SASL mechanism issue with HA

Hari Pyla Fri, 11 Apr 2014 10:25:19 -0700

Hi,

I have an active-passive HA setup currently configured without anyauthentication (auth=no) and allow all in the ACL and things work asexpected.However, when I enable authentication and configure ACL, I find thefollowing error messages from the C++ broker.I was wondering if I am missing something or if my configuration isincorrect.


===error message ===
Apr 11 11:53:09 guest-3 qpidd[26319]: No worthy mechs found

Apr 11 11:53:09 guest-3 qpidd[26319]: 2014-04-11 11:53:09 [HA] infoChecking status of amqp:tcp:192.168.10.194:5672: internal-error: Saslerror: SASL(-4): no mechanism available: No worthy mechs found(qpid/SaslFactory.cpp:280)


===configuration===
i) Qpid version: 0.18

ii) Qpid configuration (/etc/qpidd.conf)
acl-file=/etc/qpid/qpidd.acl
auth=yes
realm=QPID
load-module=/usr/lib64/qpid/daemon/acl.so
load-module=/usr/lib64/qpid/daemon/ssl.so
load-module=/usr/lib64/qpid/daemon/ha.so
no-data-dir=yes
log-to-stderr=no
log-enable=debug+:HA
log-to-syslog=yes
ha-cluster=yes
ha-brokers-url=192.168.10.194
ha-public-url=192.168.10.195
ha-replicate=all
ha-queue-replication=yes
ha-username=test
ha-password=test
ha-mechanism=PLAIN

iii) ACL file (/etc/qpid/qpidd.acl)
acl allow test@QPID all all

iv) SASL config file (/etc/sasl2/qpidd.conf)
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/qpidd/qpidd.sasldb
#mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
mech_list: PLAIN

v) user entry in sasldb
# saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID test
# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb
test@QPID: userPassword

vi) permissions/ownership of sasldb (/var/lib/qpidd/qpidd.sasldb)
-rw-------. 1 qpidd qpidd 12288 Apr 10 18:26 /var/lib/qpidd/qpidd.sasldb

===complete log ====
Apr 11 13:20:37 guest-1 kernel: DLM (built Aug 28 2013 17:20:52) installed

Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Corosync ClusterEngine ('1.4.1'): started and ready to provide service.Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Corosync built-infeatures: nss dbus rdma snmpApr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Successfully readconfig from /etc/cluster/cluster.confApr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Successfully parsedcman configApr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] Initializingtransport (UDP/IP Multicast).Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] Initializingtransmit/receive security: libtomcrypt SOBER128/SHA1HMAC (mode 0).Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] The networkinterface [192.168.10.125] is now up.Apr 11 13:20:37 guest-1 corosync[28310]: [QUORUM] Using quorumprovider quorum_cmanApr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync cluster quorum service v0.1Apr 11 13:20:37 guest-1 corosync[28310]: [CMAN ] CMAN 3.0.12.1 (builtDec 9 2013 10:48:35) startedApr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync CMAN membership service 2.90Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: openais checkpoint service B.01.01Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync extended virtual synchrony serviceApr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync configuration serviceApr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync cluster closed process group service v1.01Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync cluster config database access v1.01Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync profile loading serviceApr 11 13:20:37 guest-1 corosync[28310]: [QUORUM] Using quorumprovider quorum_cmanApr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engineloaded: corosync cluster quorum service v0.1Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Compatibility modeset to whitetank. Using V1 and V2 of the synchronization engine.Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] A processor joinedor left the membership and a new membership was formed.

Apr 11 13:20:37 guest-1 corosync[28310]:   [QUORUM] Members[1]: 1
Apr 11 13:20:37 guest-1 corosync[28310]:   [QUORUM] Members[1]: 1

Apr 11 13:20:37 guest-1 corosync[28310]: [CPG ] chosen downlist:sender r(0) ip(192.168.10.125) ; members(old:0 left:0)Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Completed servicesynchronization, ready to provide service.Apr 11 13:20:41 guest-1 corosync[28310]: [TOTEM ] A processor joinedor left the membership and a new membership was formed.Apr 11 13:20:41 guest-1 corosync[28310]: [CMAN ] quorum regained,resuming activityApr 11 13:20:41 guest-1 corosync[28310]: [QUORUM] This node is withinthe primary component and will provide service.

