**This describes proposed configuration changes for a possible Pacemaker 3.0.0 release. Discussion should be directed to the [[ /w/clusterlabs/clusterlabs_mailing_lists/ | users mailing list]].** These changes are only proposed and may not make it into the final release. == The build process == === Dependencies === In general, Pacemaker 3 will support dependency versions that are available in supported releases of major Linux distributions (usually but not always including long-term support releases). The following are specifically targeted for support: * Debian 10 "buster" and later * RHEL 8.0 and later * SUSE 15.0 and later * Ubuntu 18 "bionic" and later The only changes are these new minimum dependency versions: * libdbus 1.5.12 * libgnutls 2.12.0 (previously optional, this is now a required build dependency) * libqb 1.0.1 * libxml2 2.9.2 * pkg-config 0.28 (or pkgconf) * Python 3.5 === configure script === The following configure script options are no longer supported: * `--enable-legacy-links` //(deprecated in Pacemaker 2.1.0)// * `--enable-compat-2.0` //(introduced in 2.1.0 explicitly for the 2.1 series only)// * `--enable-upstart` //(deprecated in Pacemaker 2.1.0)// * `--with-gnutls` //(GnuTLS is now required and cannot be disabled)// * `--with-nagios` //(deprecated in Pacemaker 2.1.6)// === RPMs === * The `RPMDEST` Makefile variable may no longer be set to `toplevel`. The default of `subtree`, and explicit paths, are still supported. * The spec file now longer supports the `--with-doc` and `--without-doc` options. Documentation will always be built. * Pacemaker's logrotate script is now part of the pacemaker package instead of the pacemaker-cli package. * The `--with-stonithd`/`--without-stonithd` spec file option, which controls support for Linux-HA fencing agents, has been renamed to `--with-linuxha/--without-linuxha` == Resource agents == * The obsolete and deprecated **ocf:pacemaker:o2cb** resource agent (which manages the ocf_controld.pcmk daemon for OCFS2 file systems) has been dropped. == Configuration Information Base (CIB) XML changes == **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid before upgrading any node in the cluster. **Schema validation is now required for the CIB.** The `validate-with` attribute of the `cib` XML element must be specified, and may no longer be set to the deprecated values `none`, `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, or `pacemaker-next`. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. The following will be automatically and silently dropped or converted to current syntax when used in existing configurations, but disallowed in new ones (as well as existing ones after running `cibadmin --upgrade`). * The schema will have stricter error checking. ** Clones using non-OCF resource agents and the `globally-unique` meta-attribute set to `true` will be considered an error and ignored (currently, a warning is logged but the resource is allowed) ** Invalid topology levels will be disallowed in the CIB rather than wait until they are rejected by the fencer (valid levels are 1 through 9) ** The value of an `acl_target` element's `id` attribute must be of the XML ID type (noncompliant names will be given an auto-generated ID and moved to the `name` attribute) ** Empty groups will be ignored (currently they can have some effect in constraints) * Support for these deprecated (and mostly undocumented) features will be dropped. ** `nagios` class resources ** `upstart` class resources ** bundles using `rkt` to launch containers ** `master` resources (they will be converted to `clone` elements with the `promotable` meta-attribute set to `true`) ** `remove-after-stop` cluster option ** `moon` in `date_spec` elements in rules ** Nodes with `type` set to `ping` ** `ordering` attribute of resource sets in colocation constraints ** `can-fail` (or `can_fail`) resource meta-attribute (if possible, it will converted to `on-fail` operation meta-attributes set to `ignore`) ** `restart-type` resource meta-attribute ** `role-after-failure` resource meta-attribute ** `score` in an ordering constraint (if possible, a value of 0 will be transformed to a `kind` of `optional`) ** `stonith-action` cluster option set to `poweroff` (it will be transformed to `off`) ** `collocated` and `ordered` group options (if possible, a value of `false` will be transformed to resource sets in a colocation or ordering constraint instead) ** `lifetime` elements inside a constraint (any rules they contain will be left inside the constraint directly) * Rules will now be more strictly interpreted, with the following options causing an error rather than being silently ignored where they aren't relevant. ** `op_expression` in a rule anywhere other than `op_defaults` ** `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults` ** `score` or `score-attribute` in a rule anywhere other than a location constraint ** `value-source` in a rule `expression` anywhere other than a location constraint ** `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration` ** `yearsdays` anywhere (`yeardays` is allowed only in a `time_spec`) ** An invalid `role` name in any `rule`

== Start-up environment variables == These are typically set under /etc/sysconfig or /etc/default. * Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables. * Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning. --- == Configuration Information Base (CIB) XML changes == * **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, you can check the logs for deprecation warnings). * **Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element may no longer be omitted or set to the deprecated values `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.) * **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. * Support