vcs-rhel7_x86_64-Patch-7.3.1.1200

 Basic information
Release type: Patch
Release date: 2020-01-17
OS update support: None
Technote: None
Documentation: None
Popularity: 155 viewed    20 downloaded
Download size: 84.22 MB
Checksum: 938882654

 Applies to one or more of the following products:
InfoScale Availability 7.3.1 On RHEL7 x86-64
InfoScale Enterprise 7.3.1 On RHEL7 x86-64
InfoScale Storage 7.3.1 On RHEL7 x86-64

 Obsolete patches, incompatibilities, superseded patches, or other requirements:

This patch supersedes the following patches: Release date
vcs-rhel7_x86_64-Patch-7.3.1.1100 (obsolete) 2019-11-05

 Fixes the following incidents:
3933946, 3964064, 3966701, 3970171, 3981993, 3990607

 Patch ID:
VRTSvcs-7.3.1.1200-RHEL7

Readme file
                          * * * READ ME * * *
                * * * Veritas Cluster Server 7.3.1 * * *
                         * * * Patch 1200 * * *
                         Patch Date: 2019-12-17


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * PACKAGES AFFECTED BY THE PATCH
   * BASE PRODUCT VERSIONS FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLATION PRE-REQUISITES
   * INSTALLING THE PATCH
   * REMOVING THE PATCH


PATCH NAME
----------
Veritas Cluster Server 7.3.1 Patch 1200


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
RHEL6 x86-64
RHEL7 x86-64
SLES11 x86-64
SLES12 x86-64


PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSvcs


BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
   * InfoScale Availability 7.3.1
   * InfoScale Enterprise 7.3.1
   * InfoScale Storage 7.3.1


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: 7.3.1.1200
* 3990607 (3990480) A node fails to join its cluster because the join version of HAD is mismatched.
Patch ID: 7.3.1.1101
* 3990607 (3990480) A node fails to join its cluster because the join version of HAD is mismatched.
Patch ID: 7.3.1.1100
* 3970171 (3970170) The Cluster Server component creates some required files in 
the /tmp and /var/tmp directories.
* 3981993 (3981992) A potentially critical security vulnerability in VCS needs to be addressed.
Patch ID: 7.3.1.003
* 3966701 (3931460) The Cluster Server component creates some required files in 
the /tmp and /var/tmp directories.
Patch ID: 7.3.1.002
* 3964064 (3951561) A service group fails to come online on a peer node, when any of the core VCS modules fails on the node on which it is currently online.
Patch ID: 7.3.1.001
* 3933946 (3866087) Local node goes to ADMIN_WAIT when the peer node leaves while
local node in REMOTE_BUILD


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:

Patch ID: 7.3.1.1200

* 3990607 (Tracking ID: 3990480)

SYMPTOM:
A node fails to join its cluster because the join version of HAD is mismatched.

DESCRIPTION:
This issue occurs only on the RHEL 6, RHEL 7, SLES 11, or SLES 12 platforms if you install the VRTSvcs-7.3.1.1100 P-patch manually or using Ansible.

RESOLUTION:
This hotifx addresses the issue by using the correct join version for HAD.

Patch ID: 7.3.1.1101

* 3990607 (Tracking ID: 3990480)

SYMPTOM:
A node fails to join its cluster because the join version of HAD is mismatched.

DESCRIPTION:
This issue occurs only on the RHEL 6, RHEL 7, SLES 11, or SLES 12 platforms if you install the VRTSvcs-7.3.1.1100 P-patch manually or using Ansible.

RESOLUTION:
This hotifx addresses the issue by using the correct join version for HAD.

Patch ID: 7.3.1.1100

* 3970171 (Tracking ID: 3970170)

SYMPTOM:
The Cluster Server component creates some required files in the /tmp 
and /var/tmp directories.

