Page MenuHomeClusterLabs Projects
Feed All Stories

All Stories
Use Results
Edit Query

Dec 11 2024

nrwahl2 committed rP4c530272676a: Log: xml: Warn about post-transform behavior changes for ACLs with xpath (authored by nrwahl2).
Log: xml: Warn about post-transform behavior changes for ACLs with xpath
Dec 11 2024, 10:06 AM

Dec 10 2024

kgaillot triaged T931: Monitor not cancelled in maintenance mode as Low priority.
Dec 10 2024, 7:00 PM · Restricted Project, Restricted Project, Pacemaker: Scheduler
kgaillot committed rP70a09ed6805a: Fix: scheduler: avoid memory leak in bundles (authored by kgaillot).
Fix: scheduler: avoid memory leak in bundles
Dec 10 2024, 6:39 PM
kgaillot committed rPa5413938f2cf: Low: libcrmcluster: initialize from in pcmk__cpg_message_data() (authored by kgaillot).
Low: libcrmcluster: initialize from in pcmk__cpg_message_data()
Dec 10 2024, 6:39 PM
kgaillot committed rP0b8b39575490: Log: libcrmcluster: avoid redundant log for invalid CPG messages (authored by kgaillot).
Log: libcrmcluster: avoid redundant log for invalid CPG messages
Dec 10 2024, 6:39 PM
kgaillot committed rP7db460c95130: Low: libcrmcluster: don't assert for CPG decompression error (authored by kgaillot).
Low: libcrmcluster: don't assert for CPG decompression error
Dec 10 2024, 6:39 PM
kgaillot committed rP479d2f71b082: Refactor: libcrmcluster: move peer caching up in pcmk__cpg_message_data() (authored by kgaillot).
Refactor: libcrmcluster: move peer caching up in pcmk__cpg_message_data()
Dec 10 2024, 6:39 PM
kgaillot committed rPd2cdce913744: Log: libcrmcluster: improve messages in pcmk__cpg_message_data() (authored by kgaillot).
Log: libcrmcluster: improve messages in pcmk__cpg_message_data()
Dec 10 2024, 6:39 PM
kgaillot committed rPdeb45b115e6e: Fix: libcrmcluster: restore CPG header size compatibility (authored by kgaillot).
Fix: libcrmcluster: restore CPG header size compatibility
Dec 10 2024, 6:39 PM
GitHub <noreply@github.com> committed rP22f708cbc1e3: Merge pull request #3760 from kgaillot/release3 (authored by nrwahl2).
Merge pull request #3760 from kgaillot/release3
Dec 10 2024, 6:39 PM
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 10 2024, 6:04 PM · Restricted Project
clumens committed rPcbd069fb5462: Refactor: libcrmcommon: pcmk__x509_enabled doesn't need an arg. (authored by clumens).
Refactor: libcrmcommon: pcmk__x509_enabled doesn't need an arg.
Dec 10 2024, 5:54 PM
clumens committed rP57a03bff39ce: Feature: daemons: Enable TLS support for Pacemaker Remote nodes. (authored by clumens).
Feature: daemons: Enable TLS support for Pacemaker Remote nodes.
Dec 10 2024, 5:54 PM
clumens committed rP7add90ffb28e: Low: libcrmcommon: Set *tls = NULL in a few more locations. (authored by clumens).
Low: libcrmcommon: Set *tls = NULL in a few more locations.
Dec 10 2024, 5:54 PM
clumens committed rPab92f64bdf3f: Feature: liblrmd: Enable TLS support for Pacemaker Remote clients. (authored by clumens).
Feature: liblrmd: Enable TLS support for Pacemaker Remote clients.
Dec 10 2024, 5:54 PM
clumens committed rPa36d3087329d: Doc: sysconfig: Explain permissions needed on TLS-related files. (authored by clumens).
Doc: sysconfig: Explain permissions needed on TLS-related files.
Dec 10 2024, 5:54 PM
