Bug 1264886

Summary: [GUI] 'pcs cluster auth' fails for remote cluster if local cluster exists and is not authenticated
Product: Red Hat Enterprise Linux 7 Reporter: Radek Steiger <rsteiger>
Component: pcsAssignee: Tomas Jelinek <tojeline>
Status: CLOSED WONTFIX QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.2CC: cluster-maint, mmazoure, tojeline
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1743735 (view as bug list) Environment:
Last Closed: 2020-09-15 11:27:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Radek Steiger 2015-09-21 12:19:03 UTC 
> Description of problem:

If a local cluster exists on a pcsd GUI machine (i.e. the machine itself is part of any cluster) and this machine's pcsd is not authenticated to itself (i.e. to the local cluster), any authentication performed against any other remote cluster will fail.

This is because pcsd finds the local cluster configuration and fails on it's auth before the remote cluster is ever checked. 

If no local cluster exists or is authenticated properly, this problem doesn't happen. Performing local auth first can be used as a workaround.


> Version-Release number of selected component (if applicable):

pcs-0.9.143-9.el7


> How reproducible:

Always


> Steps to Reproduce:

1. Create local cluster and add it to GUI
2. Create remote cluster and add it to GUI
3. Remove all tokens on the GUI node (rm /var/lib/pcsd/tokens)
4. Try to authenticate the remote cluster from GUI


> Actual results:

Auth fails.


> Expected results:

Auth passes.
Comment 3 Tomas Jelinek 2019-06-14 14:12:32 UTC 
In this case, authentication succeeds. The issue is tokens cannot be saved to the local cluster as the cluster nodes are not authenticated to each other. Pcsd backend needs to send a result of saving / synchronizing tokens (error/success, error messages) to JS frontend. JS frontend should display those messages in case of a failure.

CLI properly informs about the situation:
# pcs cluster auth rh69-node1
Username: hacluster
Password: 
rh69-node1: Authorized
Error: Unable to synchronize and save tokens on nodes: rh76-node1, rh76-node2. Are they authorized?
Comment 6 Tomas Jelinek 2020-09-15 11:27:05 UTC 
This has already been fixed in RHEL 8: bz1743735
Due to the availability of a workaround and the current RHEL 7 life cycle stage, there will be no fix for RHEL 7.