DESCRIPTION:
The Cluster Server component creates some required files in the 
/tmp and /var/tmp directories. Non-root users have access to these folders, 
and they may accidentally modify, move, or delete these files. Such actions 
may interfere with the normal functioning of Cluster Server.

RESOLUTION:
This hotfix addresses the issue by moving the required Cluster 
Server files to secure locations.

* 3981993 (Tracking ID: 3981992)

SYMPTOM:
A potentially critical security vulnerability in VCS needs to be addressed.

DESCRIPTION:
A potentially critical security vulnerability in VCS needs to be addressed.

RESOLUTION:
This hotfix addresses the security vulnerability. For details, refer to the security advisory at: https://www.veritas.com/content/support/en_US/security/VTS19-003.html

Patch ID: 7.3.1.003

* 3966701 (Tracking ID: 3931460)

SYMPTOM:
The Cluster Server component creates some required files in the /tmp 
and /var/tmp directories.

DESCRIPTION:
The Cluster Server component creates some required files in the 
/tmp and /var/tmp directories. Non-root users have access to these folders, 
and they may accidentally modify, move, or delete these files. Such actions 
may interfere with the normal functioning of Cluster Server.

RESOLUTION:
This hotfix addresses the issue by moving the required Cluster 
Server files to secure locations.

Patch ID: 7.3.1.002

* 3964064 (Tracking ID: 3951561)

SYMPTOM:
A service group fails to come online on a peer node, when any of the core VCS modules fails on the node on which it is currently online.

DESCRIPTION:
When VxFEN or GAB or LLT is stopped on a peer node, HAD clears all the auto-disabled service groups and also the timer (DelayAutoStart attribute) that is set to bring an application online. This causes the application remain offline on the peer node.

RESOLUTION:
This hotfix updates HAD to check the number of nodes that participate in the cluster when the AutoDisabled attribute of a service group is cleared. If one of the nodes has not yet joined the cluster, HAD continues to wait for the duration mention in FORCE_AUTOSTART_TIMEOUT. The application comes online after the this time has elapsed.

Patch ID: 7.3.1.001

* 3933946 (Tracking ID: 3866087)

SYMPTOM:
When peer node leaves cluster before completing snapshot, the had stuck
in ADMIN_WAIT.

DESCRIPTION:
HAd receives cluster configuration either by local build or 
snapshot from peer. If it receives from peer, and peer leaves before it
broadcasts "End ofSnapshot", the HAd stuck in ADMIN_WAIT, which indicates, that
HAD has received configuration, but not sure if it is good enough to start the
cluster.

RESOLUTION:
Now, HAd starts the cluster if an environment variable
VCS_NOADMIN_WAIT is exported. This environment variable can be added to
/opt/VRTSvcs/bin/vcsenv file on all the cluster nodes.



INSTALLING THE PATCH
--------------------
Run the Installer script to automatically install the patch:
-----------------------------------------------------------
Please be noted that the installation of this P-Patch will cause downtime.

To install the patch perform the following steps on at least one node in the cluster:
1. Copy the patch vcs-rhel7_x86_64-Patch-7.3.1.1200.tar.gz to /tmp
2. Untar vcs-rhel7_x86_64-Patch-7.3.1.1200.tar.gz to /tmp/hf
    # mkdir /tmp/hf
    # cd /tmp/hf
    # gunzip /tmp/vcs-rhel7_x86_64-Patch-7.3.1.1200.tar.gz
    # tar xf /tmp/vcs-rhel7_x86_64-Patch-7.3.1.1200.tar
3. Install the hotfix(Please be noted that the installation of this P-Patch will cause downtime.)
    # cd /tmp/hf
    # ./installVRTSvcs731P1200 [<host1> <host2>...]

You can also install this patch together with 7.3.1 base release using Install Bundles
1. Download this patch and extract it to a directory
2. Change to the Veritas InfoScale 7.3.1 directory and invoke the installer script
   with -patch_path option where -patch_path should point to the patch directory
    # ./installer -patch_path [<path to this patch>] [<host1> <host2>...]

