[MIR] fence-agents
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fence-agents (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
fence-agents is present in the Ubuntu archive since Precise, it builds fine and tests pass in all supported architectures. It was promoted in Precise:
https:/
In Trusty it was demoted, not sure about the reason.
[Rationale]
The fence-agents package provides a set of scripts used to fence (STONITH) nodes in a Corosync/Pacemaker cluster. It has been heavily used in HA solutions and the Ubuntu Server team is starting to support some of those scripts in the fence-agents-
[Security]
A couple of CVEs were reported against fence-agents:
- https:/
- https:/
They are already fixed in the archive, CVE-2014-0104 in version 4.0.17-1 and CVE-2019-10153 in version 4.3.3-2.
[Quality assurance]
The package is quite simple, no configuration file is needed and it works out-of-the-box. There is no outstanding bug reported upstream, nor in Debian and Ubuntu. The Debian maintainer is very active and willing to collaborate with us.
Upstream does not provide a test suite but all the scripts are tested during build time to check if they at least can load everything needed. We also have some DEP-8 tests in place (they do not cover most of the scripts). But thinking about the quality of the package, all the agents shipped in the fence-agents-base binary package are going to have automated tests running daily in our testing infrastructure.
[UI standards]
N/A
[Dependencies]
The binaries to be promoted to main are: fence-agents-common and fence-agents-base. All their runtime dependencies are in main already which are python3-pexpect and python3-pycurl.
[Standards compliance]
There is one error reported by lintian:
E: fence-agents-
This directory is created by the package because a couple of agents expect this directory:
agents/
184: options[
agents/
16:STORE_PATH = "/var/run/
Those two fence agents are not in the supported list yet but a bug was filed upstream to get it fixed:
https:/
[Maintenance]
This package has been maintained by the Ubuntu Server team and this will continue to apply as part of the work on the HA (High Availability) stack.
[Background information]
In Impish, three new binary packages were created: fence-agents-common and fence-agents-base and fence-agents-extra. The -common package contains the common files used by supported and unsupported agents, and the -base contains the agents curated by the Ubuntu Server team.
CVE References
Changed in fence-agents (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in fence-agents (Ubuntu): | |
assignee: | nobody → Andy Whitcroft (apw) |
FWIW I submitted a pacemaker merge proposal which add changes to recommend fence-agents- supported. Since pacemaker is already in main the fence-agents- supported package will need to be pulled in.
https:/ /code.launchpad .net/~lucaskana shiro/ubuntu/ +source/ pacemaker/ +git/pacemaker/ +merge/ 402284