Hide Forgot
Ruby standard library takes http_proxy, https_proxy and no_proxy environment variables into account when connecting to HTTP servers. If there is a HTTP proxy set up, it may prevent pcsd to communicate with other cluster nodes. This is a part of pcsd debug log from when it happened: Sending HTTP Request to: https://lv9027hb:2224/remote/check_auth Data: None Response Reason: Tunnel connection failed: 403 Forbidden What user only gets when running without --debug is this, which is not helpful at all: [root@lv9026 ~]# pcs cluster auth lv9026hb lv9027hb Username: hacluster Password: Error: Unable to communicate with lv9027hb Error: Unable to communicate with lv9026hb We cannot disable HTTP proxy environment variables in pcsd completely as there are users who use it in their intended manner and then pcsd works fine for them. Pcs should print a warning if it is not able to connect to remote node and the reason for that might be HTTP proxy (or print a list of possible reasons every time a connection fails). Or it could try to connect without the proxy if there is a proxy configured and the first connection fails. Fabio's idea: try to connect via proxy, if it fails, try by unsetting those vars and provide proper error report/warning in the process. "attempting to connect to node foo via proxy XYZ .... FAILED" "attempting to connect to node foo without proxy even if proxy XYZ is configured".... We could either not use https_proxy or add nodes to no_proxy.
From the duplicate bz1388934: Robert Scheck 2016-10-26 09:46:11 EDT Description of problem: pcs(1) honors HTTP(S)_PROXY/http(s)_proxy by accident (I don't think there is a proper scenario to let pcs speak through a proxy) and thus fails when running "pcs cluster auth node1 node2". Example: $ export http_proxy=http://proxy.example.net:8080 $ export HTTP_PROXY=http://proxy.example.net:8080 $ export https_proxy=http://proxy.example.net:8080 $ export HTTPS_PROXY=http://proxy.example.net:8080 $ pcs cluster auth node1.example.net node2.example.net Username: hacluster Password: ******** Error: Unable to communicate with node1.example.net Error: Unable to communicate with node2.example.net $ While debugging this via strace(1), I noticed that pcs(1) connects here to http://proxy.example.net:8080 and receives a "HTTP/1.0 403 Forbidden" by the Squid. This again leads to a hardly readable stack trace within strace output. The stack trace makes me believing that proxy setups for pcs(1)are not intended - while pcs(1) seems to honor proxy environment variables by accident. If this is really intended, then there should be proper error messages - and of course no stack trace on "403 Forbidden" replies by the proxy server. Version-Release number of selected component (if applicable): pcs-0.9.143-15.el7.x86_64 How reproducible: Always, see above. Actual results: pcs(1) honors HTTP(S)_PROXY/http(s)_proxy by accident and thus fails at "pcs cluster auth node1 node2". Expected results: pcs(1) should not honor environment variables related to proxy servers, or proxy servers should be properly handled, especially "403 Forbidden". Additional info: Aside of this, the documentation likely should be updated to document this behaviour (or did I overlook existing documentation regarding this?).
*** Bug 1388934 has been marked as a duplicate of this bug. ***
Upstream patch: https://github.com/ClusterLabs/pcs/commit/3c4d8166ebb4dc43079c2f5aa6b3fd721590 Pcs will show warning about usage of proxy if it was unable to connect to a node. TEST: [root@rhel7-node1 ~]# https_proxy=test.proxy pcs cluster auth rhel7-node2 -uhacluster Password: Warning: Proxy is set in environment variables, try disabling it Error: Unable to communicate with rhel7-node2
Upstream patch: https://github.com/ClusterLabs/pcs/commit/f26981e27dc8c4e5e9383c0acc8149525f4ade4f
After Fix: [vm-rhel72-1 ~] $ rpm -q pcs pcs-0.9.157-1.el7.x86_64 Pcs will show warning about usage of proxy if it was unable to connect to a node. [vm-rhel72-1 ~] $ https_proxy=test.proxy pcs cluster auth vm-rhel72-3 -uhacluster Password: Warning: Proxy is set in environment variables, try disabling it Error: Unable to communicate with vm-rhel72-3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1958
The same error still exist in pcs-0.9.158-6.el7_4.1.x86_64 [root@new-mgs-mds-01 M]# ./configure_cluster.sh Setting Production Environment... Creating the HA-cluster... Authorizing pcs cluster auth -u -p new-mgs-mds-01 new-mgs-mds-02 Warning: Proxy is set in environment variables, try disabling it Error: Unable to communicate with new-mgs-mds-02 Error: Unable to communicate with new-mgs-mds-01 [root@new-mgs-mds-01 M]# ping new-mgs-mds-01 PING new-mgs-mds-01 56(84) bytes of data. 64 bytes from new-mgs-mds-01: icmp_seq=1 ttl=64 time=0.013 ms 64 bytes from new-mgs-mds-01: icmp_seq=2 ttl=64 time=0.008 ms 64 bytes from new-mgs-mds-01: icmp_seq=3 ttl=64 time=0.007 ms 64 bytes from new-mgs-mds-01: icmp_seq=4 ttl=64 time=0.018 ms ^C --- new-mgs-mds-01 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.007/0.011/0.018/0.005 ms [root@new-mgs-mds-01 M]# ping new-mgs-mds-02 PING new-mgs-mds-02 56(84) bytes of data. 64 bytes from new-mgs-mds-02 : icmp_seq=1 ttl=64 time=0.090 ms ^C --- new-mgs-mds-02 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms [root@new-mgs-mds-01 M]# cc Can you please check
Dzmitryj, This is expected. It is up to you to configure your proxy / network / environment. Pcs can not and will not do that for you.
(In reply to Dzmitryj from comment #19) > The same error still exist in pcs-0.9.158-6.el7_4.1.x86_64 > > > [root@new-mgs-mds-01 M]# ./configure_cluster.sh > Setting Production Environment... > > Creating the HA-cluster... > Authorizing pcs cluster auth -u -p new-mgs-mds-01 new-mgs-mds-02 > Warning: Proxy is set in environment variables, try disabling it > Error: Unable to communicate with new-mgs-mds-02 > Error: Unable to communicate with new-mgs-mds-01 in version 0.9.167 can set on all nodes env variable NO_PROXY with hosts to ignore proxy. Example: export NO_PROXY="new-mgs-mds-01,new-mgs-mds-02"
https://www.caradaftarsbobetterbaru.com/
http://gethelponline.xyz http://solution-archive.com http://gammenia.xyz