clumens committed rPfbc2b12a44cc: Feature: sysconfig: Document using certificates for remote nodes. (authored by clumens).
Feature: sysconfig: Document using certificates for remote nodes.
Dec 10 2024, 5:54 PM
clumens committed rPfada80d7b8dc: Doc: Pacemaker Explained: Add documentation for TLS options. (authored by clumens).
Doc: Pacemaker Explained: Add documentation for TLS options.
Dec 10 2024, 5:54 PM
clumens committed rPb15d76b9d544: Refactor: libcrmcommon: Only set gnutls priorities when needed. (authored by clumens).
Refactor: libcrmcommon: Only set gnutls priorities when needed.
Dec 10 2024, 5:54 PM
GitHub <noreply@github.com> committed rP2dd4c51346f7: Merge pull request #3759 from clumens/remote-tls (authored by kgaillot).
Merge pull request #3759 from clumens/remote-tls
Dec 10 2024, 5:54 PM
kgaillot triaged T930: Handle fencing configuration changes while a fencing operation is in progress as Wishlist priority.
Dec 10 2024, 5:31 PM · Restricted Project, Restricted Project
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 10 2024, 5:19 PM · Restricted Project
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 10 2024, 4:29 PM · Restricted Project
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 10 2024, 4:16 PM · Restricted Project
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 10 2024, 3:05 PM · Restricted Project
kgaillot committed rP2a8a292338eb: Low: libcrmcluster: initialize from in pcmk__cpg_message_data() (authored by kgaillot).
Low: libcrmcluster: initialize from in pcmk__cpg_message_data()
Dec 10 2024, 2:47 PM
kgaillot committed rP057412ec5b84: Log: libcrmcluster: avoid redundant log for invalid CPG messages (authored by kgaillot).
Log: libcrmcluster: avoid redundant log for invalid CPG messages
Dec 10 2024, 2:47 PM
kgaillot committed rP3921d0b1043e: Low: libcrmcluster: don't assert for CPG decompression error (authored by kgaillot).
Low: libcrmcluster: don't assert for CPG decompression error
Dec 10 2024, 2:47 PM
kgaillot committed rP2c5b52d18a21: Refactor: libcrmcluster: move peer caching up in pcmk__cpg_message_data() (authored by kgaillot).
Refactor: libcrmcluster: move peer caching up in pcmk__cpg_message_data()
Dec 10 2024, 2:47 PM
kgaillot committed rP756fa099ff1e: Log: libcrmcluster: improve messages in pcmk__cpg_message_data() (authored by kgaillot).
Log: libcrmcluster: improve messages in pcmk__cpg_message_data()
Dec 10 2024, 2:47 PM
kgaillot committed rP5471aad45d0b: Fix: libcrmcluster: restore CPG header size compatibility (authored by kgaillot).
Fix: libcrmcluster: restore CPG header size compatibility
Dec 10 2024, 2:47 PM
GitHub <noreply@github.com> committed rPf19db17b5e57: Merge pull request #3757 from kgaillot/fixes (authored by nrwahl2).
Merge pull request #3757 from kgaillot/fixes
Dec 10 2024, 2:46 PM
kgaillot edited the content of Pacemaker 3.0 Configuration Changes.
Dec 10 2024, 10:44 AM
clumens committed rPfb7a6c4a1ec3: Refactor: libcib: Unindent code in cib_new. (authored by clumens).
Refactor: libcib: Unindent code in cib_new.
Dec 10 2024, 10:44 AM
clumens committed rP71a71004103c: Refactor: libcib: Rearrange cib_remote_signon a bit. (authored by clumens).
Refactor: libcib: Rearrange cib_remote_signon a bit.
Dec 10 2024, 10:44 AM
clumens committed rPb050f0155257: Refactor: libcrmcommon: Use our own logging for gnutls. (authored by clumens).
Refactor: libcrmcommon: Use our own logging for gnutls.
Dec 10 2024, 10:44 AM
clumens committed rP49c4e87cf251: Refactor: libcrmcommon: Move tls priority detection into a function. (authored by clumens).
Refactor: libcrmcommon: Move tls priority detection into a function.
Dec 10 2024, 10:44 AM
clumens committed rP72f51f51b7fd: Refactor: libs: Move tls-specific code from remote.c to tls.c. (authored by clumens).
Refactor: libs: Move tls-specific code from remote.c to tls.c.
Dec 10 2024, 10:44 AM
clumens committed rPb59141d075db: Feature: libcrmcommon: Add pcmk__x509_enabled. (authored by clumens).
Feature: libcrmcommon: Add pcmk__x509_enabled.
Dec 10 2024, 10:44 AM
clumens committed rPc9fc1ddee0f9: Feature: sysconfig: Add env settings needed for X509 authentication. (authored by clumens).
Feature: sysconfig: Add env settings needed for X509 authentication.
Dec 10 2024, 10:44 AM
clumens committed rP5984f0f6d2f7: Refactor: libcrmcommon: Change the type of tls_session... (authored by clumens).
Refactor: libcrmcommon: Change the type of tls_session...
Dec 10 2024, 10:44 AM
clumens committed rP08ddc29b0de1: Refactor: libcrmcommon: pcmk__new_tls_session can take a cert cred type. (authored by clumens).
Refactor: libcrmcommon: pcmk__new_tls_session can take a cert cred type.
Dec 10 2024, 10:44 AM
clumens committed rP8aff17b1a7a3: Refactor: libcrmcommon: Add pcmk__tls_t. (authored by clumens).
Refactor: libcrmcommon: Add pcmk__tls_t.
Dec 10 2024, 10:44 AM
clumens committed rP096b1ddfa85b: Refactor: libs: Use pcmk__tls_t in the client TLS code as well. (authored by clumens).
Refactor: libs: Use pcmk__tls_t in the client TLS code as well.
Dec 10 2024, 10:44 AM
clumens committed rP9ab22792c134: Refactor: libcrmcommon: Deprecate crm_gnutls_global_init. (authored by clumens).
Refactor: libcrmcommon: Deprecate crm_gnutls_global_init.
Dec 10 2024, 10:44 AM
clumens committed rP04131210a439: Refactor: libcrmcommon: Simplify args to pcmk__new_tls_session. (authored by clumens).
Refactor: libcrmcommon: Simplify args to pcmk__new_tls_session.
Dec 10 2024, 10:44 AM
clumens committed rP59c08d106797: Feature: daemons: Set up X509 auth in based if enabled. (authored by clumens).
Feature: daemons: Set up X509 auth in based if enabled.
Dec 10 2024, 10:44 AM
clumens committed rP2be15a9b855c: Feature: libcrmcommon: If the server supports certs, require them... (authored by clumens).
Feature: libcrmcommon: If the server supports certs, require them...
Dec 10 2024, 10:44 AM
GitHub <noreply@github.com> committed rP4143eb814a50: Merge pull request #3758 from clumens/certs-3.0 (authored by kgaillot).
Merge pull request #3758 from clumens/certs-3.0
Dec 10 2024, 10:44 AM
clumens committed rPaa316e38478e: Feature: libs: Log if a TLS certificate is close to expiration. (authored by clumens).
Feature: libs: Log if a TLS certificate is close to expiration.
Dec 10 2024, 10:44 AM
clumens committed rPa0b3f9b4db27: Feature: libcib: Enable TLS certs for remote CIB operations. (authored by clumens).
Feature: libcib: Enable TLS certs for remote CIB operations.
Dec 10 2024, 10:44 AM
clumens committed rP7b68062f60d9: Doc: Pacemaker Administration: Explain use of TLS certificates. (authored by clumens).
Doc: Pacemaker Administration: Explain use of TLS certificates.
Dec 10 2024, 10:44 AM

