I believe this is now fixed on trunk, see https://issues.apache.org/jira/browse/QPID-5711 I'm waiting for approval to include it in the 0.28 release.
On Mon, 2014-04-14 at 16:27 -0400, Hari Pyla wrote: > Hi Pavel, > Yes, I have the cyrus packages installed on the nodes. > > # rpm -qa | grep cyrus > cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 > cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 > cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 > cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 > cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 > cyrus-sasl-2.1.23-13.el6_3.1.x86_64 > > To narrow down, I've simplified the configuration without HA, see below > > ===configuration=== > i) version 0.26 (built from source) > > ii) /etc/qpid/qpidd.conf > acl-file=/etc/qpid/qpidd.acl > auth=yes > realm=QPID > no-data-dir=yes > sasl-config=/etc/sasl2/ > log-to-stderr=no > log-enable=debug+ > log-to-syslog=yes > > # /etc/init.d/qpidd start > Starting Qpid AMQP daemon: [ OK ] > > # qpid-config queues -a test/[email protected]:5672 --sasl-mechanism=PLAIN > Queue Name Attributes > ================================================================= > 5b1b0c2e-bc6f-431b-b955-83ce5680d4ac:0.0 auto-del excl > > and things work as expected. However when I enable HA and when the > brokers try to communicate among themselves > I get the following error. > > ===error=== > Promoting qpid daemon to cluster primary: Error in sasl_client_start > (-4) SASL(-4): no mechanism available: No worthy mechs found > > Thanks, > --Hari > > > On 04/14/2014 08:35 AM, Pavel Moravec wrote: > > Hi, > > do you have cyrus-sasl-plain and cyrus-sasl packages installed? > > > > Also to narrow down your investigation, you could try enable authentication > > and use PLAIN authentication from a client, to skip HA part of your > > scenario. I.e. to have consumer with connection option like: > > > > "{ username: 'test', password: 'testPassword', sasl-mechanism: 'PLAIN' }" > > > > > > Hope that helps. > > > > Kind regards, > > Pavel > > > > > > ----- Original Message ----- > >> From: "Hari Pyla" <[email protected]> > >> To: [email protected] > >> Sent: Friday, April 11, 2014 7:24:02 PM > >> Subject: SASL mechanism issue with HA > >> > >> Hi, > >> I have an active-passive HA setup currently configured without any > >> authentication (auth=no) and allow all in the ACL and things work as > >> expected. > >> However, when I enable authentication and configure ACL, I find the > >> following error messages from the C++ broker. > >> I was wondering if I am missing something or if my configuration is > >> incorrect. > >> > >> ===error message === > >> Apr 11 11:53:09 guest-3 qpidd[26319]: No worthy mechs found > >> Apr 11 11:53:09 guest-3 qpidd[26319]: 2014-04-11 11:53:09 [HA] info > >> Checking status of amqp:tcp:192.168.10.194:5672: internal-error: Sasl > >> error: SASL(-4): no mechanism available: No worthy mechs found > >> (qpid/SaslFactory.cpp:280) > >> > >> ===configuration=== > >> i) Qpid version: 0.18 > >> > >> ii) Qpid configuration (/etc/qpidd.conf) > >> acl-file=/etc/qpid/qpidd.acl > >> auth=yes > >> realm=QPID > >> load-module=/usr/lib64/qpid/daemon/acl.so > >> load-module=/usr/lib64/qpid/daemon/ssl.so > >> load-module=/usr/lib64/qpid/daemon/ha.so > >> no-data-dir=yes > >> log-to-stderr=no > >> log-enable=debug+:HA > >> log-to-syslog=yes > >> ha-cluster=yes > >> ha-brokers-url=192.168.10.194 > >> ha-public-url=192.168.10.195 > >> ha-replicate=all > >> ha-queue-replication=yes > >> ha-username=test > >> ha-password=test > >> ha-mechanism=PLAIN > >> > >> iii) ACL file (/etc/qpid/qpidd.acl) > >> acl allow test@QPID all all > >> > >> iv) SASL config file (/etc/sasl2/qpidd.conf) > >> pwcheck_method: auxprop > >> auxprop_plugin: sasldb > >> sasldb_path: /var/lib/qpidd/qpidd.sasldb > >> #mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN > >> mech_list: PLAIN > >> > >> v) user entry in sasldb > >> # saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID test > >> # sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb > >> test@QPID: userPassword > >> > >> vi) permissions/ownership of sasldb (/var/lib/qpidd/qpidd.sasldb) > >> -rw-------. 