Install the patch manually:
--------------------------
PATCH INSTALLATION INSTRUCTIONS:
--------------------------------
To install the patch perform the following steps on all nodes in the VCS cluster:
1. Stop VCS on the cluster node.
2. Install the patch.
3. Restart VCS on the node.
Stopping VCS on the cluster node
--------------------------------
To stop VCS on the cluster node:
1. Ensure that the "/opt/VRTSvcs/bin" directory is included in your PATH environment variable so that you can execute all the VCS commands. For more information, refer to the Veritas Cluster Server Installation Guide.
2. Persistently freeze all the service groups:
    # haconf -makerw   
    # hagrp -freeze [group] -persistent   
    # haconf -dump -makero
3. Stop the cluster on all nodes. If the cluster is writable, you may close the configuration before stopping the cluster. On any node, run the following command to stop the cluster:   
    # hastop -all -force
4. Verify that the cluster is stopped on all nodes:    
    # hasys -state
5. On all nodes, make sure that both the had and hashadow processes are stopped.
6. Stop the VCS CmdServer on all nodes:   
        # /opt/VRTSvcs/bin/CmdServer -stop
7. Copy the /etc/VRTSvcs/conf/config/types.cf file to /etc/VRTSvcs/conf/config/types.cf.orig.
8. Copy the /etc/VRTSvcs/conf/config/main.cf file to /etc/VRTSvcs/conf/config/main.cf.orig. 
Installing the patch
--------------------
To install the patch:
1. Log in as superuser on the system where you are installing the patch.
2. Uncompress the patch that you downloaded from Veritas.
3. Change the directory to the uncompressed patch location.
4. Install the patch using the following command:
        # rpm -Uvh VRTSvcs-7.3.1.1200-RHEL7.x86_64.rpm
5. Run the following command to verify if the new patch has been installed:
        # rpm -q VRTSvcs
    If the proper patch is installed, the following output is displayed:
        VRTSvcs-7.3.1.1200-RHEL7.x86_64
Starting VCS on the cluster node:
1. To start VCS run the following command:
        # hastart
        # /opt/VRTSvcs/bin/CmdServer
2. Make VCS cluster writable:
        # haconf -makerw
3. Unfreeze all the groups:
        # hagrp -unfreeze [group] -persistent
        # haconf -dump -makero


REMOVING THE PATCH
------------------
----------------------------------
Removal of the patch will result in removing the whole package from the system/node. To go back to a previous installed version of the package, you may need to re-install the package.
Run the following steps on the node where the patch is being uninstalled:
To remove the patch from a cluster node:
---------------------------------------------
1. Freeze all the service groups persistently.
        # haconf -makerw
        # hagrp -freeze [group] -persistent
2. Stop VCS on the node by running the following command:
    # hastop -all -force
3. Stop the VCS CmdServer
    #/opt/VRTSvcs/bin/CmdServer -stop
4. Remove the patch by using the following command:
        # rpm -e VRTSvcs
5. Verify that the patch has been removed from the system:
        # rpm -qa|grep VRTSvcs
   Ensure that the package is not be displayed. This confirms that the package is removed.
6. Install the relevant package from the VCS base media. Also refer to SORT for any applicable patches.
7. To start the cluster service, run the following command first on one node:
    # hastart
    On all the other nodes, start VCS by issuing the hastart command after the first node's state changes to LOCAL_BUILD or RUNNING.
8. Unfreeze all the service groups:
    # haconf -makerw
    # hagrp -unfreeze [group] -persistent
    # haconf -dump -makero
9. Start the VCS CmdServer on all nodes
    # /opt/VRTSvcs/bin/CmdServer


SPECIAL INSTRUCTIONS
--------------------
NONE


OTHERS
------
NONE
Read and accept Terms of Service