Dec 9 2024

kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 9 2024, 1:19 PM · Restricted Project
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 9 2024, 1:02 PM · Restricted Project
kgaillot updated the task description for T853: Pacemaker issues requiring investigation.
Dec 9 2024, 12:56 PM · Restricted Project
kgaillot triaged T929: Don't try to get node attributes in fencer standalone mode as Wishlist priority.
Dec 9 2024, 12:40 PM · Restricted Project, Restricted Project, Restricted Project
kgaillot triaged T928: Ensure parameters exist when calling controld_add_resource_history_xml_as() as Low priority.
Dec 9 2024, 12:36 PM · Restricted Project, Restricted Project, Restricted Project
kgaillot triaged T927: placement-strategy=balanced and resource without utilization can yield incomplete transition as Normal priority.
Dec 9 2024, 12:34 PM · Restricted Project, Pacemaker: Scheduler
clumens committed rP228c94fa5f29: Refactor: libcib: Unindent code in cib_new. (authored by clumens).
Refactor: libcib: Unindent code in cib_new.
Dec 9 2024, 10:49 AM
clumens committed rP40f0c3da72b0: Refactor: libcib: Rearrange cib_remote_signon a bit. (authored by clumens).
Refactor: libcib: Rearrange cib_remote_signon a bit.
Dec 9 2024, 10:49 AM
clumens committed rP7539fec5c1d6: Refactor: libcrmcommon: Use our own logging for gnutls. (authored by clumens).
Refactor: libcrmcommon: Use our own logging for gnutls.
Dec 9 2024, 10:49 AM
clumens committed rP761957896cd2: Refactor: libcrmcommon: Move tls priority detection into a function. (authored by clumens).
Refactor: libcrmcommon: Move tls priority detection into a function.
Dec 9 2024, 10:49 AM
clumens committed rP96eb4036f95f: Refactor: libcrmcommon: Change the type of tls_session... (authored by clumens).
Refactor: libcrmcommon: Change the type of tls_session...
Dec 9 2024, 10:49 AM
clumens committed rPa141eec64a4d: Feature: sysconfig: Add env settings needed for X509 authentication. (authored by clumens).
Feature: sysconfig: Add env settings needed for X509 authentication.
Dec 9 2024, 10:49 AM
clumens committed rP701eac03ccd8: Refactor: libs: Move tls-specific code from remote.c to tls.c. (authored by clumens).
Refactor: libs: Move tls-specific code from remote.c to tls.c.
Dec 9 2024, 10:49 AM
clumens committed rP57ea342262f8: Feature: libcrmcommon: Add pcmk__x509_enabled. (authored by clumens).
Feature: libcrmcommon: Add pcmk__x509_enabled.
Dec 9 2024, 10:49 AM
clumens committed rP95da79fcc8bf: Refactor: libcrmcommon: pcmk__new_tls_session can take a cert cred type. (authored by clumens).
Refactor: libcrmcommon: pcmk__new_tls_session can take a cert cred type.
Dec 9 2024, 10:49 AM
clumens committed rPfd05ba32d066: Refactor: libcrmcommon: Add pcmk__tls_t. (authored by clumens).
Refactor: libcrmcommon: Add pcmk__tls_t.
Dec 9 2024, 10:49 AM
clumens committed rP9d90dd7c0b57: Refactor: libs: Use pcmk__tls_t in the client TLS code as well. (authored by clumens).
Refactor: libs: Use pcmk__tls_t in the client TLS code as well.
Dec 9 2024, 10:49 AM
clumens committed rPd065ccd4631a: Refactor: libcrmcommon: Deprecate crm_gnutls_global_init. (authored by clumens).
Refactor: libcrmcommon: Deprecate crm_gnutls_global_init.
Dec 9 2024, 10:49 AM
clumens committed rP86efd5dd2dc8: Refactor: libcrmcommon: Simplify args to pcmk__new_tls_session. (authored by clumens).
Refactor: libcrmcommon: Simplify args to pcmk__new_tls_session.
Dec 9 2024, 10:49 AM
clumens committed rPaae93cbcb9c8: Feature: daemons: Set up X509 auth in based if enabled. (authored by clumens).
Feature: daemons: Set up X509 auth in based if enabled.
Dec 9 2024, 10:49 AM
clumens committed rP0ff89a84b788: Feature: libcrmcommon: If the server supports certs, require them... (authored by clumens).
Feature: libcrmcommon: If the server supports certs, require them...
Dec 9 2024, 10:49 AM
clumens committed rPafdb38a7b7b9: Feature: libs: Log if a TLS certificate is close to expiration. (authored by clumens).
Feature: libs: Log if a TLS certificate is close to expiration.
Dec 9 2024, 10:49 AM
clumens committed rPd4b99f10e845: Feature: libcib: Enable TLS certs for remote CIB operations. (authored by clumens).
Feature: libcib: Enable TLS certs for remote CIB operations.
Dec 9 2024, 10:49 AM
clumens committed rP20c6c4b17bbd: Doc: Pacemaker Administration: Explain use of TLS certificates. (authored by clumens).
Doc: Pacemaker Administration: Explain use of TLS certificates.
Dec 9 2024, 10:49 AM
GitHub <noreply@github.com> committed rP9a524a3a8bec: Merge pull request #3738 from clumens/certs (authored by kgaillot).
Merge pull request #3738 from clumens/certs
Dec 9 2024, 10:49 AM
gao-yan committed rS12dbb6938254: Build: spec: try finding and using libaio.so.x library name (authored by gao-yan).
Build: spec: try finding and using libaio.so.x library name
Dec 9 2024, 2:01 AM
gao-yan committed rS530c285ccff7: Refactor: tests: ability to specify a libaio name (authored by gao-yan).
Refactor: tests: ability to specify a libaio name
Dec 9 2024, 2:01 AM
GitHub <noreply@github.com> committed rS594611958983: Merge pull request #157 from gao-yan/log-tests-error-libaio.so (authored by wenningerk).
Merge pull request #157 from gao-yan/log-tests-error-libaio.so
Dec 9 2024, 2:01 AM

