Skip to navigation

Bug Fix Advisory fence-agents bug fix and enhancement update

Advisory: RHBA-2011:1599-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-12-06
Last updated on: 2011-12-06
Affected Products: Red Hat Enterprise Linux High Availability (v. 6)
Red Hat Enterprise Linux Resilient Storage (v. 6)

Details

An updated fence-agents package that fixes various bugs and adds several
enhancements is now available for Red Hat Enterprise Linux 6.

Red Hat fence agents are a collection of scripts to handle remote power
management for cluster devices. They allow failed or unreachable cluster nodes
to be forcibly restarted and removed from the cluster.

The fence-agents package has been upgraded to upstream version 3.1.5, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#707123)

This update also fixes the following bugs:

* Due to a change in REST API, the fence_rhevm utility incorrectly reported
status "UP" as "RUNNING". Consequently, the "fence_rhevm -o status" command
always reported "OFF". This bug has been fixed, and fence_rhevm now reports
status correctly. (BZ#731166)

* The fence_drac5 agent failed to clear its SSH sessions on exit as expected by
firmware. Consequently, the fence agent appeared to be still connected to the
device, and once the connection limit was reached, further logins to the device
were not allowed. This bug has been fixed, and fence_drac5 now clears its SSH
sessions properly. (BZ#718924)

* The "monitor" and "status" commands of the fence_ipmilan agent returned
chassis status instead of the fence device status. As a result, when a server
chassis was powered off, the fence_ipmilan agent exited with the incorrect
result code "2" when passed one of these commands. Now, fence_ipmilan returns
the correct result code "0" in the described scenario. (BZ#693428)

* When a blade server was removed from a blade chassis and was fenced via the
fence_bladecenter utility with the "--missing-as-off" option enabled, and was
scheduled with the "reboot" action, the fence failed. This bug has been fixed,
and fence_bladecenter no longer returns an error if a blade server is missing.
(BZ#708052)

* A list operation on fence_drac5 agents resulted in unexpected termination of
fence agents. A patch has been provided to address this issue, and fence_drac5
agents now work correctly in the described scenario. (BZ#718196)

* When the pyOpenSSL package was not present in the system, when an error
occurred, the fence_ilo agent terminated with a generic error message, making it
difficult to debug the problem. Now, fence_ilo reports that a dependent package
is missing in the described scenario, thus fixing this bug. (BZ#718207)

* The verbose mode of the fence_ipmilan agent exposed user passwords when the
whole command was logged by an IPMI tool. Now, the fence_ipmilan output has been
changed, and passwords remain undisclosed in the described scenario. (BZ#732372)

* During simultaneous unfencing operations performed via the fence_scsi agent,
all nodes launched their reservation commands at the same time. Consequently,
some of the commands failed. Now, fence_scsi retries to unfence a node until its
reservation command succeeds. (BZ#738384)

* A null dereference was discovered in the fence_kdump agent, when the strchr()
function returned the NULL value. With this update, the dereference has been
fixed in the code and no longer occurs. (BZ#734429)

This update adds the following enhancements:

* With this update, the new fence_vmware_soap() function has been provided to
enable fencing of VMware guests in ESX environments. (BZ#624673)

* The fence_kdump utility has been updated to integrate fencing with the kernel
dump environment. (BZ#461948)

* With this update, the RelaxNG schema generation for fence-agents has been
updated with the rha:description and rha:name attributes in its output to fence
attribute group elements. (BZ#698365)

* The fence_ipmilan agent has been updated to support the -L option of the
ipmilan daemon, thus supporting fencing with user session privileges level.
(BZ#726571)

Users of fence-agents are advised to upgrade to this updated package, which
fixes these bugs and adds these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux High Availability (v. 6)

SRPMS:
fence-agents-3.1.5-10.el6.src.rpm
File outdated by:  RHBA-2012:0548
    MD5: e810123752d39f83709ae6580d41edcc
SHA-256: 7b308b009fea5118e6bf84bbb88437cff6c9121634aafe0fdf794aa01e4886ca
 
