Description of problem:
[root@DB1 ~]# pcs cluster auth -u hacluster DB1 DB2
The above "pcs cluster auth..." has completed successfully, but note that the response has the hostnames changed to lowercase
Running the 'pcs cluster setup' command with the same uppercase hostnames returns an error:
[root@DB1 ~]# pcs cluster setup --name clus DB1 DB2
Error: DB1: unable to authenticate to node
Error: DB2: unable to authenticate to node
Error: nodes availability check failed, use --force to override. WARNING: This will destroy existing cluster on the nodes.
[root@DB1 ~]# pcs cluster setup --name clus db1 db2
Destroying cluster on nodes: db1, db2...
db1: Stopping Cluster (pacemaker)...
db2: Stopping Cluster (pacemaker)...
db1: Successfully destroyed cluster
db2: Successfully destroyed cluster
Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 7.5
Steps to Reproduce:
1. run 'pcs cluster setup --name <clustername> <HOST1> <HOST2>' using a node hostname with uppercase characters
Upper case characters in hostnames are causing 'pcs cluster setup' to fail
Upper case characters in hostnames should either be converted to lower (as with pcs cluster auth) and run, possibly with a warning.
On previous versions of RHEL 7 (up to RHEL 7.4/pacemaker 1.1.16), the nodenames passed to the pacemaker cluster setup command ('pcs cluster setup') were not case-sensitive, and using uppercase characters in the command worked successfully.
Reassigning to check whether it's in pcs itself first
It's not necessary to file a separate bz for 7.5.z; if one is required, we can set a flag on this one and it will be created automatically once approved
I confirm this is a pcs issue. The `pcs cluster auth` command changes node names to lower case when parsing command line arguments. Other pcs commands keep the case untouched. Pcs is then unable to get a token for nodes with upper case letters.
The easiest fix might be to lowercase a node name / address when getting its token.
I think complaining about hostnames not conforming to DNS scheme
would be in order so as to prevent any future issues (note that
interpreting non-ASCII byte sequences is a subject of how the
environment is configured!).
> The hostname may be a free-form string up to 64 characters in
> length; however, it is recommended that it consists only of 7-bit
> ASCII lower-case characters and no spaces or dots, and limits itself
> to the format allowed for DNS domain name labels, even though this
> is not a strict requirement.
Created attachment 1451933 [details]
This got broken in upstream commit https://github.com/ClusterLabs/pcs/commit/a0ad8f1eff38ae587adf9be07727998103256c2d
Since that commit, node addresses passed to the 'pcs cluster auth' command were parsed to split them to an address and a port. During this process, addresses were lowercased. These lowercased addresses were then stored into pcsd token file. As a result, pcs was not able to get a token for node addresses with upper case characters and therefore was unable to connect to such nodes.
This patch restores the previous behavior.
[ant ~] $ rpm -q pcs pcs-snmp
[ant ~] $ pcs cluster auth ANT BEE
[ant ~] $ pcs cluster setup --name=zoo ANT BEE --start
Destroying cluster on nodes: ANT, BEE...
ANT: Stopping Cluster (pacemaker)...
BEE: Stopping Cluster (pacemaker)...
ANT: Successfully destroyed cluster
BEE: Successfully destroyed cluster
Sending 'pacemaker_remote authkey' to 'ANT', 'BEE'
ANT: successful distribution of the file 'pacemaker_remote authkey'
BEE: successful distribution of the file 'pacemaker_remote authkey'
Sending cluster config files to the nodes...
Starting cluster on nodes: ANT, BEE...
ANT: Starting Cluster (corosync)...
BEE: Starting Cluster (corosync)...
BEE: Starting Cluster (pacemaker)...
ANT: Starting Cluster (pacemaker)...
Synchronizing pcsd certificates on nodes ANT, BEE...
Restarting pcsd on the nodes in order to reload the certificates...
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.