New Function and Changes in Behavior
- This xCAT 2.7.9 release is based on the xCAT 2.7.8 release with some bug fixes and security fixes.
It was tested on AIX 7.1 TL3 SP4 although it should work correctly on the previously supported linux versions.
- xCATd has a solution for the POODLE security issue. 4628 Two new site table attributes have been added to xCAT 2.7.9: xcatsslversion and xcatsslciphers. To enable these attributes on AIX set them as follows:
chtab key=xcatsslversion site.value=TLSv1_2
chtab key=xcatsslciphers site.value=kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!EXPORT:!CAMELLIA:!ECDH
- to support AIX 7.1.3 and POODLE you need to install the latest AIX deps package. These rpms support openssl 184.108.40.2063 and later for AIX 7.1.3. Installing the new xcat-dep ( instoss) will upgrade the package. http://sourceforge.net/projects/xcat/files/xcat-dep/2.x_AIX/dep-aix-201505060154.tar.gz/download
AIX: 7.1 TL3 SP4
Linux: Not tested
Key Bug fixes
- POODLE support for xcatd 4628
- rspconfig --resetnet now correctly works. 3812
- syncfiles postscript on AIX now works correctly on nodes that have a service node. 4662. Note that the syncfile and the files to be sync-ed need to be pushed to the service node if they have been updated on the management node prior to booting the node.
- xcatd now processes the policy table correctly. 4530
Restrictions and Known Problems
- NFS based statelite cannot configure bond0 in confighfi postscript. 3939. This is from xCAT 2.7.8.
- lsslp unicast doesn't support AIX as reported in xCAT 2.7.8
- makedhcp -n on AIX does not put out a warning message when incorrect name is specified in the site->dhcpinterfaces attribute. 4661