After installing PCS on (x)Ubuntu 16.04, I'm unable to successfully run "pcs auth cluster".
I was following the documentation from http://clusterlabs.org/doc/en-US/Pacemaker/1.1-pcs/html/Clusters_from_Scratch/_enable_pcs_daemon.html
To reproduce:
install Ubuntu 16.04
set up networking
install pcs: apt-get -y install pcs
start pcsd: systemctl start pcsd
(optionally enable it on boot: systemctl enable pcsd)
set password for "hacluster": passwd hacluster
attempt cluster authorisation (which fails): pcs cluster auth <hostname>
example:
root@uk01pvmh020:~# pcs cluster auth uk01pvmh020
Username: hacluster
Password:
Error: Unable to communicate with uk01pvmh020
root@uk01pvmh020:~#
Following the same procedure with RHEL7 actually works, so as a workaround I could eschew the use of Ubuntu for clustering services (am looking to get clvm working).
Here's the output with "--debug" enabled:
root@uk01pvmh020:~# pcs --debug cluster auth uk01pvmh020
Running: /usr/bin/ruby -I/usr/share/pcsd/ /usr/share/pcsd/pcsd-cli.rb read_tokens
--Debug Input Start--
{}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
"status": "ok",
"data": {
},
"log": [
"I, [2016-05-21T17:38:52.731105 #14594] INFO -- : PCSD Debugging enabled\n",
"D, [2016-05-21T17:38:52.731174 #14594] DEBUG -- : Did not detect RHEL 6\n",
"I, [2016-05-21T17:38:52.731207 #14594] INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name\n",
"I, [2016-05-21T17:38:52.731229 #14594] INFO -- : CIB USER: hacluster, groups: \n",
"D, [2016-05-21T17:38:52.740894 #14594] DEBUG -- : [\"totem.cluster_name (str) = debian\\n\"]\n",
"D, [2016-05-21T17:38:52.741017 #14594] DEBUG -- : []\n",
"D, [2016-05-21T17:38:52.741059 #14594] DEBUG -- : Duration: 0.009645066s\n",
"I, [2016-05-21T17:38:52.741155 #14594] INFO -- : Return Value: 0\n",
"W, [2016-05-21T17:38:52.741423 #14594] WARN -- : Cannot read config 'tokens' from '/var/lib/pcsd/tokens': No such file or directory @ rb_sysopen - /var/lib/pcsd/tokens\n",
"E, [2016-05-21T17:38:52.741508 #14594] ERROR -- : Unable to parse tokens file: A JSON text must at least contain two octets!\n"
]
}
--Debug Output End--
Sending HTTP Request to: https://uk01pvmh020:2224/remote/check_auth
Data: None
Response Reason: Tunnel connection failed: 403 Forbidden
Username: hacluster
Password:
Running: /usr/bin/ruby -I/usr/share/pcsd/ /usr/share/pcsd/pcsd-cli.rb auth
--Debug Input Start--
{"username": "hacluster", "local": false, "nodes": ["uk01pvmh020"], "password": "retsulcah", "force": false}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
"status": "ok",
"data": {
"auth_responses": {
"uk01pvmh020": {
"status": "noresponse"
}
},
"sync_successful": true,
"sync_nodes_err": [
],
"sync_responses": {
}
},
"log": [
"I, [2016-05-21T17:39:00.392737 #14611] INFO -- : PCSD Debugging enabled\n",
"D, [2016-05-21T17:39:00.392806 #14611] DEBUG -- : Did not detect RHEL 6\n",
"I, [2016-05-21T17:39:00.392838 #14611] INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name\n",
"I, [2016-05-21T17:39:00.392860 #14611] INFO -- : CIB USER: hacluster, groups: \n",
"D, [2016-05-21T17:39:00.402354 #14611] DEBUG -- : [\"totem.cluster_name (str) = debian\\n\"]\n",
"D, [2016-05-21T17:39:00.402461 #14611] DEBUG -- : []\n",
"D, [2016-05-21T17:39:00.402513 #14611] DEBUG -- : Duration: 0.009475549s\n",
"I, [2016-05-21T17:39:00.402595 #14611] INFO -- : Return Value: 0\n",
"W, [2016-05-21T17:39:00.403098 #14611] WARN -- : Cannot read config 'tokens' from '/var/lib/pcsd/tokens': No such file or directory @ rb_sysopen - /var/lib/pcsd/tokens\n",
"E, [2016-05-21T17:39:00.403238 #14611] ERROR -- : Unable to parse tokens file: A JSON text must at least contain two octets!\n",
"I, [2016-05-21T17:39:00.403273 #14611] INFO -- : SRWT Node: uk01pvmh020 Request: check_auth\n",
"E, [2016-05-21T17:39:00.403298 #14611] ERROR -- : Unable to connect to node uk01pvmh020, no token available\n",
"I, [2016-05-21T17:39:00.409109 #14611] INFO -- : No response from: uk01pvmh020 request: /auth, exception: 403 \"Forbidden\"\n"
]
}
--Debug Output End--
Error: Unable to communicate with uk01pvmh020
root@uk01pvmh020:~#
For reference, here's the debug output from a RHEL7/OL7 machine:
[root@uk01vort003 pcsd]# pcs --debug cluster auth uk01vort003
Running: /usr/bin/ruby -I/usr/lib/pcsd/ /usr/lib/pcsd/pcsd-cli.rb read_tokens
