Phriction Welcome to the ClusterLabs Wiki Projects Pacemaker Pacemaker 3.0 Changes Pacemaker 3.0 Configuration Changes History Version 37 vs 49
Version 37 vs 49
Version 37 vs 49
Content Changes
Content Changes
**This describes proposed configuration changes for a possible Pacemaker 3.0.0 release. Discussion should be directed to the [[ /w/clusterlabs/clusterlabs_mailing_lists/ | users mailing list]].**
These changes are only proposed and may not make it into the final release.
== Start-up environment variables ==
These are typically set under /etc/sysconfig or /etc/default.
* Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables.
* Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning.
---
== Configuration Information Base (CIB) XML changes ==
* **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, you can check the logs for deprecation warnings).
* **Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element may no longer be omitted or set to the deprecated values `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.)
* **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster.
* Support for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`.
** cluster options: `remove-after-stop`, and the `stonith-action` cluster option set to `poweroff`
** nodes: `type` set to `ping`
** `primitive` resources: `nagios` or `upstart` class
** `group` resources: `collocated` and `ordered` group options; groups with no members will be ignored (previously, they could have some effect if used in constraints)
** `master` resources
** `bundle` resources: using `rkt` to launch containers
** resource meta-attributes: `can-fail`, `can_fail`, `restart-type`, and `role-after-failure`
** rules: `moon` in `date_spec` elements
** constraints: `lifetime` elements in any constraint, `ordering` attribute of resource sets in colocation constraints, and `score` in ordering constraints
* Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users)
** Clones using non-OCF resource agents and the `globally-unique` clone option set to `true` will be considered an error and ignored (currently, a warning is logged but the resource is allowed)
** Invalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9)
** The value of an `acl_target` element's `id` attribute must be of the XML ID type (noncompliant names will be given an auto-generated ID and moved to the `name` attribute)
** Resource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures
** Location constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used).
** If a location constraint has a rule using `score-attribute`, the constraint will be ignored for nodes where the specified attribute is unset or invalid (previously, the constraint would be used with a score of -INFINITY for unset and 0 for invalid).
** An `nvpair` elements with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute as well
** An `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes
** If a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted
** A `node` with an invalid `type` is now ignored (previously, they were treated as `ping` nodes, contributing to quorum but unable to run resources)
** Any `instance_attributes` in `rsc_defaults` is now ignored
* Rule syntax is now be more strictly interpreted
** A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; or uses `date_spec` without a `date_spec` element
** An attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; or has `value` missing when it is required or present when it is unused
** A resource expression is now treated as not passing if it is missing an `id`
** An operation expression is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval`
** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op`
** An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing.
** The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule`
* Changes in defaults
** The documentation states that the default for `action` in a `resource_set` is the enclosing constraint's action. However until now `start` has actually been used as the default. The behavior has changed to match the documentation.
** `action` configured as a fence device parameter is now ignored rather than treated as a default fencing action.
** The `concurrent-fencing` cluster option now defaults to true and is deprecated
** The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1
* Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead).
* A negative `migration-threshold`, which is invalid and was previously treated as 1, is now treated as 0 (no limit).
* Previously, a rule `expression` with the empty string as `value` would never be treated as passing. Now, it passes when the corresponding node attribute is the empty string.
* `nvpair` elements must now contain a `value` attribute (it is no longer optional).
* If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element.
* Pacemaker has always allowed custom settings to be configured in cluster options and resource options, which will be ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any setting names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, the schema enforced that users could not use those names as custom settings, to prevent misunderstandings. Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom setting.
== Start-up environment variables ==
These are set in a platform-specific location, typically /etc/sysconfig/pacemaker or /etc/default/pacemaker.
* Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables.
* Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning.
* New variables enable the use of X.509 certificates to encrypt Pacemaker Remote connections and remote CIB administration sessions. See the environment file for details.
---
== ocf:pacemaker Resource Agent Changes ==
* The `ocf:pacemaker:controld` agent no longer accepts or defaults to `gfs_controld` as a value for its `daemon` parameter, since `gfs_controld` has been obsolete since 2012. Resource names that start with `gfs` will default to the `dlm_controld` daemon as with any other resource name.
---
== Configuration Information Base (CIB) XML changes ==
* **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, you can check the logs for deprecation warnings).
* **Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element may no longer be omitted or set to the deprecated values `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.)
* **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster.
* Support for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`.
