Red Hat Bugzilla – Bug 1170205
pcs cluster auth --force doesn't overwrite /var/lib/pcsd/tokens if its content is corrupt
Last modified: 2015-11-19 04:33:52 EST
> Description of problem: If the content of /var/lib/pcsd/tokens gets corrupted and is not a parseable JSON file, reauthenticating with the --force flag will only update the file's timestamp, but leaves its invalid content intact and doesn't produce any error. The --force flag should be able to overwrite the file even if the content is not parseable. Example of the /var/lib/pcsd/tokens corruption: {"tardis-03": "d77c8415-e76d-4f6c-8963-b4e04e77898f"} "tardis-02": "bef1fc5c-d140-4d2d-b3ab-6df902d9139f"} "tardis-02": "bef1fc5c-d140-4d2d-b3ab-6df902d9139f"} > Version-Release number of selected component (if applicable): pcs-0.9.137-1.el7 > How reproducible: Easily > Steps to Reproduce: 1. Create a currupted tokens file (see example above) 2. Run pcs cluster auth --force 3. Check authentication with pcs status > Actual results: Re-authentication passes but pcs status shows as not authenticated. Tokens file content has been left intact. > Expected results: Authentication re-creates the tokens file and pcsd is auth'd correctly.
Upstream here: https://github.com/feist/pcs/commit/d1371df02773f0ae90b8a7de94099ef842d64867
Test: 1. Create a corrupted tokens file 2. Run pcs cluster auth --force 3. Check authentication with pcs status 4. Token file is overwritten and nodes are authorized
Before Fix: [root@rh71-node1 ~]# rpm -q pcs pcs-0.9.137-13.el7_1.2.x86_64 [root@rh71-node1:~]# pcs status pcsd rh71-node1: Online rh71-node2: Online rh71-node3: Online [root@rh71-node1:~]# wc -c /var/lib/pcsd/tokens 162 /var/lib/pcsd/tokens [root@rh71-node1:~]# truncate -s 100 /var/lib/pcsd/tokens [root@rh71-node1:~]# pcs status pcsd rh71-node1: Unable to authenticate rh71-node2: Unable to authenticate rh71-node3: Unable to authenticate [root@rh71-node1:~]# pcs cluster auth rh71-node1 rh71-node2 rh71-node3 --force Username: hacluster Password: rh71-node1: Authorized rh71-node2: Authorized rh71-node3: Authorized [root@rh71-node1:~]# pcs status pcsd rh71-node1: Unable to authenticate rh71-node2: Unable to authenticate rh71-node3: Unable to authenticate After Fix: [root@rh71-node1:~]# rpm -q pcs pcs-0.9.140-1.el6.x86_64 [root@rh71-node1:~]# pcs status pcsd rh71-node1: Online rh71-node2: Online rh71-node3: Online [root@rh71-node1:~]# wc -c /var/lib/pcsd/tokens 238 /var/lib/pcsd/tokens [root@rh71-node1:~]# truncate -s 100 /var/lib/pcsd/tokens [root@rh71-node1:~]# pcs status pcsd rh71-node1: Unable to authenticate rh71-node2: Unable to authenticate rh71-node3: Unable to authenticate [root@rh71-node1:~]# pcs cluster auth rh71-node1 rh71-node2 rh71-node3 --force Username: hacluster Password: rh71-node3: Authorized rh71-node2: Authorized rh71-node1: Authorized [root@rh71-node1:~]# pcs status pcsd rh71-node1: Online rh71-node2: Online rh71-node3: Online
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2290.html