IA-32:
fence-agents-3.1.5-10.el6.i686.rpm
File outdated by:  RHBA-2012:0548
    MD5: 58d8a070a747e79ec9e4738875c47e3b
SHA-256: 67132fc53a20e2b09fbddbff16c07d1b5d56ece6b6dd3139496ada2eac0de43b
fence-agents-debuginfo-3.1.5-10.el6.i686.rpm
File outdated by:  RHBA-2012:0548
    MD5: a3b2eca7c9ad6629547cdddf0964c2d7
SHA-256: 5b88c57bba197d28e6c9692687693af28577c70fb42f765b7ca7c9eada748e86
 
x86_64:
fence-agents-3.1.5-10.el6.x86_64.rpm
File outdated by:  RHBA-2012:0548
    MD5: dbee88e60ab08cf1720206d5a5bd85b1
SHA-256: 219049d67cdfc5129f8dd9952abe102ca058e50f7546c3d89fe19789ae27fb81
fence-agents-debuginfo-3.1.5-10.el6.x86_64.rpm
File outdated by:  RHBA-2012:0548
    MD5: 66d4d3e2f8ac34bfaec33b22efbe685d
SHA-256: ec7452692ef3669bc2cfc9202bce49bfdcbb8d5111eb6c8c4288be665a7abcd7
 
Red Hat Enterprise Linux Resilient Storage (v. 6)

SRPMS:
fence-agents-3.1.5-10.el6.src.rpm
File outdated by:  RHBA-2012:0548
    MD5: e810123752d39f83709ae6580d41edcc
SHA-256: 7b308b009fea5118e6bf84bbb88437cff6c9121634aafe0fdf794aa01e4886ca
 
IA-32:
fence-agents-3.1.5-10.el6.i686.rpm
File outdated by:  RHBA-2012:0548
    MD5: 58d8a070a747e79ec9e4738875c47e3b
SHA-256: 67132fc53a20e2b09fbddbff16c07d1b5d56ece6b6dd3139496ada2eac0de43b
fence-agents-debuginfo-3.1.5-10.el6.i686.rpm
File outdated by:  RHBA-2012:0548
    MD5: a3b2eca7c9ad6629547cdddf0964c2d7
SHA-256: 5b88c57bba197d28e6c9692687693af28577c70fb42f765b7ca7c9eada748e86
 
x86_64:
fence-agents-3.1.5-10.el6.x86_64.rpm
File outdated by:  RHBA-2012:0548
    MD5: dbee88e60ab08cf1720206d5a5bd85b1
SHA-256: 219049d67cdfc5129f8dd9952abe102ca058e50f7546c3d89fe19789ae27fb81
fence-agents-debuginfo-3.1.5-10.el6.x86_64.rpm
File outdated by:  RHBA-2012:0548
    MD5: 66d4d3e2f8ac34bfaec33b22efbe685d
SHA-256: ec7452692ef3669bc2cfc9202bce49bfdcbb8d5111eb6c8c4288be665a7abcd7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

461948 - Provide a method to wait for kdump to complete from fencing
624673 - Rework fence_vmware fence agent to use SOAP API to connect to Virtual Center instead of VMware Perl API
693428 - fence_ipmilan returns incorrect status on monitor op if chassis is powered off
698365 - RFE: add rha:description="fence_name" attribute to fence attribute group elements
707123 - fence-agents rebase
708052 - fence_bladecenter --missing_as_off reboot action fails on missing blade
718196 - Dell Drac CMC is not working correctly as fence device
718207 - fence_ilo fails silently when pyOpenSSL is not installed
731166 - fence_rhevm needs to change "UP" status to "up" state as the REST-API has changed.
732372 - fence_ipmi exposes user password on verbose mod
738384 - fix scsi unfencing to allow simultaneous unfences


Keywords

fence-agents


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/