Phriction Welcome to the ClusterLabs Wiki Projects Pacemaker Pacemaker 3.0 Changes Pacemaker 3.0 Configuration Changes History Version 17 vs 49
Version 17 vs 49
Version 17 vs 49
Content Changes
Content Changes
**This describes proposed configuration changes for a possible Pacemaker 3.0.0 release. Discussion should be directed to the [[ /w/clusterlabs/clusterlabs_mailing_lists/ | users mailing list]].**
These changes are only proposed and may not make it into the final release.
== The build process ==
=== Dependencies ===
In general, Pacemaker 3 will support dependency versions that are available in supported releases of major Linux distributions (usually but not always including long-term support releases). The following are specifically targeted for support:
* Debian 10 "buster" and later
* RHEL 8.0 and later
* SUSE 15.0 and later
* Ubuntu 18 "bionic" and later
The only changes are these new minimum dependency versions:
* libdbus 1.5.12
* libgnutls 2.12.0 (previously optional, this is now a required build dependency)
* libqb 1.0.1
* libxml2 2.9.2
* pkg-config 0.28 (or pkgconf)
* Python 3.6
=== configure script ===
The following configure script options are no longer supported:
* `--enable-legacy-links` //(deprecated in Pacemaker 2.1.0)//
* `--enable-compat-2.0` //(introduced in 2.1.0 explicitly for the 2.1 series only)//
* `--enable-upstart` //(deprecated in Pacemaker 2.1.0)//
* `--with-gnutls` //(GnuTLS is now required and cannot be disabled)//
* `--with-nagios` //(deprecated in Pacemaker 2.1.6)//
=== RPMs ===
* The `RPMDEST` Makefile variable may no longer be set to `toplevel`. The default of `subtree`, and explicit paths, are still supported.
* The spec file now longer supports the `--with-doc` and `--without-doc` options. Documentation will always be built.
* Pacemaker's logrotate script is now part of the pacemaker package instead of the pacemaker-cli package.
* The `--with stonithd`/`--without stonithd` spec file option, which controls support for Linux-HA fencing agents, has been renamed to `--with linuxha/--without linuxha`
== Resource agents ==
* The obsolete and deprecated **ocf:pacemaker:o2cb** resource agent (which manages the ocf_controld.pcmk daemon for OCFS2 file systems) has been dropped.
== Configuration Information Base (CIB) XML changes ==
**XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid before upgrading any node in the cluster.
**Schema validation is now required for the CIB.** The `validate-with` attribute of the `cib` XML element must be specified, and may no longer be set to the deprecated values `none`, `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, or `pacemaker-next`. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster.
The following will be automatically and silently dropped or converted to current syntax when used in existing configurations, but disallowed in new ones (as well as existing ones after running `cibadmin --upgrade`).
* The schema will have stricter error checking.
** Clones using non-OCF resource agents and the `globally-unique` meta-attribute set to `true` will be considered an error and ignored (currently, a warning is logged but the resource is allowed)
** Invalid topology levels will be disallowed in the CIB rather than wait until they are rejected by the fencer (valid levels are 1 through 9)
** The value of an `acl_target` element's `id` attribute must be of the XML ID type (noncompliant names will be given an auto-generated ID and moved to the `name` attribute)
** Empty groups will be ignored (currently they can have some effect in constraints)
* Support for these deprecated (and mostly undocumented) features will be dropped.
** `nagios` class resources
** `upstart` class resources
** bundles using `rkt` to launch containers
** `master` resources (they will be converted to `clone` elements with the `promotable` meta-attribute set to `true`)
** `remove-after-stop` cluster option
** `moon` in `date_spec` elements in rules
** Nodes with `type` set to `ping`
** `ordering` attribute of resource sets in colocation constraints
** `can-fail` (or `can_fail`) resource meta-attribute (if possible, it will converted to `on-fail` operation meta-attributes set to `ignore`)
** `restart-type` resource meta-attribute
** `role-after-failure` resource meta-attribute
** `score` in an ordering constraint (if possible, a value of 0 will be transformed to a `kind` of `optional`)
** `stonith-action` cluster option set to `poweroff` (it will be transformed to `off`)
** `collocated` and `ordered` group options (if possible, a value of `false` will be transformed to resource sets in a colocation or ordering constraint instead)
** `lifetime` elements inside a constraint (any rules they contain will be left inside the constraint directly)
* Rules will now be more strictly interpreted, with the following options causing an error rather than being silently ignored where they aren't relevant.
** `op_expression` in a rule anywhere other than `op_defaults`
** `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`
** `score` or `score-attribute` in a rule anywhere other than a location constraint
** `value-source` in a rule `expression` anywhere other than a location constraint
** `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`
** `yearsdays` anywhere (`yeardays` is allowed only in a `time_spec`)
** An invalid `role` name in any `rule`
== Start-up environment variables ==
These are set in a platform-specific location, typically /etc/sysconfig/pacemaker or /etc/default/pacemaker.
* Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables.
* Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning.
* New variables enable the use of X.509 certificates to encrypt Pacemaker Remote connections and remote CIB administration sessions. See the environment file for details.
---
== ocf:pacemaker Resource Agent Changes ==
* The `ocf:pacemaker:controld` agent no longer accepts or defaults to `gfs_controld` as a value for its `daemon` parameter, since `gfs_controld` has been obsolete since 2012. Resource names that start with `gfs` will default to the `dlm_controld` daemon as with any other resource name.
---
== Configuration Information Base (CIB) XML changes ==
* **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, you can check the logs for deprecation warnings).
* **Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element may no longer be omitted or set to the deprecated values `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.)
* **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster.
* Support for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`.
** cluster options: `crmd-finalization-timeout`, `crmd-integration-timeout`, `crmd-transition-delay`, `remove-after-stop`, and the `stonith-action` cluster option set to `poweroff`
** nodes: `type` set to `ping`
** `primitive` resources: `nagios` or `upstart` class
** `master` resources (use `clone` resource with `promotable` meta-attribute set to `true` instead)
** `bundle` resources: using `rkt` to launch containers; `masters` meta-attribute
** operation options: `can-fail`, `can_fail`, and `role_after_failure`
** resource options: `restart-type`
** rules: `moon` in `date_spec` elements
** constraints: `lifetime` elements in any constraint
* Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users)
** Invalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9)
** Resource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures
** Location constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used).
** An `nvpair` element with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute as well
** An `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes
** If a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted
** A `node` with an invalid `type` is now ignored (previously, they were treated as `ping` nodes, contributing to quorum but unable to run resources)
** Any `instance_attributes` in `rsc_defaults` is now ignored
* Rule syntax is more strictly interpreted
** A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; or uses `date_spec` without a `date_spec` element
** An attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; or has `value` missing when it is required or present when it is unused
** A resource expression is now treated as not passing if it is missing an `id`
** An operation expression is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval`
** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op`
** An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing.
** The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule`
* Changes in defaults
** `action` configured as a fence device parameter is now ignored rather than treated as a default fencing action
** The `concurrent-fencing` cluster option now defaults to true and is deprecated
** The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1
* Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead).
* `nvpair` elements must now contain a `value` attribute (it is no longer optional).
* If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element.
* Pacemaker has always allowed custom names to be configured in cluster options and resource options, which are ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any option names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, the schema enforced that users could not use those names as custom names, to prevent misunderstandings. Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom name.
**This describes proposed configuration changes for a possible Pacemaker 3.0.0 release. Discussion should be directed to the [[ /w/clusterlabs/clusterlabs_mailing_lists/ | users mailing list]].**== Start-up environment variables ==
These changes are only proposed and may not are set in a platform-specific location, typically /etc/sysconfig/pacemake it into the final releaser or /etc/default/pacemaker.
== The build process ==* Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables.
=== Dependencies ===* Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning.
In general, Pacemaker 3 will support dependency versions that are available in supported releases of major Linux distributions (usually but not always including long-term support releases)* New variables enable the use of X.509 certificates to encrypt Pacemaker Remote connections and remote CIB administration sessions. The following are specifically targetedSee the environment file for support:details.
* Debian 10 "buster" and later
* RHEL 8.0 and later
* SUSE 15.0 and later
* Ubuntu 18 "bionic" and later
The only changes are these new minimum dependency versions:
* libdbus 1.5.12
* libgnutls 2.12.0 (previously optional, this is now a required build dependency)
* libqb 1.0.1
* libxml2 2.9.2
* pkg-config 0.28 (or pkgconf)
* Python 3.6
=== configure script ===
The following configure script options are no longer supported:---
* `--enable-legacy-links` //(deprecated in Pacemaker 2.1.0)//
* `--enable-compat-2.0` //(introduced in 2.1.0 explicitly for the 2.1 series only)//
* `--enable-upstart` //(deprecated in Pacemaker 2.1.0)//
* `--with-gnutls` //(GnuTLS is now required and cannot be disabled)//
* `--with-nagios` //(deprecated in Pacemaker 2.1.6)//== ocf:pacemaker Resource Agent Changes ==
=== RPMs ===* The `ocf:pacemaker:controld` agent no longer accepts or defaults to `gfs_controld` as a value for its `daemon` parameter, since `gfs_controld` has been obsolete since 2012. Resource names that start with `gfs` will default to the `dlm_controld` daemon as with any other resource name.
* The `RPMDEST` Makefile variable may no longer be set to `toplevel`. The default of `subtree`, and explicit paths, are still supported.