Apr 11 13:20:41 guest-1 corosync[28310]:   [QUORUM] Members[2]: 1 2
Apr 11 13:20:41 guest-1 corosync[28310]:   [QUORUM] Members[2]: 1 2

Apr 11 13:20:41 guest-1 corosync[28310]: [CPG ] chosen downlist:sender r(0) ip(192.168.10.125) ; members(old:1 left:0)Apr 11 13:20:41 guest-1 corosync[28310]: [MAIN ] Completed servicesynchronization, ready to provide service.

Apr 11 13:20:41 guest-1 fenced[28366]: fenced 3.0.12.1 started
Apr 11 13:20:41 guest-1 dlm_controld[28383]: dlm_controld 3.0.12.1 started
Apr 11 13:20:41 guest-1 gfs_controld[28435]: gfs_controld 3.0.12.1 started
Apr 11 13:20:42 guest-1 kernel: dlm: Using TCP for communications
Apr 11 13:20:42 guest-1 modclusterd: startup succeeded
Apr 11 13:20:42 guest-1 ricci: startup succeeded

Apr 11 13:20:44 guest-1 corosync[28310]: [TOTEM ] A processor joinedor left the membership and a new membership was formed.

Apr 11 13:20:44 guest-1 corosync[28310]:   [QUORUM] Members[3]: 1 2 3
Apr 11 13:20:44 guest-1 corosync[28310]:   [QUORUM] Members[3]: 1 2 3

Apr 11 13:20:44 guest-1 corosync[28310]: [CPG ] chosen downlist:sender r(0) ip(192.168.10.125) ; members(old:2 left:0)Apr 11 13:20:44 guest-1 corosync[28310]: [MAIN ] Completed servicesynchronization, ready to provide service.

Apr 11 13:20:47 guest-1 fenced[28366]: fencing node guest-3

Apr 11 13:20:47 guest-1 fenced[28366]: fence guest-3 dev 0.0 agent noneresult: error no method

Apr 11 13:20:47 guest-1 fenced[28366]: fence guest-3 failed
Apr 11 13:20:50 guest-1 kernel: dlm: connecting to 3
Apr 11 13:20:50 guest-1 kernel: dlm: connecting to 2
Apr 11 13:20:50 guest-1 kernel: dlm: got connection from 3
Apr 11 13:20:50 guest-1 kernel: dlm: got connection from 2
Apr 11 13:20:50 guest-1 rgmanager[28530]: I am node #1
Apr 11 13:20:50 guest-1 rgmanager[28530]: Resource Group Manager Starting
Apr 11 13:20:50 guest-1 rgmanager[28530]: Loading Service Data
Apr 11 13:20:52 guest-1 rgmanager[28530]: Initializing Services

Apr 11 13:20:52 guest-1 rgmanager[29521]: [script] Executing/etc/init.d/qpidd stopApr 11 13:20:52 guest-1 rgmanager[29562]: [script] Executing/etc/init.d/qpidd stopApr 11 13:20:52 guest-1 rgmanager[29610]: [script] Executing/etc/init.d/qpidd stopApr 11 13:20:52 guest-1 rgmanager[29621]: [script] Executing/etc/init.d/qpidd-primary stop

Apr 11 13:20:52 guest-1 rgmanager[28530]: Services Initialized
Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: Local UP
Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: guest-2 UP

Apr 11 13:20:53 guest-1 rgmanager[28530]: Starting stopped serviceservice:guest-1-qpidd-serviceApr 11 13:20:53 guest-1 rgmanager[29767]: [script] Executing/etc/init.d/qpidd startApr 11 13:20:53 guest-1 rgmanager[28530]: Markingservice:guest-3-qpidd-service as stopped: Restricted domain unavailableApr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] infoRegistered replication exchangeApr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] noticeBroker: Initializing: guest-1:5672(joining)Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] infoBackup: Connecting to cluster, broker URL: amqp:tcp:192.168.10.194:5672Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] infoBroker: Brokers URL set to: amqp:tcp:192.168.10.194:5672Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] infoBroker: Membership: guest-1:5672(joining)Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] infoReplication queue panic overflow disabled

Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: guest-3 UP

Apr 11 13:20:53 guest-1 rgmanager[28530]: Serviceservice:guest-1-qpidd-service started