for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`. ** cluster options: `crmd-finalization-timeout`, `crmd-integration-timeout`, `crmd-transition-delay`, `remove-after-stop`, and the `stonith-action` cluster option set to `poweroff` ** nodes: `type` set to `ping` ** `primitive` resources: `nagios` or `upstart` class ** `master` resources (use `clone` resource with `promotable` meta-attribute set to `true` instead) ** `bundle` resources: using `rkt` to launch containers; `masters` meta-attribute ** operation options: `can-fail`, `can_fail`, and `role_after_failure` ** resource options: `restart-type` ** rules: `moon` in `date_spec` elements ** constraints: `lifetime` elements in any constraint * Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users) ** Invalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9) ** Resource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures ** Location constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used). ** An `nvpair` element with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute as well ** An `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes ** If a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted ** A `node` with an invalid `type` is now ignored (previously, they were treated as `ping` nodes, contributing to quorum but unable to run resources) ** Any `instance_attributes` in `rsc_defaults` is now ignored * Rule syntax is more strictly interpreted ** A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; or uses `date_spec` without a `date_spec` element ** An attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; or has `value` missing when it is required or present when it is unused ** A resource expression is now treated as not passing if it is missing an `id` ** An operation expression is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval` ** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op` ** An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing. ** The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule` * Changes in defaults ** `action` configured as a fence device parameter is now ignored rather than treated as a default fencing action ** The `concurrent-fencing` cluster option now defaults to true and is deprecated ** The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1 * Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead). * `nvpair` elements must now contain a `value` attribute (it is no longer optional). * If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element. * Pacemaker has always allowed custom names to be configured in cluster options and resource options, which are ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any option names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, the schema enforced that users could not use those names as custom names, to prevent misunderstandings. Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom name.

**This describes proposed configuration changes for a possible Pacemaker 3.0.0 release. Discussion should be directed to the [[ /w/clusterlabs/clusterlabs_mailing_lists/ | users mailing list]].**== Start-up environment variables == These changes are only proposed and may not make it into the final releaseare typically set under /etc/sysconfig or /etc/default. == The build process ==* Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables. === Dependencies ===* Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning. In general, Pacemaker 3 will support dependency versions that are available in supported releases of major Linux distributions (usually but not always including long-term support releases). The following are specifically targeted for support:--- * Debian 10 "buster" and later * RHEL 8.0 and later * SUSE 15.0 and later * Ubuntu 18 "bionic" and later== Configuration Information Base (CIB) XML changes == The only changes are these new minimum dependency versions:* **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, you can check the logs for deprecation warnings). * libdbus 1.5.12 * libgnutls 2.12.0 (previously optional, this is now a required build dependency) * libqb 1.0.1 * libxml2 2.9.2 * pkg-config 0.28 (or pkgconf) * Python 3.5**Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element may no longer be omitted or set to the deprecated values `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.) === configure script ===* **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. The following configure script options are no longer supported: * `--enable-legacy-links` //(deprecated in Pacemaker 2.1.0)//* Support for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`. * `--enable-compat-2.0` //(introduced in 2.1.0 explicitly for the 2.1 series only)//* cluster options: `crmd-finalization-timeout`, `crmd-integration-timeout`, `crmd-transition-delay`, `remove-after-stop`, and the `stonith-action` cluster option set to `poweroff` * `--enable-upstart` //(deprecated in Pacemaker 2.1.0)//** nodes: `type` set to `ping` * `--with-gnutls` //(GnuTLS is now required and cannot be disabled)//** `primitive` resources: `nagios` or `upstart` class * `--with-nagios` //(deprecated in Pacemaker 2.1.6)// === RPMs === * The `RPMDEST` Makefile variable may no longer be set to `toplevel`. The default of `subtree`, and explicit paths, are still supported. * The spec file now longer supports the `--with-doc` and `--without-doc` options. Documentation will always be built. * Pacemaker's logrotate script is now part of the pacemaker package instead of the pacemaker-cli package. * The `--with-stonithd`/`--without-stonithd` spec file option, which controls support for Linux-HA fencing agents, has been renamed to `--with-linuxha/--without-linuxha` == Resource agents == * The obsolete and deprecated **ocf:pacemaker:o2cb** resource agent (which manages the ocf_controld.pcmk daemon for OCFS2 file systems) has been dropped. == Configuration Information Base (CIB) XML changes == **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid before upgrading any node in the cluster. **Schema validation is now required for the CIB.