Dec 5 2024

kgaillot updated the task description for T893: Improve transition logs.
Dec 5 2024, 4:27 PM · Pacemaker: Scheduler, Restricted Project
nrwahl2 committed rP614e6fc7635c: Low: xml: Fix ACL xpath typo from 986cc5c4 (authored by nrwahl2).
Low: xml: Fix ACL xpath typo from 986cc5c4
Dec 5 2024, 4:25 PM
GitHub <noreply@github.com> committed rPe9503b614d99: Merge pull request #3755 from nrwahl2/nrwahl2-T898 (authored by nrwahl2).
Merge pull request #3755 from nrwahl2/nrwahl2-T898
Dec 5 2024, 4:25 PM
kgaillot committed rPf4d0cba3cee3: Fix: scheduler: avoid memory leak in bundles (authored by kgaillot).
Fix: scheduler: avoid memory leak in bundles
Dec 5 2024, 4:24 PM
GitHub <noreply@github.com> committed rPeaaae45922d9: Merge pull request #3753 from kgaillot/fixes (authored by kgaillot).
Merge pull request #3753 from kgaillot/fixes
Dec 5 2024, 4:24 PM
kgaillot added a subtask for T781: Improve terminology for clarity: T893: Improve transition logs.
Dec 5 2024, 3:45 PM · Restricted Project, Restricted Project, Pacemaker: Future Release Series
kgaillot added a parent task for T893: Improve transition logs: T781: Improve terminology for clarity.
Dec 5 2024, 3:45 PM · Pacemaker: Scheduler, Restricted Project
kgaillot added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.
In T898#14811, @nrwahl2 wrote:
In T898#14801, @kgaillot wrote:

Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."

