[Bug 1584365] [NEW] pcs cluster auth unable to connect

ndsipa pomu Sat, 21 May 2016 09:56:29 -0700

Public bug reported:

After installing PCS on (x)Ubuntu 16.04, I'm unable to successfully run "pcs 
auth cluster".
I was following the documentation from 
http://clusterlabs.org/doc/en-US/Pacemaker/1.1-pcs/html/Clusters_from_Scratch/_enable_pcs_daemon.html


To reproduce:

install Ubuntu 16.04
set up networking
install pcs: apt-get -y install pcs
start pcsd: systemctl start pcsd
(optionally enable it on boot: systemctl enable pcsd)
set password for "hacluster": passwd hacluster
attempt cluster authorisation (which fails): pcs cluster auth <hostname>

example:
root@uk01pvmh020:~# pcs cluster auth uk01pvmh020 
Username: hacluster
Password: 
Error: Unable to communicate with uk01pvmh020
root@uk01pvmh020:~# 

Following the same procedure with RHEL7 actually works, so as a
workaround I could eschew the use of Ubuntu for clustering services (am
looking to get clvm working).

Here's the output with "--debug" enabled:

root@uk01pvmh020:~# pcs --debug cluster auth uk01pvmh020 
Running: /usr/bin/ruby -I/usr/share/pcsd/ /usr/share/pcsd/pcsd-cli.rb 
read_tokens
--Debug Input Start--
{}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
  "status": "ok",
  "data": {
  },
  "log": [
    "I, [2016-05-21T17:38:52.731105 #14594]  INFO -- : PCSD Debugging 
enabled\n",
    "D, [2016-05-21T17:38:52.731174 #14594] DEBUG -- : Did not detect RHEL 6\n",
    "I, [2016-05-21T17:38:52.731207 #14594]  INFO -- : Running: 
/usr/sbin/corosync-cmapctl totem.cluster_name\n",
    "I, [2016-05-21T17:38:52.731229 #14594]  INFO -- : CIB USER: hacluster, 
groups: \n",
    "D, [2016-05-21T17:38:52.740894 #14594] DEBUG -- : [\"totem.cluster_name 
(str) = debian\\n\"]\n",
    "D, [2016-05-21T17:38:52.741017 #14594] DEBUG -- : []\n",
    "D, [2016-05-21T17:38:52.741059 #14594] DEBUG -- : Duration: 
0.009645066s\n",
    "I, [2016-05-21T17:38:52.741155 #14594]  INFO -- : Return Value: 0\n",
    "W, [2016-05-21T17:38:52.741423 #14594]  WARN -- : Cannot read config 
'tokens' from '/var/lib/pcsd/tokens': No such file or directory @ rb_sysopen - 
/var/lib/pcsd/tokens\n",
    "E, [2016-05-21T17:38:52.741508 #14594] ERROR -- : Unable to parse tokens 
file: A JSON text must at least contain two octets!\n"
  ]
}
--Debug Output End--

Sending HTTP Request to: https://uk01pvmh020:2224/remote/check_auth
Data: None
Response Reason: Tunnel connection failed: 403 Forbidden
Username: hacluster
Password: 
Running: /usr/bin/ruby -I/usr/share/pcsd/ /usr/share/pcsd/pcsd-cli.rb auth
--Debug Input Start--
{"username": "hacluster", "local": false, "nodes": ["uk01pvmh020"], "password": 
"retsulcah", "force": false}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
  "status": "ok",
  "data": {
    "auth_responses": {
      "uk01pvmh020": {
        "status": "noresponse"
      }
    },
    "sync_successful": true,
    "sync_nodes_err": [

    ],
    "sync_responses": {
    }
  },
  "log": [
    "I, [2016-05-21T17:39:00.392737 #14611]  INFO -- : PCSD Debugging 
enabled\n",
    "D, [2016-05-21T17:39:00.392806 #14611] DEBUG -- : Did not detect RHEL 6\n",
    "I, [2016-05-21T17:39:00.392838 #14611]  INFO -- : Running: 
/usr/sbin/corosync-cmapctl totem.cluster_name\n",
    "I, [2016-05-21T17:39:00.392860 #14611]  INFO -- : CIB USER: hacluster, 
groups: \n",
    "D, [2016-05-21T17:39:00.402354 #14611] DEBUG -- : [\"totem.cluster_name 
(str) = debian\\n\"]\n",
    "D, [2016-05-21T17:39:00.402461 #14611] DEBUG -- : []\n",
    "D, [2016-05-21T17:39:00.402513 #14611] DEBUG -- : Duration: 
0.009475549s\n",
    "I, [2016-05-21T17:39:00.402595 #14611]  INFO -- : Return Value: 0\n",
    "W, [2016-05-21T17:39:00.403098 #14611]  WARN -- : Cannot read config 
'tokens' from '/var/lib/pcsd/tokens': No such file or directory @ rb_sysopen - 
/var/lib/pcsd/tokens\n",
    "E, [2016-05-21T17:39:00.403238 #14611] ERROR -- : Unable to parse tokens 
file: A JSON text must at least contain two octets!\n",
    "I, [2016-05-21T17:39:00.403273 #14611]  INFO -- : SRWT Node: uk01pvmh020 
Request: check_auth\n",
    "E, [2016-05-21T17:39:00.403298 #14611] ERROR -- : Unable to connect to 
node uk01pvmh020, no token available\n",
    "I, [2016-05-21T17:39:00.409109 #14611]  INFO -- : No response from: 
uk01pvmh020 request: /auth, exception: 403 \"Forbidden\"\n"
  ]
}
--Debug Output End--

Error: Unable to communicate with uk01pvmh020
root@uk01pvmh020:~# 


For reference, here's the debug output from a RHEL7/OL7 machine:

[root@uk01vort003 pcsd]# pcs --debug cluster auth uk01vort003
Running: /usr/bin/ruby -I/usr/lib/pcsd/ /usr/lib/pcsd/pcsd-cli.rb read_tokens
--Debug Input Start--
{}
--Debug Input End--

Return Value: 0
--Debug Output Start--
{
  "status": "ok",
  "data": {
  },
  "log": [
    "I, [2016-05-21T17:43:55.516093 #28868]  INFO -- : PCSD Debugging 
enabled\n",
    "D, [2016-05-21T17:43:55.516217 #28868] DEBUG -- : Did not detect RHEL 6\n",
    "I, [2016-05-21T17:43:55.516290 #28868]  INFO -- : Running: 
/usr/sbin/corosync-cmapctl totem.cluster_name\n",
    "I, [2016-05-21T17:43:55.516361 #28868]  INFO -- : CIB USER: hacluster, 
groups: \n",
    "D, [2016-05-21T17:43:55.520897 #28868] DEBUG -- : []\n",
    "D, [2016-05-21T17:43:55.520995 #28868] DEBUG -- : Duration: 
0.004518704s\n",
    "I, [2016-05-21T17:43:55.521117 #28868]  INFO -- : Return Value: 1\n",
    "W, [2016-05-21T17:43:55.521284 #28868]  WARN -- : Cannot read config 
'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - 
/etc/corosync/corosync.conf\n",
    "W, [2016-05-21T17:43:55.521740 #28868]  WARN -- : Cannot read config 
'tokens' from '/var/lib/pcsd/tokens': No such file or directory - 
/var/lib/pcsd/tokens\n",
    "E, [2016-05-21T17:43:55.521844 #28868] ERROR -- : Unable to parse tokens 
file: A JSON text must at least contain two octets!\n"
  ]
}

--Debug Output End--

Sending HTTP Request to: https://uk01vort003:2224/remote/check_auth
Data: None
Response Reason: Tunnel connection failed: 403 Forbidden
Username: hacluster
Password: 
Running: /usr/bin/ruby -I/usr/lib/pcsd/ /usr/lib/pcsd/pcsd-cli.rb auth
--Debug Input Start--
{"username": "hacluster", "local": false, "nodes": ["uk01vort003"], "password": 
"retsulcah", "force": false}
--Debug Input End--

Return Value: 0
--Debug Output Start--
{
  "status": "ok",
  "data": {
    "auth_responses": {
      "uk01vort003": {
        "status": "ok",
        "token": "0d262df4-7f1b-4687-acc2-73e1febec81d"
      }
    },
    "sync_successful": true,
    "sync_nodes_err": [

    ],
    "sync_responses": {
    }
  },
  "log": [
    "I, [2016-05-21T17:44:02.473670 #28892]  INFO -- : PCSD Debugging 
enabled\n",
    "D, [2016-05-21T17:44:02.473833 #28892] DEBUG -- : Did not detect RHEL 6\n",
    "I, [2016-05-21T17:44:02.473904 #28892]  INFO -- : Running: 
/usr/sbin/corosync-cmapctl totem.cluster_name\n",
    "I, [2016-05-21T17:44:02.473974 #28892]  INFO -- : CIB USER: hacluster, 
groups: \n",
    "D, [2016-05-21T17:44:02.480170 #28892] DEBUG -- : []\n",
    "D, [2016-05-21T17:44:02.480552 #28892] DEBUG -- : Duration: 
0.006169278s\n",
    "I, [2016-05-21T17:44:02.480737 #28892]  INFO -- : Return Value: 1\n",
    "W, [2016-05-21T17:44:02.481035 #28892]  WARN -- : Cannot read config 
'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - 
/etc/corosync/corosync.conf\n",
    "W, [2016-05-21T17:44:02.481756 #28892]  WARN -- : Cannot read config 
'tokens' from '/var/lib/pcsd/tokens': No such file or directory - 
/var/lib/pcsd/tokens\n",
    "E, [2016-05-21T17:44:02.481865 #28892] ERROR -- : Unable to parse tokens 
file: A JSON text must at least contain two octets!\n",
    "I, [2016-05-21T17:44:02.481918 #28892]  INFO -- : SRWT Node: uk01vort003 
Request: check_auth\n",
    "E, [2016-05-21T17:44:02.481959 #28892] ERROR -- : Unable to connect to 
node uk01vort003, no token available\n",
    "I, [2016-05-21T17:44:02.733483 #28892]  INFO -- : Running: /usr/sbin/pcs 
status nodes corosync\n",
    "I, [2016-05-21T17:44:02.733897 #28892]  INFO -- : CIB USER: hacluster, 
groups: \n",
    "D, [2016-05-21T17:44:02.910480 #28892] DEBUG -- : []\n",
    "D, [2016-05-21T17:44:02.910700 #28892] DEBUG -- : Duration: 
0.176567846s\n",
    "I, [2016-05-21T17:44:02.910799 #28892]  INFO -- : Return Value: 1\n",
    "W, [2016-05-21T17:44:02.911164 #28892]  WARN -- : Cannot read config 
'tokens' from '/var/lib/pcsd/tokens': No such file or directory - 
/var/lib/pcsd/tokens\n",
    "E, [2016-05-21T17:44:02.911296 #28892] ERROR -- : Unable to parse tokens 
file: A JSON text must at least contain two octets!\n",
    "I, [2016-05-21T17:44:02.912068 #28892]  INFO -- : Saved config 'tokens' 
version 1 a71824b42061fbb2a08f42069a4285ddbb8f8040 to '/var/lib/pcsd/tokens'\n"
  ]
}

--Debug Output End--

uk01vort003: Authorized
[root@uk01vort003 pcsd]# 


Whilst investigating, I came across an issue with Ruby not using IPv4
connections, so I have tried to force IPv4 by editing
/usr/share/pcsd/ssl.rb but even when I force it to use IPv4 for port
2224, it still doesn't work.

** Affects: ubuntu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1584365

Title:
  pcs cluster auth unable to connect

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1584365/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1584365] [NEW] pcs cluster auth unable to connect

Reply via email to