2021-05-03 20:12:51 |
Lucas Kanashiro |
bug |
|
|
added bug |
2021-05-04 11:33:15 |
Lucas Kanashiro |
bug |
|
|
added subscriber MIR approval team |
2021-05-04 14:42:34 |
Christian Ehrhardt |
fence-agents (Ubuntu): assignee |
|
Dan Streetman (ddstreet) |
|
2021-05-05 03:49:05 |
Rafael David Tinoco |
bug |
|
|
added subscriber Rafael David Tinoco |
2021-05-06 21:25:17 |
Dan Streetman |
cve linked |
|
2019-10153 |
|
2021-05-06 21:25:30 |
Dan Streetman |
fence-agents (Ubuntu): assignee |
Dan Streetman (ddstreet) |
Ubuntu Security Team (ubuntu-security) |
|
2021-05-27 18:25:40 |
Lucas Kanashiro |
description |
[Availability]
fence-agents is present in the Ubuntu archive since Precise, it builds fine and tests pass in all supported architectures. It was promoted in Precise:
https://bugs.launchpad.net/ubuntu/+source/fence-agents/+bug/897492
In Trusty it was demoted, not sure about the reason.
[Rationale]
The fence-agents package provides a set of scripts used to fence (STONITH) nodes in a Corosync/Pacemaker cluster. It has been heavily used in HA solutions and the Ubuntu Server team is starting to support some of those scripts in the fence-agents-supported binary package. The supported agents have been tested daily via Jenkins jobs. The idea is to have fence-agents-common and fence-agents-supported binary packages in main.
[Security]
A couple of CVEs were reported against fence-agents:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10153
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0104
They are already fixed in the archive, CVE-2014-0104 in version 4.0.17-1 and CVE-2019-10153 in version 4.3.3-2.
[Quality assurance]
The package is quite simple, no configuration file is needed and it works out-of-the-box. There is no outstanding bug reported upstream, nor in Debian and Ubuntu. The Debian maintainer is very active and willing to collaborate with us.
Upstream does not provide a test suite but all the scripts are tested during build time to check if they at least can load everything needed. We also have some DEP-8 tests in place (they do not cover most of the scripts). But thinking about the quality of the package, all the agents shipped in the fence-agents-supported binary package are going to have automated tests running daily in our testing infrastructure.
[UI standards]
N/A
[Dependencies]
The binaries to be promoted to main are: fence-agents-common and fence-agents-supported. All their runtime dependencies are in main already which are python3-pexpect and python3-pycurl.
[Standards compliance]
There is one error reported by lintian:
E: fence-agents-common: dir-or-file-in-var-run var/run/cluster/
This directory is created by the package because a couple of agents expect this directory:
agents/mpath/fence_mpath.py
184: options["--store-path"] = "/var/run/cluster"
agents/scsi/fence_scsi.py
16:STORE_PATH = "/var/run/cluster/fence_scsi"
Those two fence agents are not in the supported list yet but a bug was filed upstream to get it fixed:
https://github.com/ClusterLabs/fence-agents/issues/405
[Maintenance]
This package has been maintained by the Ubuntu Server team and this will continue to apply as part of the work on the HA (High Availability) stack.
[Background information]
In Impish, two new binary packages were created: fence-agents-common and fence-agents-supported. The -common package contains the common files used by supported and unsupported agents, and the -supported contains the agents supported by the Ubuntu Server team. |
[Availability]
fence-agents is present in the Ubuntu archive since Precise, it builds fine and tests pass in all supported architectures. It was promoted in Precise:
https://bugs.launchpad.net/ubuntu/+source/fence-agents/+bug/897492
In Trusty it was demoted, not sure about the reason.
[Rationale]
The fence-agents package provides a set of scripts used to fence (STONITH) nodes in a Corosync/Pacemaker cluster. It has been heavily used in HA solutions and the Ubuntu Server team is starting to support some of those scripts in the fence-agents-supported binary package. The curated agents have been tested daily via Jenkins jobs. The idea is to have fence-agents-common and fence-agents-base binary packages in main.
[Security]
A couple of CVEs were reported against fence-agents:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10153
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0104
They are already fixed in the archive, CVE-2014-0104 in version 4.0.17-1 and CVE-2019-10153 in version 4.3.3-2.
[Quality assurance]
The package is quite simple, no configuration file is needed and it works out-of-the-box. There is no outstanding bug reported upstream, nor in Debian and Ubuntu. The Debian maintainer is very active and willing to collaborate with us.
Upstream does not provide a test suite but all the scripts are tested during build time to check if they at least can load everything needed. We also have some DEP-8 tests in place (they do not cover most of the scripts). But thinking about the quality of the package, all the agents shipped in the fence-agents-base binary package are going to have automated tests running daily in our testing infrastructure.
[UI standards]
N/A
[Dependencies]
The binaries to be promoted to main are: fence-agents-common and fence-agents-base. All their runtime dependencies are in main already which are python3-pexpect and python3-pycurl.
[Standards compliance]
There is one error reported by lintian:
E: fence-agents-common: dir-or-file-in-var-run var/run/cluster/
This directory is created by the package because a couple of agents expect this directory:
agents/mpath/fence_mpath.py
184: options["--store-path"] = "/var/run/cluster"
agents/scsi/fence_scsi.py
16:STORE_PATH = "/var/run/cluster/fence_scsi"
Those two fence agents are not in the supported list yet but a bug was filed upstream to get it fixed:
https://github.com/ClusterLabs/fence-agents/issues/405
[Maintenance]
This package has been maintained by the Ubuntu Server team and this will continue to apply as part of the work on the HA (High Availability) stack.
[Background information]
In Impish, three new binary packages were created: fence-agents-common and fence-agents-base and fence-agents-extra. The -common package contains the common files used by supported and unsupported agents, and the -base contains the agents curated by the Ubuntu Server team. |
|
2021-08-10 14:40:20 |
Launchpad Janitor |
fence-agents (Ubuntu): status |
New |
Confirmed |
|
2021-09-24 01:19:31 |
Seth Arnold |
fence-agents (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
2021-09-24 01:19:33 |
Seth Arnold |
bug |
|
|
added subscriber Seth Arnold |
2021-09-24 01:19:37 |
Seth Arnold |
bug watch added |
|
https://github.com/ClusterLabs/fence-agents/issues/434 |
|
2021-09-24 01:19:37 |
Seth Arnold |
bug watch added |
|
https://github.com/ClusterLabs/fence-agents/issues/436 |
|
2021-09-24 01:20:24 |
Seth Arnold |
fence-agents (Ubuntu): status |
Confirmed |
In Progress |
|
2021-09-28 16:30:08 |
Christian Ehrhardt |
fence-agents (Ubuntu): status |
In Progress |
Fix Committed |
|
2021-09-28 19:19:44 |
Andy Whitcroft |
fence-agents (Ubuntu): assignee |
|
Andy Whitcroft (apw) |
|
2021-09-28 19:20:08 |
Steve Langasek |
fence-agents (Ubuntu): status |
Fix Committed |
Fix Released |
|
2021-09-28 19:20:08 |
Steve Langasek |
fence-agents (Ubuntu): assignee |
Andy Whitcroft (apw) |
|
|
2021-09-28 19:22:44 |
Andy Whitcroft |
fence-agents (Ubuntu): assignee |
|
Andy Whitcroft (apw) |
|
2021-09-28 19:24:48 |
Andy Whitcroft |
fence-agents (Ubuntu): assignee |
Andy Whitcroft (apw) |
|
|