Re: SASL mechanism issue with HA

Pavel Moravec Mon, 14 Apr 2014 05:37:09 -0700

Hi,
do you have cyrus-sasl-plain and cyrus-sasl packages installed?

Also to narrow down your investigation, you could try enable authentication and 
use PLAIN authentication from a client, to skip HA part of your scenario. I.e. 
to have consumer with connection option like:


"{ username: 'test', password: 'testPassword', sasl-mechanism: 'PLAIN' }"


Hope that helps.

Kind regards,
Pavel


----- Original Message -----
> From: "Hari Pyla" <[email protected]>
> To: [email protected]
> Sent: Friday, April 11, 2014 7:24:02 PM
> Subject: SASL mechanism issue with HA
> 
> Hi,
>   I have an active-passive HA setup currently configured without any
> authentication (auth=no) and allow all in the ACL and things work as
> expected.
> However, when I enable authentication and configure ACL, I find the
> following error messages from the C++ broker.
> I was wondering if I am missing something or if my configuration is
> incorrect.
> 
> ===error message ===
> Apr 11 11:53:09 guest-3 qpidd[26319]: No worthy mechs found
> Apr 11 11:53:09 guest-3 qpidd[26319]: 2014-04-11 11:53:09 [HA] info
> Checking status of amqp:tcp:192.168.10.194:5672: internal-error: Sasl
> error: SASL(-4): no mechanism available: No worthy mechs found
> (qpid/SaslFactory.cpp:280)
> 
> ===configuration===
> i) Qpid version: 0.18
> 
> ii) Qpid configuration (/etc/qpidd.conf)
> acl-file=/etc/qpid/qpidd.acl
> auth=yes
> realm=QPID
> load-module=/usr/lib64/qpid/daemon/acl.so
> load-module=/usr/lib64/qpid/daemon/ssl.so
> load-module=/usr/lib64/qpid/daemon/ha.so
> no-data-dir=yes
> log-to-stderr=no
> log-enable=debug+:HA
> log-to-syslog=yes
> ha-cluster=yes
> ha-brokers-url=192.168.10.194
> ha-public-url=192.168.10.195
> ha-replicate=all
> ha-queue-replication=yes
> ha-username=test
> ha-password=test
> ha-mechanism=PLAIN
> 
> iii) ACL file (/etc/qpid/qpidd.acl)
> acl allow test@QPID all all
> 
> iv) SASL config file (/etc/sasl2/qpidd.conf)
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /var/lib/qpidd/qpidd.sasldb
> #mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
> mech_list: PLAIN
> 
> v) user entry in sasldb
> # saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID test
> # sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb
> test@QPID: userPassword
> 
> vi) permissions/ownership of sasldb (/var/lib/qpidd/qpidd.sasldb)
> -rw-------. 1 qpidd qpidd 12288 Apr 10 18:26 /var/lib/qpidd/qpidd.sasldb
> 
> ===complete log ====
> Apr 11 13:20:37 guest-1 kernel: DLM (built Aug 28 2013 17:20:52) installed
> Apr 11 13:20:37 guest-1 corosync[28310]:   [MAIN  ] Corosync Cluster
> Engine ('1.4.1'): started and ready to provide service.
> Apr 11 13:20:37 guest-1 corosync[28310]:   [MAIN  ] Corosync built-in
> features: nss dbus rdma snmp
> Apr 11 13:20:37 guest-1 corosync[28310]:   [MAIN  ] Successfully read
> config from /etc/cluster/cluster.conf
> Apr 11 13:20:37 guest-1 corosync[28310]:   [MAIN  ] Successfully parsed
> cman config
> Apr 11 13:20:37 guest-1 corosync[28310]:   [TOTEM ] Initializing
> transport (UDP/IP Multicast).
> Apr 11 13:20:37 guest-1 corosync[28310]:   [TOTEM ] Initializing
> transmit/receive security: libtomcrypt SOBER128/SHA1HMAC (mode 0).
> Apr 11 13:20:37 guest-1 corosync[28310]:   [TOTEM ] The network
> interface [192.168.10.125] is now up.
> Apr 11 13:20:37 guest-1 corosync[28310]:   [QUORUM] Using quorum
> provider quorum_cman
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync cluster quorum service v0.1
> Apr 11 13:20:37 guest-1 corosync[28310]:   [CMAN  ] CMAN 3.0.12.1 (built
> Dec  9 2013 10:48:35) started
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync CMAN membership service 2.90
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: openais checkpoint service B.01.01
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync extended virtual synchrony service
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync configuration service
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync cluster closed process group service v1.01
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync cluster config database access v1.01
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync profile loading service
> Apr 11 13:20:37 guest-1 corosync[28310]:   [QUORUM] Using quorum