* The spec file now longer supports the `--with-doc` and `--without-doc` options. Documentation will always be built.
* Pacemaker's logrotate script is now part of the pacemaker package instead of the pacemaker-cli package.
* The `--with stonithd`/`--without stonithd` spec file option, which controls support for Linux-HA fencing agents, has been renamed to `--with linuxha/--without linuxha`
== Resource agents ==
* The obsolete and deprecated **ocf:pacemaker:o2cb** resource agent (which manages the ocf_controld.pcmk daemon for OCFS2 file systems) has been dropped.---
== Configuration Information Base (CIB) XML changes ==
* **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, so ensure it is valid before upgrading any node in the clusteryou can check the logs for deprecation warnings).
**Schema validation is now required for the CIB.*** **Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element must be specified, and may no longer be omitted or set to the deprecated values `none`, `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or `pacemaker-next`or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.)
The following will be automatically and silently dropped or converted to current syntax when used in existing configurations* **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, but disallowed in new ones (as well as existso ensure one is set before upgrading ones after running `cibadmin --upgrade`)any node in the cluster.
* The schema will have stricter error checkingSupport for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`.
** Clones using non-OCF resource agents and the `globally-unique` meta-attribute set to `true` will be considered an error and ignored (currentlycluster options: `crmd-finalization-timeout`, `crmd-integration-timeout`, `crmd-transition-delay`, `remove-after-stop`, a warning is logged but the resource is allowed)and the `stonith-action` cluster option set to `poweroff`
** Invalid topology levels will be disallowed in the CIB rather than wait until they are rejected by the fencer (valid levels are 1 through 9)nodes: `type` set to `ping`
** The value of an `acl_target` element's `id` attribute must be of the XML ID type (noncompliant names will be given an auto-generated ID and moved to the `name` attribute)`primitive` resources: `nagios` or `upstart` class
** Empty groups will be ignored (currently they can have some effect in constraints)
* Support for these deprecated (and mostly undocumented) features will be dropped.`master` resources (use `clone` resource with `promotable` meta-attribute set to `true` instead)
** `nagios` class resourcesbundle` resources: using `rkt` to launch containers; `masters` meta-attribute
** `upstart` class resources** operation options: `can-fail`, `can_fail`, and `role_after_failure`
** bundles using `rkt` to launch containers** resource options: `restart-type`
** `master` resources (they will be converted to `clone` elements with the `promotable` meta-attribute set to `true`)** rules: `moon` in `date_spec` elements
** `remove-after-stop` cluster optionconstraints: `lifetime` elements in any constraint
* Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users)
** `moon` in `date_spec` elements in rulesInvalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9)
** Nodes with `type` set to `ping`Resource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures
** `ordering` attribute of resource sets in colocation constraintsLocation constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used).
** `can-fail` (or `can_fail`) resource meta-attribute (if possible, it will converted to `on-fail` operation meta-attributes set to `ignore`)An `nvpair` element with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute as well
** `restart-type` resource meta-attributeAn `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes
** `role-after-failure` resource meta-attributeIf a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted
** `score` in** A `node` with an ordering constraint (if possibleinvalid `type` is now ignored (previously, they were treated as `ping` nodes, a value of 0 will be transformed to a `kind` of `optional`contributing to quorum but unable to run resources)
** `stonith-action` cluster option set to `poweroff` (it will be transformed to `off`)** Any `instance_attributes` in `rsc_defaults` is now ignored
* Rule syntax is more strictly interpreted
** `collocated` and `ordered` group options (if possible,A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; a value of `false` will be transformed to resource sets in a colocation or ordering constraint instead)or uses `date_spec` without a `date_spec` element
** `lifetime` elements inside a constraint (any rules they contain will be left inside the constraint directly)
* Rules will now be more strictly interpreted,An attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; with the following options causing an error rather than being silently ignored where they aren't relevant.or has `value` missing when it is required or present when it is unused
** A resource expression is now treated as not passing if it is missing an `id`
** `op_** An operation expression` in a rule anywhere other than `op_defaults` is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval`
** `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op`
** `score` or `score-attribute` in a rule anywhere other than a location constraint** An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing.
** The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule`
* Changes in defaults
** `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duraaction` configured as a fence device parameter is now ignored rather than treated as a default fencing action`
** `yearsdays` anywhere (`yeardays` is allowed only in a `time_spec`)** The `concurrent-fencing` cluster option now defaults to true and is deprecated
** An invalid `role` name in any `rule`The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1
* Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead).
* `nvpair` elements must now contain a `value` attribute (it is no longer optional).
* If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element.
* Pacemaker has always allowed custom names to be configured in cluster options and resource options, which are ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any option names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, the schema enforced that users could not use those names as custom names, to prevent misunderstandings. Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom name.