Chapter 26. Clustering
PCS is able to find a token and connect to a node with upper case characters in its node name
Previously, PCS was unable to find a token for any node name with upper case characters, and it would report an error that the node is not authenticated. This occurred because the
pcs cluster auth
command would lowercase all node names before storing them to the PCS token file. With this fix, PCS does not lowercase node names before storing them to the PCS token file. (BZ#1590533)
pcs
now shows correct value for failcount
Starting with the Red Hat Enterprise Linux 7.5 release, the
pcs resource failcount show
command always showed a failcount
of zero, even when this was not the correct value. This occurred because the format of resource failcounts was changed in Pacemaker. With this fix, the pcs
utility is able to parse the new failcount
format and it displays the correct value. (BZ#1588667)
At cluster startup, corosync
starts on each node with a small delay to reduce the risk of JOIN flood
Starting
corosync
on all nodes at the same time may cause a JOIN flood, which may result in some nodes not joining the cluster. With this update, each node starts corosync
with a small delay to reduce the risk of this happening. (BZ#1572886)
New /etc/sysconfig/pcsd
option to reject client-initiated SSL/TLS renegotiation
When TLS renegotiation is enabled on the server, a client is allowed to send a renegotiation request, which initiates a new handshake. Computational requirements of a handshake are higher on a server than on a client. This makes the server vulnerable to DoS attacks. With this fix, a new option has been added to the
/etc/sysconfig/pcsd
configuration file to reject renegotiations. Note that the client can still open multiple connections to a server with a handshake performed for all of the connections. (BZ#1566382)