On Mon, Sep 28, 2009 at 5:38 PM, Alexander Bodnarashik <[email protected]> wrote: > Thanks for the fix :) > I've checked out > http://hg.clusterlabs.org/pacemaker/stable-1.0/rev/05c8b63cbca7 > Now ports are open. > > I've encountered other problem though. > I have 2 boxes in cluster - box1 and box2. Third box, not in cluster, is > named farm. > All of them are running Gentoo.
All have the same version of pacemaker? > Cluster stack - openais-1.0.1 > > Trying to issue cibadmin -Q from farm: > 1234 - plain port >> >> CIB_server=box1.cluster CIB_port=1234 cibadmin -Q So a couple of things here (that you couldn't possibly be expected to know, sorry, i forgot to mention them at the time)... You need to set CIB_user to the user than the remote node runs the CIB as (eg. hacluster) For plaintext connections, you need to set CIB_encrypted=false Actually that first one needs to be the default (since non-root daemons can only do PAM authentication for the user they're running as). >> Password: >> cibadmin: Connection to box1.cluster:1234 failed: >> Signon to CIB failed: >> Init failed, could not perform requested operations > > and exits immediately > > 12345 - tls port >> >> CIB_server=box1.cluster CIB_port=12345 cibadmin -Q >> Password: >> > > and it freezes. In logs on box1 i can see following: >> >> Sep 28 18:03:30 box1 cib: [3342]: ERROR: crm_xml_err: XML Error: Entity: >> line 1: parsererror : Start tag expected, '<' not found >> Sep 28 18:03:30 box1 cib: [3342]: ERROR: crm_xml_err: XML Error: >> Sep 28 18:03:30 box1 cib: [3342]: ERROR: crm_xml_err: XML Error: ^ >> Sep 28 18:03:30 box1 cib: [3342]: WARN: string2xml: Parsing failed >> (domain=1, level=3, code=4): Start tag expected, '<' not found >> Sep 28 18:03:30 box1 cib: [3342]: ERROR: string2xml: Couldn't parse 3 >> chars: >> Sep 28 18:03:30 box1 cib: [3342]: ERROR: cib_recv_remote_msg: Couldn't >> parse: '' > > After that i'm unable to run on box1 neither crm_mon (writes Attempting > connection to the cluster...) nor cibadmin -Q - it waits for a while and > then writes following: >> >> Signon to CIB failed: reply failed >> Init failed, could not perform requested operations Thats very disturbing. Can you try running the CIB under valgrind to see if it reports anything or interest? export HA_VALGRIND_ENABLED=cib export VALGRIND_OPTS="--log-file=/tmp/pacemaker-%p.valgrind --leak-check=full --show-reachable=yes --trace-children=no --num-callers=25" install valgrind then start the cluster > > On box2 crm_mon runs, but it doesn't reflect changes in cluster. running > cibadmin -Q waits for a while, then shows following: >> >> Call cib_query failed (-41): Remote node did not respond >> <null> > > Finally, in a few minutes i've found errors in logs (i think they are caused > by my attempt to connect to cluster remotely), so attaching. > > Thanks. > > On Sep 21, 2009, at 13:53, Andrew Beekhof wrote: > >> I had a look at this, and basically I broke the initialization. >> I'll fix this today for 1.0.6 >> >> On Thu, Sep 10, 2009 at 10:05 PM, Andrew Beekhof <[email protected]> >> wrote: >>> >>> Strange. I'll take a look on monday (after my vacation). >>> >>> On Wed, Sep 9, 2009 at 10:30 AM, Alexander >>> Bodnarashik<[email protected]> wrote: >>>> >>>> On Sep 08, 2009, at 09:26, Andrew Beekhof wrote: >>>> >>>>> On Fri, Sep 4, 2009 at 5:35 PM, Alexander >>>>> Bodnarashik<[email protected]> >>>>> wrote: >>>>>> >>>>>> Hi. I'm trying to enable remote connections to cluster, but with no >>>>>> luck, netstat does not show those ports as opened, logs tell me >>>>>> nothing as well. >>>>> >>>>> Were those port values in the CIB when the cluster started? If not, >>>>> restart the cluster software. >>>>> Otherwise, check if TLS support was enabled when you built pacemaker. >>>> >>>> Both port values were set before cluster started. >>>> >>>> I didn't find tls-related options in pacemaker "./configure". But tls >>>> was >>>> found on system during configure script run: >>>> ... >>>> checking gnutls/gnutls.h usability... yes >>>> checking gnutls/gnutls.h presence... yes >>>> checking for gnutls/gnutls.h... yes >>>> checking for security/pam_appl.h... (cached) yes >>>> checking for pam/pam_appl.h... (cached) no >>>> checking for libgnutls-config... /usr/bin/libgnutls-config >>>> checking for gnutls header flags... -I/usr/include >>>> checking for gnutls library flags... -L/usr/lib -lgnutls -lgcrypt >>>> -lgpg-error >>>> ... >>>> >>>> also cibadmin linked against gnutls: >>>> ldd `which cibadmin`|grep tls >>>> libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7fc5000) >>>> So i suppose that tls is enabled. >>>> >>>> I'm also attaching logs, corosync config and cib. >>>> Thanks. >>>> >>>> >>>> >>>> _______________________________________________ >>>> Linux-HA mailing list >>>> [email protected] >>>> http://lists.linux-ha.org/mailman/listinfo/linux-ha >>>> See also: http://linux-ha.org/ReportingProblems >>>> >>> >> _______________________________________________ >> Linux-HA mailing list >> [email protected] >> http://lists.linux-ha.org/mailman/listinfo/linux-ha >> See also: http://linux-ha.org/ReportingProblems > > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