--Debug Input Start--
{}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
"status": "ok",
"data": {
},
"log": [
"I, [2016-05-21T17:43:55.516093 #28868] INFO -- : PCSD Debugging enabled\n",
"D, [2016-05-21T17:43:55.516217 #28868] DEBUG -- : Did not detect RHEL 6\n",
"I, [2016-05-21T17:43:55.516290 #28868] INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name\n",
"I, [2016-05-21T17:43:55.516361 #28868] INFO -- : CIB USER: hacluster, groups: \n",
"D, [2016-05-21T17:43:55.520897 #28868] DEBUG -- : []\n",
"D, [2016-05-21T17:43:55.520995 #28868] DEBUG -- : Duration: 0.004518704s\n",
"I, [2016-05-21T17:43:55.521117 #28868] INFO -- : Return Value: 1\n",
"W, [2016-05-21T17:43:55.521284 #28868] WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf\n",
"W, [2016-05-21T17:43:55.521740 #28868] WARN -- : Cannot read config 'tokens' from '/var/lib/pcsd/tokens': No such file or directory - /var/lib/pcsd/tokens\n",
"E, [2016-05-21T17:43:55.521844 #28868] ERROR -- : Unable to parse tokens file: A JSON text must at least contain two octets!\n"
]
}
--Debug Output End--
Sending HTTP Request to: https://uk01vort003:2224/remote/check_auth
Data: None
Response Reason: Tunnel connection failed: 403 Forbidden
Username: hacluster
Password:
Running: /usr/bin/ruby -I/usr/lib/pcsd/ /usr/lib/pcsd/pcsd-cli.rb auth
--Debug Input Start--
{"username": "hacluster", "local": false, "nodes": ["uk01vort003"], "password": "retsulcah", "force": false}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
"status": "ok",
"data": {
"auth_responses": {
"uk01vort003": {
"status": "ok",
"token": "0d262df4-7f1b-4687-acc2-73e1febec81d"
}
},
"sync_successful": true,
"sync_nodes_err": [
],
"sync_responses": {
}
},
"log": [
"I, [2016-05-21T17:44:02.473670 #28892] INFO -- : PCSD Debugging enabled\n",
"D, [2016-05-21T17:44:02.473833 #28892] DEBUG -- : Did not detect RHEL 6\n",
"I, [2016-05-21T17:44:02.473904 #28892] INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name\n",
"I, [2016-05-21T17:44:02.473974 #28892] INFO -- : CIB USER: hacluster, groups: \n",
"D, [2016-05-21T17:44:02.480170 #28892] DEBUG -- : []\n",
"D, [2016-05-21T17:44:02.480552 #28892] DEBUG -- : Duration: 0.006169278s\n",
"I, [2016-05-21T17:44:02.480737 #28892] INFO -- : Return Value: 1\n",
"W, [2016-05-21T17:44:02.481035 #28892] WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf\n",
"W, [2016-05-21T17:44:02.481756 #28892] WARN -- : Cannot read config 'tokens' from '/var/lib/pcsd/tokens': No such file or directory - /var/lib/pcsd/tokens\n",
"E, [2016-05-21T17:44:02.481865 #28892] ERROR -- : Unable to parse tokens file: A JSON text must at least contain two octets!\n",
"I, [2016-05-21T17:44:02.481918 #28892] INFO -- : SRWT Node: uk01vort003 Request: check_auth\n",
"E, [2016-05-21T17:44:02.481959 #28892] ERROR -- : Unable to connect to node uk01vort003, no token available\n",
"I, [2016-05-21T17:44:02.733483 #28892] INFO -- : Running: /usr/sbin/pcs status nodes corosync\n",
"I, [2016-05-21T17:44:02.733897 #28892] INFO -- : CIB USER: hacluster, groups: \n",
"D, [2016-05-21T17:44:02.910480 #28892] DEBUG -- : []\n",
"D, [2016-05-21T17:44:02.910700 #28892] DEBUG -- : Duration: 0.176567846s\n",
"I, [2016-05-21T17:44:02.910799 #28892] INFO -- : Return Value: 1\n",
"W, [2016-05-21T17:44:02.911164 #28892] WARN -- : Cannot read config 'tokens' from '/var/lib/pcsd/tokens': No such file or directory - /var/lib/pcsd/tokens\n",
"E, [2016-05-21T17:44:02.911296 #28892] ERROR -- : Unable to parse tokens file: A JSON text must at least contain two octets!\n",
"I, [2016-05-21T17:44:02.912068 #28892] INFO -- : Saved config 'tokens' version 1 a71824b42061fbb2a08f42069a4285ddbb8f8040 to '/var/lib/pcsd/tokens'\n"
]
}
--Debug Output End--
uk01vort003: Authorized
[root@uk01vort003 pcsd]#
Whilst investigating, I came across an issue with Ruby not using IPv4 connections, so I have tried to force IPv4 by editing /usr/share/pcsd/ssl.rb but even when I force it to use IPv4 for port 2224, it still doesn't work.
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
To change the source package that this bug is filed about visit https:/ /bugs.launchpad .net/ubuntu/ +bug/1584365/ +editstatus and add the package name in the text box next to the word Package.
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]