Red Hat Bugzilla – Bug 1359154
pcs authentication command does not trigger authentication of nodes against each other
Last modified: 2016-11-03 16:59:30 EDT
Description of problem: The pcs authentication command (pcs cluster auth ...) does not trigger authentication of nodes against each other. Only the node where authentication command was executed is authenticated against listed nodes on command line. Version-Release number of selected component (if applicable): pcs-0.9.152-4.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Run pcs authentication command on a cluster node virt-270 - cluster node virt-269 - cluster node [root@virt-270 ~]# pcs cluster auth virt-269 virt-270 Username: hacluster Password: virt-270: Authorized virt-269: Authorized 2. Check pcd status on other cluster node [root@virt-269 ~]# pcs status pcsd virt-269 virt-270 virt-269: Unable to authenticate virt-270: Unable to authenticate Actual results: Only the node where pcs authentication command was executed is authenticated against listed nodes on the command line. Expected results: The node where the authentication command was executed is authenticated against listed nodes and listed nodes are authenticated against themselves [root@virt-100 ~]# pcs cluster auth virt-{101..110} Username: hacluster Password: virt-109: Authorized virt-108: Authorized virt-107: Authorized virt-110: Authorized virt-105: Authorized virt-104: Authorized virt-103: Authorized virt-102: Authorized virt-101: Authorized virt-106: Authorized [root@virt-100 ~]# pcs status pcsd virt-{101..110} virt-101: Online virt-102: Online virt-103: Online virt-104: Online virt-105: Online virt-106: Online virt-107: Online virt-108: Online virt-109: Online virt-110: Online Also there should be the same result of 'pcs status pcsd virt-101..110}' on the nodes virt-{101..110}.
This would also let adherents of clufter's "pcs commands" output down. ISTR it used to work correctly. Fixing this defect should be prioritized.
Clarification of the reproducer: When I wrote "cluster node(s)" I actually meant nodes set apart for cluster. There should not be any cluster configuration on the nodes at the time of executing pcs authentication command.
Created attachment 1184205 [details] proposed fix
Before Fix: [vm-rhel72-1 /tmp] $ rpm -q pcs pcs-0.9.152-4.el7.x86_64 [vm-rhel72-1 /tmp] $ pcs cluster auth vm-rhel72-1 booth1 Username: hacluster Password: booth1: Authorized vm-rhel72-1: Authorized [booth1 ~pcs # booth-master] $ rpm -q pcs pcs-0.9.152-4.el7.x86_64 [booth1 ~pcs # booth-master] $ pcs status pcsd vm-rhel72-1 vm-rhel72-1: Unable to authenticate After Fix: [vm-rhel72-1 /tmp] $ rpm -q pcs pcs-0.9.152-5.el7.x86_64 [vm-rhel72-1 /tmp] $ pcs cluster auth vm-rhel72-1 booth1 Username: hacluster Password: booth1: Authorized vm-rhel72-1: Authorized [booth1 ~pcs # booth-master] $ rpm -q pcs pcs-0.9.152-5.el7.x86_64 [booth1 ~pcs # booth-master] $ pcs status pcsd vm-rhel72-1 vm-rhel72-1: Online
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2596.html