1 qpidd qpidd 12288 Apr 10 18:26 /var/lib/qpidd/qpidd.sasldb > >> > >> ===complete log ==== > >> Apr 11 13:20:37 guest-1 kernel: DLM (built Aug 28 2013 17:20:52) installed > >> Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Corosync Cluster > >> Engine ('1.4.1'): started and ready to provide service. > >> Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Corosync built-in > >> features: nss dbus rdma snmp > >> Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Successfully read > >> config from /etc/cluster/cluster.conf > >> Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Successfully parsed > >> cman config > >> Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] Initializing > >> transport (UDP/IP Multicast). > >> Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] Initializing > >> transmit/receive security: libtomcrypt SOBER128/SHA1HMAC (mode 0). > >> Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] The network > >> interface [192.168.10.125] is now up. > >> Apr 11 13:20:37 guest-1 corosync[28310]: [QUORUM] Using quorum > >> provider quorum_cman > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync cluster quorum service v0.1 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [CMAN ] CMAN 3.0.12.1 (built > >> Dec 9 2013 10:48:35) started > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync CMAN membership service 2.90 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: openais checkpoint service B.01.01 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync extended virtual synchrony service > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync configuration service > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync cluster closed process group service v1.01 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync cluster config database access v1.01 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync profile loading service > >> Apr 11 13:20:37 guest-1 corosync[28310]: [QUORUM] Using quorum > >> provider quorum_cman > >> Apr 11 13:20:37 guest-1 corosync[28310]: [SERV ] Service engine > >> loaded: corosync cluster quorum service v0.1 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Compatibility mode > >> set to whitetank. Using V1 and V2 of the synchronization engine. > >> Apr 11 13:20:37 guest-1 corosync[28310]: [TOTEM ] A processor joined > >> or left the membership and a new membership was formed. > >> Apr 11 13:20:37 guest-1 corosync[28310]: [QUORUM] Members[1]: 1 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [QUORUM] Members[1]: 1 > >> Apr 11 13:20:37 guest-1 corosync[28310]: [CPG ] chosen downlist: > >> sender r(0) ip(192.168.10.125) ; members(old:0 left:0) > >> Apr 11 13:20:37 guest-1 corosync[28310]: [MAIN ] Completed service > >> synchronization, ready to provide service. > >> Apr 11 13:20:41 guest-1 corosync[28310]: [TOTEM ] A processor joined > >> or left the membership and a new membership was formed. > >> Apr 11 13:20:41 guest-1 corosync[28310]: [CMAN ] quorum regained, > >> resuming activity > >> Apr 11 13:20:41 guest-1 corosync[28310]: [QUORUM] This node is within > >> the primary component and will provide service. > >> Apr 11 13:20:41 guest-1 corosync[28310]: [QUORUM] Members[2]: 1 2 > >> Apr 11 13:20:41 guest-1 corosync[28310]: [QUORUM] Members[2]: 1 2 > >> Apr 11 13:20:41 guest-1 corosync[28310]: [CPG ] chosen downlist: > >> sender r(0) ip(192.168.10.125) ; members(old:1 left:0) > >> Apr 