** The `validate-with` attribute of the `cib` XML element must be specified, and may no longer be set to the deprecated values `none`, `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, or `pacemaker-next`. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. The following will be automatically and silently dropped or converted to current syntax when used in existing configurations, but disallowed in new ones (as well as existing ones after running `cibadmin --upgrade`). * The schema will have stricter error checking.** `master` resources (use `clone` resource with `promotable` meta-attribute set to `true` instead) ** Clones using non-OCF resource agents and the `globally-unique` meta-attribute set to `true` will be considered an error and ignored (currently,`bundle` resources: using `rkt` to launch containers; a warning is logged but the resource is allowed)`masters` meta-attribute ** Invalid topology levels will be disallowed in the CIB rather than wait until they are rejected by the fencer (valid levels are 1 through 9)operation options: `can-fail`, `can_fail`, and `role_after_failure` ** The value of an `acl_target` element's `id` attribute must be of the XML ID type (noncompliant names will be given an auto-generated ID and moved to the `name` attribute)resource options: `restart-type` ** Empty groups will be ignored (currently they can have some effect in** rules: `moon` in `date_spec` elements ** constraints: `lifetime` elements in any constraints) * Support for these deprecated (and mostly undocumented) features will be dropped.Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users) ** `nagios` class resourcesInvalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9) ** `upstart` class resourcResource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures ** bundles using `rkt` to launch containersLocation constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used). ** `master` resources (they will be converted to `clone` elements with the `promotable` meta-** An `nvpair` element with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute set to `true`)e as well ** `remove-after-stop` cluster optionAn `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes ** `moon` in `date_spec` elements in rulesIf a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted ** Nodes with `type` set to `ping`A `node` with an invalid `type` is now ignored (previously, they were treated as `ping` nodes, contributing to quorum but unable to run resources) ** `ordering` ** Any `instance_attribute of resource sets in colocation constraintss` in `rsc_defaults` is now ignored * Rule syntax is more strictly interpreted ** `can-fail` (or `can_fail`) resource meta-attribute (if possible,A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; it will converted to `on-fail` operation meta-attributes set to `ignore`)or uses `date_spec` without a `date_spec` element ** `restart-type` resource meta-attributeAn attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; or has `value` missing when it is required or present when it is unused ** `role-after-failure` resource meta-attribute** A resource expression is now treated as not passing if it is missing an `id` ** `score` in an ordering constraint (if possible, a value of 0 will be transformed to a `kind` of `optional`)** An operation expression is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval` ** `stonith-action` cluster option set to `poweroff` (it will be transformed to `off`)** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op` ** `collocated` and `ordered` group options (if possible, a value of `false` will be transformed to resource sets in a colocation or ordering constraint instead)An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing. ** `lifetime` elements inside a constraint (any rules they contain will be left inside the constraint directly)The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule` * Rules will now be more strictly interpreted, with the following options causing an error rather than being silently ignored where they aren't relevant.Changes in defaults ** `op_expression` in a rule anywhere oaction` configured as a fence device parameter is now ignored rather than `op_treated as a defaults`t fencing action ** `rsc_expression` in a rule anywhere other than `rsc_** The `concurrent-fencing` cluster option now defaults` or `op_defaults` to true and is deprecated ** `score` or `score-attribute` in a rule anywhere other than a location constraint ** `value-source` in a rule `expression` anywhere other than a location constraint ** `monthdays`The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1 * Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead). * `nvpair` elements must now contain a `value` attribute (it is no longer optional). * If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element. * Pacemaker has always allowed custom names to be configured in cluster options and resource options, which are ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any option names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, `weekdays`the schema enforced that users could not use those names as custom names, `weekyears`,to prevent misunderstandings. or `moon` in a `duration` ** `yearsdays` anywhere (`yeardays` is allowed only in a `time_spec`) ** An invalid `role` name in any `rule`Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom name.