I'd also be fine with warning at the end if any ACLs use xpath, period. It's broader scope than necessary, but it avoids the need to clutter the stylesheet and the logs with individual warnings for each relevant transformation. (We could some of the log clutter by having one warning per step in the pipeline, but that may be a gnarly template to catch every case in a single template.)

Dec 5 2024, 3:10 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
nrwahl2 committed rP4fffdc78f37d: Test: cts-schemas: Add test for ACL validity after other transformations (authored by nrwahl2).
Test: cts-schemas: Add test for ACL validity after other transformations
Dec 5 2024, 3:05 PM
nrwahl2 committed rPbfa25605aef2: Fix: xml: Ensure ACL permissions are valid after XSL transformations (authored by nrwahl2).
Fix: xml: Ensure ACL permissions are valid after XSL transformations
Dec 5 2024, 3:05 PM
nrwahl2 committed rP7e7aa7db86bf: Fix: xml: Preserve ACL reference behavior for replaced constraints (authored by nrwahl2).
Fix: xml: Preserve ACL reference behavior for replaced constraints
Dec 5 2024, 3:05 PM
GitHub <noreply@github.com> committed rPe1a48fb64a58: Merge pull request #3754 from nrwahl2/nrwahl2-backport (authored by kgaillot).
Merge pull request #3754 from nrwahl2/nrwahl2-backport
Dec 5 2024, 3:05 PM
nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.
In T898#14801, @kgaillot wrote:

Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."

Dec 5 2024, 1:56 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
nrwahl2 added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.
In T898#14801, @kgaillot wrote:

Do you know what version of libxslt added support for dyn:evaluate? We only require 2.9.2 currently. I wouldn't mind using it to reduce the scope of the log further, but it's not necessary.

Dec 5 2024, 1:51 PM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
kgaillot triaged T926: Add --health option to crm_attribute and attrd_updater as Wishlist priority.
Dec 5 2024, 12:06 PM · Restricted Project, Restricted Project, Restricted Project
clumens committed rPf27e4ab5c1e7: Test: cts-scheduler: Remove sed needed for backwards compat. (authored by clumens).
Test: cts-scheduler: Remove sed needed for backwards compat.
Dec 5 2024, 11:06 AM
GitHub <noreply@github.com> committed rPd0b8bf43d57e: Merge pull request #3752 from clumens/cts-substitute-3.0 (authored by kgaillot).
Merge pull request #3752 from clumens/cts-substitute-3.0
Dec 5 2024, 11:06 AM
kgaillot added a comment to T898: Ensure 3.0.0 transforms do not invalidate XPaths or IDs used in ACLs.

Since the risk of corner cases is so high, and our time for 3.0.0 is limited, I think the best approach would be to log a warning if a CIB contains ACLs with xpaths and the upgrade adds or renames any element or attribute. (We could possibly check whether an xpath exists that refers to an attribute, to reduce the scope a bit.) Something like: "WARNING: CIB syntax changes may invalidate ACLs that use 'xpath'. It is strongly recommended to run 'cibadmin --upgrade' then go through the updated CIB carefully to ensure ACLs still match the desired intent."

Dec 5 2024, 11:05 AM · Restricted Project, Restricted Project, Restricted Project, Restricted Project, Pacemaker (3.0.0)
nrwahl2 committed rP814fc6197afd: Test: cts-schemas: Add test for ACL validity after other transformations (authored by nrwahl2).
Test: cts-schemas: Add test for ACL validity after other transformations
Dec 5 2024, 10:45 AM
nrwahl2 committed rPa80b3dc6d50a: Fix: xml: Ensure ACL permissions are valid after XSL transformations (authored by nrwahl2).
Fix: xml: Ensure ACL permissions are valid after XSL transformations
Dec 5 2024, 10:45 AM
First
Prev
Next