11 13:20:41 guest-1 corosync[28310]: [MAIN ] Completed service > >> synchronization, ready to provide service. > >> Apr 11 13:20:41 guest-1 fenced[28366]: fenced 3.0.12.1 started > >> Apr 11 13:20:41 guest-1 dlm_controld[28383]: dlm_controld 3.0.12.1 started > >> Apr 11 13:20:41 guest-1 gfs_controld[28435]: gfs_controld 3.0.12.1 started > >> Apr 11 13:20:42 guest-1 kernel: dlm: Using TCP for communications > >> Apr 11 13:20:42 guest-1 modclusterd: startup succeeded > >> Apr 11 13:20:42 guest-1 ricci: startup succeeded > >> Apr 11 13:20:44 guest-1 corosync[28310]: [TOTEM ] A processor joined > >> or left the membership and a new membership was formed. > >> Apr 11 13:20:44 guest-1 corosync[28310]: [QUORUM] Members[3]: 1 2 3 > >> Apr 11 13:20:44 guest-1 corosync[28310]: [QUORUM] Members[3]: 1 2 3 > >> Apr 11 13:20:44 guest-1 corosync[28310]: [CPG ] chosen downlist: > >> sender r(0) ip(192.168.10.125) ; members(old:2 left:0) > >> Apr 11 13:20:44 guest-1 corosync[28310]: [MAIN ] Completed service > >> synchronization, ready to provide service. > >> Apr 11 13:20:47 guest-1 fenced[28366]: fencing node guest-3 > >> Apr 11 13:20:47 guest-1 fenced[28366]: fence guest-3 dev 0.0 agent none > >> result: error no method > >> Apr 11 13:20:47 guest-1 fenced[28366]: fence guest-3 failed > >> Apr 11 13:20:50 guest-1 kernel: dlm: connecting to 3 > >> Apr 11 13:20:50 guest-1 kernel: dlm: connecting to 2 > >> Apr 11 13:20:50 guest-1 kernel: dlm: got connection from 3 > >> Apr 11 13:20:50 guest-1 kernel: dlm: got connection from 2 > >> Apr 11 13:20:50 guest-1 rgmanager[28530]: I am node #1 > >> Apr 11 13:20:50 guest-1 rgmanager[28530]: Resource Group Manager Starting > >> Apr 11 13:20:50 guest-1 rgmanager[28530]: Loading Service Data > >> Apr 11 13:20:52 guest-1 rgmanager[28530]: Initializing Services > >> Apr 11 13:20:52 guest-1 rgmanager[29521]: [script] Executing > >> /etc/init.d/qpidd stop > >> Apr 11 13:20:52 guest-1 rgmanager[29562]: [script] Executing > >> /etc/init.d/qpidd stop > >> Apr 11 13:20:52 guest-1 rgmanager[29610]: [script] Executing > >> /etc/init.d/qpidd stop > >> Apr 11 13:20:52 guest-1 rgmanager[29621]: [script] Executing > >> /etc/init.d/qpidd-primary stop > >> Apr 11 13:20:52 guest-1 rgmanager[28530]: Services Initialized > >> Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: Local UP > >> Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: guest-2 UP > >> Apr 11 13:20:53 guest-1 rgmanager[28530]: Starting stopped service > >> service:guest-1-qpidd-service > >> Apr 11 13:20:53 guest-1 rgmanager[29767]: [script] Executing > >> /etc/init.d/qpidd start > >> Apr 11 13:20:53 guest-1 rgmanager[28530]: Marking > >> service:guest-3-qpidd-service as stopped: Restricted domain unavailable > >> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info > >> Registered replication exchange > >> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] notice > >> Broker: Initializing: guest-1:5672(joining) > >> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info > >> Backup: Connecting to cluster, broker URL: amqp:tcp:192.168.10.194:5672 > >> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info > >> Broker: Brokers URL set to: amqp:tcp:192.168.10.194:5672 > >> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info > >> Broker: Membership: guest-1:5672(joining) > >> Apr 11 13:20:53 guest-1 qpidd[29794]: 2014-04-11 13:20:53 [HA] info > >> Replication queue panic overflow disabled > >> Apr 11 13:20:53 guest-1 rgmanager[28530]: State change: guest-3 UP > >> Apr 11 13:20:53 guest-1 rgmanager[28530]: Service > >> service:guest-1-qpidd-service started > >> Apr 11 13:20:56 guest-1 qpidd[29794]: No worthy mechs found > >> Apr 11 13:20:56 guest-1 qpidd[29794]: 2014-04-11 13:20:56 [HA] info > >> Checking status of amqp:tcp:192.168.10.194:5672: internal-error: Sasl > >> error: SASL(-4): no mechanism available: No worthy mechs found > >> (qpid/SaslFactory.cpp:280) > >> Apr 11 13:21:23 guest-1 rgmanager[29854]: [script] Executing > >> /etc/init.d/qpidd status > >> Apr 11 13:21:25 guest-1 rgmanager[28530]: Recovering failed service > >> service:qpidd-primary-service > >> Apr 11 13:21:25 guest-1 rgmanager[29932]: [ip] Adding IPv4 address > >> 192.168.10.194/24 to eth0 > >> Apr 11 13:21:28 guest-1 rgmanager[30052]: [ip] Adding IPv4 address > >> 192.168.10.195/24 to eth0 > >> Apr 11 13:21:31 guest-1 rgmanager[30129]: [script] Executing > >> /etc/init.d/qpidd-primary start > >> Apr 11 13:21:31 guest-1 python: No worthy mechs found > >> Apr 11 13:21:31 guest-1 rgmanager[30192]: [script] script:qpidd-primary: > >> start of /etc/init.d/qpidd-primary failed (returned 1) > >> Apr 11 13:21:31 guest-1 rgmanager[28530]: start on script > >> "qpidd-primary" returned 1 (generic error) > >> Apr 11 13:21:32 guest-1 rgmanager[28530]: #68: Failed to start > >> service:qpidd-primary-service; return value: 1 > >> Apr 11 13:21:32 guest-1 rgmanager[28530]: Stopping service > >> service:qpidd-primary-service > >> Apr 11 13:21:32 guest-1 rgmanager[30221]: [script] Executing > >> /etc/init.d/qpidd-primary stop > >> Apr 11 13:21:32 guest-1 qpidd[29794]: 2014-04-11 13:21:32 [HA] notice > >> Broker: Shut down > >> Apr 11 13:21:32 guest-1 rgmanager[30288]: [ip] Removing IPv4 address > >> 192.168.10.195/24 from eth0 > >> Apr 11 13:21:42 guest-1 rgmanager[30352]: [ip] Removing IPv4 address > >> 192.168.10.194/24 from eth0 > >> Apr 11 13:21:52 guest-1 rgmanager[28530]: Service > >> service:qpidd-primary-service is recovering > >> Apr 11 13:21:53 guest-1 rgmanager[30404]: [script] Executing > >> /etc/init.d/qpidd status > >> Apr 11 13:21:53 guest-1 rgmanager[30432]: [script] script:qpidd: status > >> of /etc/init.d/qpidd failed (returned 3) > >> Apr 11 13:21:53 guest-1 rgmanager[28530]: status on script "qpidd" > >> returned 1 (generic error) > >> Apr 11 13:21:53 guest-1 rgmanager[28530]: Stopping service > >> service:guest-1-qpidd-service > >> Apr 11 13:21:53 guest-1 rgmanager[30461]: [script] Executing > >> /etc/init.d/qpidd stop > >> Apr 11 13:21:53 guest-1 rgmanager[28530]: Service > >> service:guest-1-qpidd-service is recovering > >> Apr 11 13:21:53 guest-1 rgmanager[28530]: Recovering failed service > >> service:guest-1-qpidd-service > >> Apr 11 13:21:53 guest-1 rgmanager[30504]: [script] Executing > >> /etc/init.d/qpidd start > >> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info > >> Registered replication exchange > >> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] notice > >> Broker: Initializing: guest-1:5672(joining) > >> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info > >> Backup: Connecting to cluster, broker URL: amqp:tcp:192.168.10.194:5672 > >> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info > >> Broker: Brokers URL set to: amqp:tcp:192.168.10.194:5672 > >> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info > >> Broker: Membership: guest-1:5672(joining) > >> Apr 11 13:21:53 guest-1 qpidd[30530]: 2014-04-11 13:21:53 [HA] info > >> Replication queue panic overflow disabled > >> Apr 11 13:21:53 guest-1 rgmanager[28530]: Service > >> service:guest-1-qpidd-service started > >> Apr 11 13:21:56 guest-1 qpidd[30530]: No worthy mechs found > >> Apr 11 13:21:56 guest-1 qpidd[30530]: 2014-04-11 13:21:56 [HA] info > >> Checking status of amqp:tcp:192.168.10.194:5672: internal-error: Sasl > >> error: SASL(-4): no mechanism available: No worthy mechs found > >> (qpid/SaslFactory.cpp:280) > >> Apr 11 13:22:23 guest-1 rgmanager[30589]: [script] Executing > >> /etc/init.d/qpidd status > >> > >> > >> Any ideas? > >> > >> Thanks, > >> --Hari > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