> provider quorum_cman
> Apr 11 13:20:37 guest-1 corosync[28310]:   [SERV  ] Service engine
> loaded: corosync cluster quorum service v0.1
> Apr 11 13:20:37 guest-1 corosync[28310]:   [MAIN  ] Compatibility mode
> set to whitetank.  Using V1 and V2 of the synchronization engine.
> Apr 11 13:20:37 guest-1 corosync[28310]:   [TOTEM ] A processor joined
> or left the membership and a new membership was formed.
> Apr 11 13:20:37 guest-1 corosync[28310]:   [QUORUM] Members[1]: 1
> Apr 11 13:20:37 guest-1 corosync[28310]:   [QUORUM] Members[1]: 1
> Apr 11 13:20:37 guest-1 corosync[28310]:   [CPG   ] chosen downlist:
> sender r(0) ip(192.168.10.125) ; members(old:0 left:0)
> Apr 11 13:20:37 guest-1 corosync[28310]:   [MAIN  ] Completed service
> synchronization, ready to provide service.
> Apr 11 13:20:41 guest-1 corosync[28310]:   [TOTEM ] A processor joined
> or left the membership and a new membership was formed.
> Apr 11 13:20:41 guest-1 corosync[28310]:   [CMAN  ] quorum regained,
> resuming activity
> Apr 11 13:20:41 guest-1 corosync[28310]:   [QUORUM] This node is within
> the primary component and will provide service.
> Apr 11 13:20:41 guest-1 corosync[28310]:   [QUORUM] Members[2]: 1 2
> Apr 11 13:20:41 guest-1 corosync[28310]:   [QUORUM] Members[2]: 1 2
> Apr 11 13:20:41 guest-1 corosync[28310]:   [CPG   ] chosen downlist:
> sender r(0) ip(192.168.10.125) ; members(old:1 left:0)
> Apr 11 13:20:41 guest-1 corosync[28310]:   [MAIN  ] Completed service
> synchronization, ready to provide service.
> Apr 11 13:20:41 guest-1 fenced[28366]: fenced 3.0.12.1 started
> Apr 11 13:20:41 guest-1 dlm_controld[28383]: dlm_controld 3.0.12.1 started
> Apr 11 13:20:41 guest-1 gfs_controld[28435]: gfs_controld 3.0.12.1 started
> Apr 11 13:20:42 guest-1 kernel: dlm: Using TCP for communications
> Apr 11 13:20:42 guest-1 modclusterd: startup succeeded
> Apr 11 13:20:42 guest-1 ricci: startup succeeded
> Apr 11 13:20:44 guest-1 corosync[28310]:   [TOTEM ] A processor joined
> or left the membership and a new membership was formed.
> Apr 11 13:20:44 guest-1 corosync[28310]:   [QUORUM] Members[3]: 1 2 3
> Apr 11 13:20:44 guest-1 corosync[28310]:   [QUORUM] Members[3]: 1 2 3
> Apr 11 13:20:44 guest-1 corosync[28310]:   [CPG   ] chosen downlist:
> sender r(0) ip(192.168.10.125) ; members(old:2 left:0)
> Apr 11 13:20:44 guest-1 corosync[28310]:   [MAIN  ] Completed service
> synchronization, ready to provide service.
> Apr 11 13:20:47 guest-1 fenced[28366]: fencing node guest-3
> Apr 11 13:20:47 guest-1 fenced[28366]: fence guest-3 dev 0.0 agent none
> result: error no method
> Apr 11 13:20:47 guest-1 fenced[28366]: fence guest-3 failed
> Apr 11 13:20:50 guest-1 kernel: dlm: connecting to 3
> Apr 11 13:20:50 guest-1 kernel: dlm: connecting to 2
> Apr 11 13:20:50 guest-1 kernel: dlm: got connection from 3
> Apr 11 13:20:50 guest-1 kernel: dlm: got connection from 2
> Apr 11 13:20:50 guest-1 rgmanager[28530]: I am node #1
> Apr 11 13:20:50 guest-1 rgmanager[28530]: Resource Group Manager Starting
> Apr 11 13:20:50 guest-1 rgmanager[28530]: Loading Service Data
> Apr 11 13:20:52 guest-1 rgmanager[28530]: Initializing Services
> Apr 11 13:20:52 guest-1 rgmanager[29521]: [script] Executing
> /etc/init.d/qpidd stop
> Apr 11 13:20:52 guest-1 rgmanager[29562]: [script] Executing
> /etc/init.d/qpidd stop
> Apr 11 13:20:52 guest-1 rgmanager[29610]: [script] Executing
> /etc/init.d/qpidd stop
> Apr 11 13:20:52 guest-1 rgmanager[29621]: [script] Executing
> /etc/init.d/qpidd-primary stop
> Apr 11 13:20:52 guest-1 rgmanager[28530]: Services Initialized
> Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: Local UP
> Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: guest-2 UP
> Apr 11 13:20:53 guest-1 rgmanager[28530]: Starting stopped service
> service:guest-1-qpidd-service
> Apr 11 13:20:53 guest-1 rgmanager[29767]: [script] Executing
> /etc/init.d/qpidd start
> Apr 11 13:20:53 guest-1 rgmanager[28530]: Marking
> service:guest-3-qpidd-service as stopped: Restricted domain unavailable
> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info
> Registered replication exchange
> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] notice
> Broker: Initializing: guest-1:5672(joining)
> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info
> Backup: Connecting to cluster, broker URL: amqp:tcp:192.168.10.194:5672
> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info
> Broker: Brokers URL set to: amqp:tcp:192.168.10.194:5672
> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info
> Broker: Membership: guest-1:5672(joining)
> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info
> Replication queue panic overflow disabled
> Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: guest-3 UP
> Apr 11 13:20:53 guest-1 rgmanager[28530]: Service
> service:guest-1-qpidd-service started
> Apr 11 13:20:56 guest-1 qpidd[29794]: No worthy mechs found
> Apr 11 13:20:56 guest-1 qpidd[29794]: 2014-04-11 13:20:56 [HA] info
> Checking status of amqp:tcp:192.168.10.194:5672: internal-error: Sasl
> error: SASL(-4): no mechanism available: No worthy mechs found
> (qpid/SaslFactory.cpp:280)
> Apr 11 13:21:23 guest-1 rgmanager[29854]: [script] Executing
> /etc/init.d/qpidd status
> Apr 11 13:21:25 guest-1 rgmanager[28530]: Recovering failed service
> service:qpidd-primary-service
> Apr 11 13:21:25 guest-1 rgmanager[29932]: [ip] Adding IPv4 address
> 192.168.10.194/24 to eth0
> Apr 11 13:21:28 guest-1 rgmanager[30052]: [ip] Adding IPv4 address
> 192.168.10.195/24 to eth0
> Apr 11 13:21:31 guest-1 rgmanager[30129]: [script] Executing
> /etc/init.d/qpidd-primary start
> Apr 11 13:21:31 guest-1 python: No worthy mechs found
> Apr 11 13:21:31 guest-1 rgmanager[30192]: [script] script:qpidd-primary:
> start of /etc/init.d/qpidd-primary failed (returned 1)
> Apr 11 13:21:31 guest-1 rgmanager[28530]: start on script
> "qpidd-primary" returned 1 (generic error)
> Apr 11 13:21:32 guest-1 rgmanager[28530]: #68: Failed to start
> service:qpidd-primary-service; return value: 1
> Apr 11 13:21:32 guest-1 rgmanager[28530]: Stopping service
> service:qpidd-primary-service
> Apr 11 13:21:32 guest-1 rgmanager[30221]: [script] Executing
> /etc/init.d/qpidd-primary stop
> Apr 11 13:21:32 guest-1 qpidd[29794]: 2014-04-11 13:21:32 [HA] notice
> Broker: Shut down
> Apr 11 13:21:32 guest-1 rgmanager[30288]: [ip] Removing IPv4 address
> 192.168.10.195/24 from eth0
> Apr 11 13:21:42 guest-1 rgmanager[30352]: [ip] Removing IPv4 address
> 192.168.10.194/24 from eth0
> Apr 11 13:21:52 guest-1 rgmanager[28530]: Service
> service:qpidd-primary-service is recovering
> Apr 11 13:21:53 guest-1 rgmanager[30404]: [script] Executing
> /etc/init.d/qpidd status
> Apr 11 13:21:53 guest-1 rgmanager[30432]: [script] script:qpidd: status
> of /etc/init.d/qpidd failed (returned 3)
> Apr 11 13:21:53 guest-1 rgmanager[28530]: status on script "qpidd"
> returned 1 (generic error)
> Apr 11 13:21:53 guest-1 rgmanager[28530]: Stopping service
> service:guest-1-qpidd-service
> Apr 11 13:21:53 guest-1 rgmanager[30461]: [script] Executing
> /etc/init.d/qpidd stop
> Apr 11 13:21:53 guest-1 rgmanager[28530]: Service
> service:guest-1-qpidd-service is recovering
> Apr 11 13:21:53 guest-1 rgmanager[28530]: Recovering failed service
> service:guest-1-qpidd-service
> Apr 11 13:21:53 guest-1 rgmanager[30504]: [script] Executing
> /etc/init.d/qpidd start
> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info
> Registered replication exchange
> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] notice
> Broker: Initializing: guest-1:5672(joining)
> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info
> Backup: Connecting to cluster, broker URL: amqp:tcp:192.168.10.194:5672
> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info
> Broker: Brokers URL set to: amqp:tcp:192.168.10.194:5672
> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info
> Broker: Membership: guest-1:5672(joining)
> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info
> Replication queue panic overflow disabled
> Apr 11 13:21:53 guest-1 rgmanager[28530]: Service
> service:guest-1-qpidd-service started
> Apr 11 13:21:56 guest-1 qpidd[30530]: No worthy mechs found
> Apr 11 13:21:56 guest-1 qpidd[30530]: 2014-04-11 13:21:56 [HA] info
> Checking status of amqp:tcp:192.168.10.194:5672: internal-error: Sasl
> error: SASL(-4): no mechanism available: No worthy mechs found
> (qpid/SaslFactory.cpp:280)
> Apr 11 13:22:23 guest-1 rgmanager[30589]: [script] Executing
> /etc/init.d/qpidd status
> 
> 
> Any ideas?
> 
> Thanks,
> --Hari
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: SASL mechanism issue with HA

Reply via email to