Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Major
Fix Version/s: rhel-9.7
Affects Version/s: None
Component/s: pcs
Labels:
- fixed_upstream
- rn-yml

Fixed in Build:
pcs-0.11.9-3.el9
Severity:
None
Keywords:

FutureFeature

AssignedTeam:
rhel-ha

Dev Target Milestone:
13
Internal Target Milestone:
23
Story Points:
0
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
None

Git Pull Request:
https://github.com/ClusterLabs/pcs/pull/954
Preliminary Testing:
Pass
Testable Builds:
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=67696731
Errata Link:
https://errata.engineering.redhat.com/advisory/150148
Test Coverage:

Manual

Release Note Type:
Feature
Release Note Text:

Hide
.`pcs` warns users before removing the last fencing device

Before this update, `pcs` allowed users to disable or remove the last fencing device from a cluster without a warning. This could inadvertently leave the cluster in an unsupported state without any STONITH or SBD fencing configured.

With this enhancement, `pcs` now includes a safety check to prevent the accidental removal of all fencing mechanisms.

As a result, if you attempt an action that would leave the cluster without any fencing, `pcs` displays an error and blocks the change by default. For example, this occurs when you try to remove the last STONITH resource while SBD is disabled. You can override this safety check to force the change if needed.

Show
.`pcs` warns users before removing the last fencing device Before this update, `pcs` allowed users to disable or remove the last fencing device from a cluster without a warning. This could inadvertently leave the cluster in an unsupported state without any STONITH or SBD fencing configured. With this enhancement, `pcs` now includes a safety check to prevent the accidental removal of all fencing mechanisms. As a result, if you attempt an action that would leave the cluster without any fencing, `pcs` displays an error and blocks the change by default. For example, this occurs when you try to remove the last STONITH resource while SBD is disabled. You can override this safety check to force the change if needed.
Release Note Status:
Done
ProdDocsReview-CCS:
Done
ProdDocsReview-Dev:
Done
ProdDocsReview-QE:
Not Required

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

This is a clone of issue RHEL-66607 to use for version rhel-9.7
–
Original description:

Goal

The cluster will lose fencing, when a user runs e.g. `pcs stonith sbd disable` and no other fencing mechanism is configured. The user should be warned about this.

Please, check if fencing will be lost after actions that can lead to it. Send forceable error if such situation can happen.

This issue can be complex (it is necessary to check sbd and also fence device commands). So, this problem could be solved by planning and creating separate JIRAs for each subtask.

Acceptance criteria

pcs exits with an error and doesn't change cluster configuration in these scenarios:
- user disables sbd (using 'pcs stonith sbd disable' command) and there are no effective stonith resources in the cluster
- user disables the last effective stonith resource in the cluster (using 'pcs stonith disable' command) and sbd is disabled
- user disables a group or a clone or a cloned group containing the last effective stonith resource in the cluster and sbd is disabled
- user removes the last effective stonith resource in the cluster (using 'pcs stonith delete | remove' command) and sbd is disabled
- user removes a group or a clone or a cloned group containing the last effective stonith resource in the cluster and sbd is disabled
web ui reports an error and doesn't change cluster configuration in the same scenarios:
- user disables sbd (using 'Disable SBD' button) and there are no effective stonith resources in the cluster
- user removes the last effective stonith resource in the cluster (using 'delete' button in the stonith resource page) and sbd is disabled
- user removes a group or a clone or a cloned group containing the last effective stonith resource in the cluster and sbd is disabled
- disabling stonith resources is not supported in web ui, therefore this scenario doesn't apply
the error can be overridden
effective stonith resource is a stonith resource which
- is not disabled
- is capable of fencing (for example, fence_kdump is not capable of fencing)

clones

RHEL-66607 [RFE] Warn if users action could lead to cluster without fencing [rhel-10]

Release Pending

is blocked by

RHEL-85196 [WebUI] Unable to disable SBD when there are no enabled stonith devices [rhel-9]

Release Pending

RHEL-85197 [WebUI] Unable to delete last stonith resource when SBD is disabled [rhel-9]

Release Pending

is depended on by

RHEL-85196 [WebUI] Unable to disable SBD when there are no enabled stonith devices [rhel-9]

Release Pending

RHEL-85197 [WebUI] Unable to delete last stonith resource when SBD is disabled [rhel-9]

Release Pending

is incorporated by

RHEL-77194 Rebase pcs to the latest version [rhel-9]

Release Pending

links to

RHSA-2025:150148 pcs bug fix and enhancement update

(1 is incorporated by, 1 links to)

Assignee:: Nina Hostakova

Reporter:: Watson Automation

Developer:: Tomas Jelinek

QA Contact:: Nina Hostakova

Doc Contact:: Michal Stubna

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2025/01/24 1:30 PM

Updated:: 2025/10/06 12:00 PM

Dev Target end:: 2025/05/26

Target end:: 2025/08/04

Next Planned Release Date:: 2025/11/11

Details

Description

Goal

Acceptance criteria

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide