Klaus Wenninger napsal(a):
On 1/15/20 12:31 PM, Raffaele Pantaleoni wrote:
Hello,
I'm trying to setup a cluster made up by three servers.
Two of them runs on Debian 10 and they are already part of the cluster
and marked online.
I can't join the third machine running on Debian 9.
I can see the following error when trying to authenticate the third
machine:
pcs host auth vracktenjin
Username: hacluster
Password:
Running: /usr/bin/ruby -I/usr/share/pcsd/ /usr/share/pcsd/pcsd-cli.rb auth
Environment:
HOME=/root
LANG=en_US.UTF-8
LC_ALL=C
LOGNAME=root
MAIL=/var/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PCSD_DEBUG=true
PCSD_NETWORK_TIMEOUT=60
PWD=/root
SHELL=/bin/bash
SHLVL=1
SSH_CLIENT=xx.xx.xx.xx 1612 22
SSH_CONNECTION=xx.xx.xx.xx 1612 46.105.107.214 22
SSH_TTY=/dev/pts/0
TERM=xterm
USER=root
XDG_RUNTIME_DIR=/run/user/0
XDG_SESSION_CLASS=user
XDG_SESSION_ID=19
XDG_SESSION_TYPE=tty
_=/usr/sbin/pcs
--Debug Input Start--
{"nodes": {"vracktenjin": {"dest_list": [{"addr": "vracktenjin",
"port": 2224}], "username": "hacluster", "password": "INE -> S_IDLE |
input=I_TE_SUCCESS cause=C_FSA_INTERNAL origin=notify_crmd"}}}
--Debug Input End--
Finished running: /usr/bin/ruby -I/usr/share/pcsd/
/usr/share/pcsd/pcsd-cli.rb auth
Return value: 0
--Debug Stdout Start--
{
"status": "ok",
"data": {
"auth_responses": {
"vracktenjin": {
"status": "noresponse"
}
},
"sync_successful": true,
"sync_nodes_err": [
],
"sync_responses": {
}
},
"log": [
"I, [2020-01-15T11:22:20.649294 #17621] INFO -- : PCSD Debugging
enabled\n",
"D, [2020-01-15T11:22:20.649320 #17621] DEBUG -- : Detected
systemd is in use\n",
"I, [2020-01-15T11:22:20.699475 #17621] INFO -- : Connecting to:
https://vracktenjin:2224/remote/auth\n";,
"I, [2020-01-15T11:22:20.704920 #17621] INFO -- : No response
from: vracktenjin request: auth, error: ssl_connect_error\n"
]
}
--Debug Stdout End--
--Debug Stderr Start--
--Debug Stderr End--
Error: Unable to communicate with vracktenjin
And the follwing error on the target machine pcsd.log file:
ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0
state=error: sslv3 alert handshake failure
/usr/lib/ruby/2.3.0/openssl/ssl.rb:404:in `accept'
Debian 10 versions:
corosync 3.0.1
pacemaker 2.0.1
Debian 9 versions:
corosync 2.4.2
pacemaker 1.1.6
Any hints?
What you are seeing looks like issues of different versions
of pcsd connecting.
But even if that would work this version mix wouldn't
make you happy.
Left alone corosync 2 & 3 afaik aren't wire-compatible
even if you are using udpu on 3 (knet recommended).
In general key-requirements have been raised with
pacemaker 2 and, and, ....
Only place where you might be able to mix these
versions is if you are e.g. using Debian 10 for the
cluster-nodes and Debian 9 on a remote node.
And/or qnetd node. But even there may be problems with enabled/supported
crypto ciphers/key lengths/...
Regards,
Honza
Regards,
Klaus
(I previously setup a six machines test plant with no errors like this
one. All those machines are running on Debian 9)
Thank you!
Raffaele Pantaleoni
/
/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