** cluster options: `crmd-finalization-timeout`, `crmd-integration-timeout`, `crmd-transition-delay`, `remove-after-stop`, and the `stonith-action` cluster option set to `poweroff`
** nodes: `type` set to `ping`
** `primitive` resources: `nagios` or `upstart` class
** `master` resources (use `clone` resource with `promotable` meta-attribute set to `true` instead)
** `bundle` resources: using `rkt` to launch containers; `masters` meta-attribute
** operation options: `can-fail`, `can_fail`, and `role_after_failure`
** resource options: `restart-type`
** rules: `moon` in `date_spec` elements
** constraints: `lifetime` elements in any constraint
* Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users)
** Invalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9)
** Resource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures
** Location constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used).
** An `nvpair` element with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute as well
** An `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes
** If a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted
** A `node` with an invalid `type` is now ignored (previously, they were treated as `ping` nodes, contributing to quorum but unable to run resources)
** Any `instance_attributes` in `rsc_defaults` is now ignored
* Rule syntax is more strictly interpreted
** A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; or uses `date_spec` without a `date_spec` element
** An attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; or has `value` missing when it is required or present when it is unused
** A resource expression is now treated as not passing if it is missing an `id`
** An operation expression is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval`
** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op`
** An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing.
** The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule`
* Changes in defaults
** `action` configured as a fence device parameter is now ignored rather than treated as a default fencing action
** The `concurrent-fencing` cluster option now defaults to true and is deprecated
** The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1
* Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead).
* `nvpair` elements must now contain a `value` attribute (it is no longer optional).
* If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element.
* Pacemaker has always allowed custom names to be configured in cluster options and resource options, which are ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any option names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, the schema enforced that users could not use those names as custom names, to prevent misunderstandings. Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom name.
**This describes proposed configuration changes for a possible Pacemaker 3.0.0 release. Discussion should be directed to the [[ /w/clusterlabs/clusterlabs_mailing_lists/ | users mailing list]].**
These changes are only proposed and may not make it into the final release.
== Start-up environment variables ==
These are typically set underset in a platform-specific location, typically /etc/sysconfig/pacemaker or /etc/default/pacemaker.
* Pacemaker no longer uses the `HA_cib_timeout`, `HA_shutdown_delay`, `PCMK_cib_timeout`, `PCMK_dh_min_bits`, or `PCMK_shutdown_delay` variables.
* Pacemaker now interprets the value of `PCMK_panic_action` case-sensitively, and invalid values will be logged as a warning.
* New variables enable the use of X.509 certificates to encrypt Pacemaker Remote connections and remote CIB administration sessions. See the environment file for details.
---
== ocf:pacemaker Resource Agent Changes ==
* The `ocf:pacemaker:controld` agent no longer accepts or defaults to `gfs_controld` as a value for its `daemon` parameter, since `gfs_controld` has been obsolete since 2012. Resource names that start with `gfs` will default to the `dlm_controld` daemon as with any other resource name.
---
== Configuration Information Base (CIB) XML changes ==
* **XML syntax in the CIB must now be correctly formed.** Previously, some simple XML syntax errors would be ignored. Upgrades will not succeed if the XML syntax is invalid, so ensure it is valid //before// upgrading any node in the cluster (if you are running Pacemaker 2.1.8 or later, you can check the logs for deprecation warnings).
* **Deprecated schemas have been dropped.** The `validate-with` attribute of the `cib` XML element may no longer be omitted or set to the deprecated values `pacemaker-0.6`, `transitional-0.6`, `pacemaker-0.7`, `pacemaker-1.1`, `pacemaker-next`, or any unknown value. Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster. (Disabling validation by setting `validate-with` to `none` remains allowed and deprecated.)
* **Schema names are now case-sensitive.** The `validate-with` attribute of the `cib` XML element must now match the schema file names by case (all lowercase). Upgrades will not succeed unless the CIB has a supported value for `validate-with` //before// the upgrade, so ensure one is set before upgrading any node in the cluster.
* Support for the following deprecated (and mostly undocumented) features has been dropped. Any uses in existing configurations will be automatically and silently converted to current syntax when possible. They will not be allowed in new configurations, or in existing ones after running `cibadmin --upgrade`.
