP to Open.

Wed, Dec 4, 12:23 PM · Restricted Project, Restricted Project

kgaillot changed the status of T901: Use asynchronous communication for liblrmd commands with replies, a subtask of T855: Make most remote reads asynchronous, from WIP to Open.

Wed, Dec 4, 12:23 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Restricted Project

kgaillot committed rP4bd7b8167e6d: Doc: ChangeLog: update for 3.0.0-rc1 release (authored by kgaillot).

Doc: ChangeLog: update for 3.0.0-rc1 release

Wed, Dec 4, 11:50 AM

kgaillot committed rP27214d09f334: Fix: scheduler: avoid memory leak when freeing node copies (authored by kgaillot).

Fix: scheduler: avoid memory leak when freeing node copies

Wed, Dec 4, 11:50 AM

kgaillot committed rP738c031cabb4: Build: maint: fix heading in changelog generation (authored by kgaillot).

Build: maint: fix heading in changelog generation

Wed, Dec 4, 11:50 AM

kgaillot committed rP0db2909c61da: Fix: controller: avoid memory leak when updating join phase (authored by kgaillot).

Fix: controller: avoid memory leak when updating join phase

Wed, Dec 4, 11:50 AM

kgaillot committed rPa398583a5b08: API: libcrmcommon: add pcmk_common_cleanup() (authored by kgaillot).

API: libcrmcommon: add pcmk_common_cleanup()

Wed, Dec 4, 11:50 AM

All StoriesUse ResultsEdit QueryHide Query

Mon, Dec 9

Thu, Dec 5

Wed, Dec 4

All Stories
Use Results
Edit Query
Hide Query