Apr 11 13:20:56 guest-1 qpidd[29794]: No worthy mechs found

Apr 11 13:20:56 guest-1 qpidd[29794]: 2014-04-11 13:20:56 [HA] infoChecking status of amqp:tcp:192.168.10.194:5672: internal-error: Saslerror: SASL(-4): no mechanism available: No worthy mechs found(qpid/SaslFactory.cpp:280)Apr 11 13:21:23 guest-1 rgmanager[29854]: [script] Executing/etc/init.d/qpidd statusApr 11 13:21:25 guest-1 rgmanager[28530]: Recovering failed serviceservice:qpidd-primary-serviceApr 11 13:21:25 guest-1 rgmanager[29932]: [ip] Adding IPv4 address192.168.10.194/24 to eth0Apr 11 13:21:28 guest-1 rgmanager[30052]: [ip] Adding IPv4 address192.168.10.195/24 to eth0Apr 11 13:21:31 guest-1 rgmanager[30129]: [script] Executing/etc/init.d/qpidd-primary start

Apr 11 13:21:31 guest-1 python: No worthy mechs found

Apr 11 13:21:31 guest-1 rgmanager[30192]: [script] script:qpidd-primary:start of /etc/init.d/qpidd-primary failed (returned 1)Apr 11 13:21:31 guest-1 rgmanager[28530]: start on script"qpidd-primary" returned 1 (generic error)Apr 11 13:21:32 guest-1 rgmanager[28530]: #68: Failed to startservice:qpidd-primary-service; return value: 1Apr 11 13:21:32 guest-1 rgmanager[28530]: Stopping serviceservice:qpidd-primary-serviceApr 11 13:21:32 guest-1 rgmanager[30221]: [script] Executing/etc/init.d/qpidd-primary stopApr 11 13:21:32 guest-1 qpidd[29794]: 2014-04-11 13:21:32 [HA] noticeBroker: Shut downApr 11 13:21:32 guest-1 rgmanager[30288]: [ip] Removing IPv4 address192.168.10.195/24 from eth0Apr 11 13:21:42 guest-1 rgmanager[30352]: [ip] Removing IPv4 address192.168.10.194/24 from eth0Apr 11 13:21:52 guest-1 rgmanager[28530]: Serviceservice:qpidd-primary-service is recoveringApr 11 13:21:53 guest-1 rgmanager[30404]: [script] Executing/etc/init.d/qpidd statusApr 11 13:21:53 guest-1 rgmanager[30432]: [script] script:qpidd: statusof /etc/init.d/qpidd failed (returned 3)Apr 11 13:21:53 guest-1 rgmanager[28530]: status on script "qpidd"returned 1 (generic error)Apr 11 13:21:53 guest-1 rgmanager[28530]: Stopping serviceservice:guest-1-qpidd-serviceApr 11 13:21:53 guest-1 rgmanager[30461]: [script] Executing/etc/init.d/qpidd stopApr 11 13:21:53 guest-1 rgmanager[28530]: Serviceservice:guest-1-qpidd-service is recoveringApr 11 13:21:53 guest-1 rgmanager[28530]: Recovering failed serviceservice:guest-1-qpidd-serviceApr 11 13:21:53 guest-1 rgmanager[30504]: [script] Executing/etc/init.d/qpidd startApr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] infoRegistered replication exchangeApr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] noticeBroker: Initializing: guest-1:5672(joining)Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] infoBackup: Connecting to cluster, broker URL: amqp:tcp:192.168.10.194:5672Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] infoBroker: Brokers URL set to: amqp:tcp:192.168.10.194:5672Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] infoBroker: Membership: guest-1:5672(joining)Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] infoReplication queue panic overflow disabledApr 11 13:21:53 guest-1 rgmanager[28530]: Serviceservice:guest-1-qpidd-service started

Apr 11 13:21:56 guest-1 qpidd[30530]: No worthy mechs found

Apr 11 13:21:56 guest-1 qpidd[30530]: 2014-04-11 13:21:56 [HA] infoChecking status of amqp:tcp:192.168.10.194:5672: internal-error: Saslerror: SASL(-4): no mechanism available: No worthy mechs found(qpid/SaslFactory.cpp:280)Apr 11 13:22:23 guest-1 rgmanager[30589]: [script] Executing/etc/init.d/qpidd status



Any ideas?

Thanks,
--Hari

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

SASL mechanism issue with HA

Reply via email to