** cluster options: `crmd-finalization-timeout`, `crmd-integration-timeout`, `crmd-transition-delay`, `remove-after-stop`, and the `stonith-action` cluster option set to `poweroff`
** nodes: `type` set to `ping`
** `primitive` resources: `nagios` or `upstart` class
** `group` resources: `collocated` and `ordered` group options; groups with no members will be ignored (previously, they could have some effect if used in constraintsmaster` resources (use `clone` resource with `promotable` meta-attribute set to `true` instead)
** `masterbundle` resourcesurces: using `rkt` to launch containers; `masters` meta-attribute
** `bundle` resources: using `rkt` to launch containers** operation options: `can-fail`, `can_fail`, and `role_after_failure`
** resource meta-attributes: `can-fail`, `can_fail`,options: `restart-type`, and `role-after-failure`e`
** rules: `moon` in `date_spec` elements
** constraints: `lifetime` elements in any constraint, `ordering` attribute of resource sets in colocation constraints, and `score` in ordering constraints
* Error checking is stricter (most of these errors are possible only with schema validation disabled, and so will not affect the vast majority of users)
** Clones using non-OCF resource agents and the `globally-unique` clone option set to `true` will be considered an error and ignored (currently, a warning is logged but the resource is allowed)
** Invalid fencing topology levels are now disallowed by the schema (rather than waiting until they are rejected by the fencer; valid levels are 1 through 9)
** The value of an `acl_target` element's `id` attribute must be of the XML ID type (noncompliant names will be given an auto-generated ID and moved to the `name` attribute)
** Resource history entries with an invalid `rc-code` (which should be possible only with manual mis-editing or a bug) will now be ignored rather than treated as action failures
** Location constraints with an invalid `score`, `boolean-op`, or `role`, colocation constraints with an invalid `score`, `rsc-role`, or `with-rsc-role`, and ticket constraints with an invalid `rsc-role` are now ignored (previously, the default value would be used).
** If a location constraint has a rule using `score-attribute`, the constraint will be ignored for nodes where the specified attribute is unset or invalid (previously, the constraint would be used with a score of -INFINITY for unset and 0 for invalid).
** An `nvpair` elementsAn `nvpair` element with an invalid `id-ref` attribute is now ignored even if it has a `name` and/or `value` attribute as well
** An `nvpair` element with a valid `id-ref` attribute and also `name` and/or `value` attributes now ignores the `name` and `value` attributes
** If a `cluster_property_set`, `instance_attributes`, `meta_attributes`, or `utilization` element contains multiple top-level rules, only the first will now be interpreted
** A `node` with an invalid `type` is now ignored (previously, they were treated as `ping` nodes, contributing to quorum but unable to run resources)
** Any `instance_attributes` in `rsc_defaults` is now ignored
* Rule syntax is now be more strictly interpreted
** A date expression is now treated as not passing if it is missing an `id`; contains an invalid `operation`; contains a `date_spec` or `duration` with a missing `id` or an attribute with an invalid range; has an `operation` of `in_range`, `gt`, or `lt` with an invalid or missing `start` or `end`; or uses `date_spec` without a `date_spec` element
** An attribute expression is now treated as not passing if it is missing an `id`; has an invalid `value-source` or `type`; or has `value` missing when it is required or present when it is unused
** A resource expression is now treated as not passing if it is missing an `id`
** An operation expression is now treated as not passing if it is missing an `id` or `interval` or has an invalid `interval`
** A rule is now treated as not passing if it is missing an `id` or has an invalid `boolean-op`
** An rule with a `boolean-op` of `or` with no conditions is now properly treated as passing.
** The schema will no longer allow rule syntax where it is unused, including: `op_expression` in a rule anywhere other than `op_defaults`; `rsc_expression` in a rule anywhere other than `rsc_defaults` or `op_defaults`; `score` or `score-attribute` in a rule anywhere other than a location constraint; `value-source` in a rule `expression` anywhere other than a location constraint; `monthdays`, `weekdays`, `weekyears`, or `moon` in a `duration`; `yearsdays` anywhere (the correct spelling `yeardays` is allowed only in a `time_spec`); an invalid `role` name in any `rule`
* Changes in defaults
** The documentation states that the default for `action` in a `resource_set` is the enclosing constraint's action. However until now `start` has actually been used as the default. The behavior has changed to match the documentation.
** `action` configured as a fence device parameter is now ignored rather than treated as a default fencing action.
** The `concurrent-fencing` cluster option now defaults to true and is deprecated
** The `globally-unique` clone option now defaults to `true` when `clone-node-max` is greater than 1
* Location constraints may now have at most a single top-level rule (previously, they could have any number; use separate location constraints for each top-level rule instead).
* A negative `migration-threshold`, which is invalid and was previously treated as 1, is now treated as 0 (no limit).
* Previously, a rule `expression` with the empty string as `value` would never be treated as passing. Now, it passes when the corresponding node attribute is the empty string.
* `nvpair` elements must now contain a `value` attribute (it is no longer optional).
* If an `nvpair` element has an `id-ref` attribute, it can no longer also have a `name` attribute to override the referenced element.
* Pacemaker has always allowed custom settingsnames to be configured in cluster options and resource options, which will beare ignored by Pacemaker but can be used by users' own tooling. The user has to take care not to conflict with any settingoption names that Pacemaker uses. As of Pacemaker 2.0.0, when support for certain deprecated options was dropped, the schema enforced that users could not use those names as custom settingsnames, to prevent misunderstandings. Those restrictions have now been dropped, and if those names are configured, they will be ignored as with any other custom settingname.