1590533 – 'pcs cluster setup' not accepting hostnames with upper case characters

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1590533 - 'pcs cluster setup' not accepting hostnames with upper case characters

Summary: 'pcs cluster setup' not accepting hostnames with upper case characters

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	pcs
Sub Component:
Version:	7.5
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	rc
Target Release:	7.5
Assignee:	Tomas Jelinek
QA Contact:	cluster-qe@redhat.com
Docs Contact:	Steven J. Levine
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-06-12 19:23 UTC by Tim Quinlan
Modified:	2021-12-10 16:21 UTC (History)
CC List:	12 users (show)
Fixed In Version:	pcs-0.9.165-1.el7
Doc Type:	Bug Fix
Doc Text:	PCS is able to find a token and connect to a node with upper case characters in its node name Previously, PCS was unable to find a token for any node name with upper case characters, and it would report an error that the node is not authenticated. This occurred because the `pcs cluster auth` command would lowercase all node names before storing them to the PCS token file. With this fix, PCS does not lowercase node names before storing them to the PCS token file.
Clone Of:
Environment:
Last Closed:	2018-10-30 08:06:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
proposed fix (3.08 KB, patch) 2018-06-15 13:52 UTC, Tomas Jelinek	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	3483801	0	None	None	None	2018-08-07 12:59:24 UTC
Red Hat Product Errata	RHBA-2018:3066	0	None	None	None	2018-10-30 08:07:26 UTC

Description Tim Quinlan 2018-06-12 19:23:19 UTC

Description of problem:


[root@DB1 ~]# pcs cluster auth -u hacluster DB1 DB2
Password: 
db1: Authorized 
db2: Authorized

The above "pcs cluster auth..." has completed successfully, but note that the response has the hostnames changed to lowercase


Running the 'pcs cluster setup' command with the same uppercase hostnames returns an error:

[root@DB1 ~]# pcs cluster setup --name clus DB1 DB2
Error: DB1: unable to authenticate to node
Error: DB2: unable to authenticate to node
Error: nodes availability check failed, use --force to override. WARNING: This will destroy existing cluster on the nodes.

[root@DB1 ~]# pcs cluster setup --name clus db1 db2
Destroying cluster on nodes: db1, db2...
db1: Stopping Cluster (pacemaker)...
db2: Stopping Cluster (pacemaker)...
db1: Successfully destroyed cluster
db2: Successfully destroyed cluster


Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 7.5 
 pacemaker-1.1.18-11.el7_5.2.x86_64                          
 pacemaker-cli-1.1.18-11.el7_5.2.x86_64                      
 pacemaker-cluster-libs-1.1.18-11.el7_5.2.x86_64             
 pacemaker-libs-1.1.18-11.el7_5.2.x86_64

How reproducible:
Everytime 

Steps to Reproduce:
1. run  'pcs cluster setup --name <clustername> <HOST1> <HOST2>' using a node hostname with uppercase characters 


Actual results:
Upper case characters in hostnames are causing 'pcs cluster setup' to fail

Expected results:
Upper case characters in hostnames should either be converted to lower (as with pcs cluster auth) and run, possibly with a warning. 

Additional info:
On previous versions of RHEL 7 (up to RHEL 7.4/pacemaker 1.1.16), the nodenames passed to the pacemaker cluster setup command ('pcs cluster setup') were not case-sensitive, and using uppercase characters in the command worked successfully.

Comment 5 Ken Gaillot 2018-06-12 19:57:07 UTC

Reassigning to check whether it's in pcs itself first

It's not necessary to file a separate bz for 7.5.z; if one is required, we can set a flag on this one and it will be created automatically once approved

Comment 6 Tomas Jelinek 2018-06-13 08:05:27 UTC

I confirm this is a pcs issue. The `pcs cluster auth` command changes node names to lower case when parsing command line arguments. Other pcs commands keep the case untouched. Pcs is then unable to get a token for nodes with upper case letters.

The easiest fix might be to lowercase a node name / address when getting its token.

Comment 7 Jan Pokorný [poki] 2018-06-14 13:32:20 UTC

I think complaining about hostnames not conforming to DNS scheme
would be in order so as to prevent any future issues (note that
interpreting non-ASCII byte sequences is a subject of how the
environment is configured!).

Per hostname(5):

> The hostname may be a free-form string up to 64 characters in
> length; however, it is recommended that it consists only of 7-bit
> ASCII lower-case characters and no spaces or dots, and limits itself
> to the format allowed for DNS domain name labels, even though this
> is not a strict requirement.

Comment 9 Tomas Jelinek 2018-06-15 13:52:17 UTC

Created attachment 1451933 [details]
proposed fix

This got broken in upstream commit https://github.com/ClusterLabs/pcs/commit/a0ad8f1eff38ae587adf9be07727998103256c2d
Since that commit, node addresses passed to the 'pcs cluster auth' command were parsed to split them to an address and a port. During this process, addresses were lowercased. These lowercased addresses were then stored into pcsd token file. As a result, pcs was not able to get a token for node addresses with upper case characters and therefore was unable to connect to such nodes.
This patch restores the previous behavior.

Comment 11 Ivan Devat 2018-06-22 12:14:35 UTC

After Fix:

[ant ~] $ rpm -q pcs pcs-snmp
pcs-0.9.165-1.el7.x86_64
pcs-snmp-0.9.165-1.el7.x86_64

[ant ~] $ pcs cluster auth ANT BEE
Username: hacluster
Password:
ANT: Authorized
BEE: Authorized
[ant ~] $ pcs cluster setup --name=zoo ANT BEE --start
Destroying cluster on nodes: ANT, BEE...
ANT: Stopping Cluster (pacemaker)...
BEE: Stopping Cluster (pacemaker)...
ANT: Successfully destroyed cluster
BEE: Successfully destroyed cluster

Sending 'pacemaker_remote authkey' to 'ANT', 'BEE'
ANT: successful distribution of the file 'pacemaker_remote authkey'
BEE: successful distribution of the file 'pacemaker_remote authkey'
Sending cluster config files to the nodes...
ANT: Succeeded
BEE: Succeeded

Starting cluster on nodes: ANT, BEE...
ANT: Starting Cluster (corosync)...
BEE: Starting Cluster (corosync)...
BEE: Starting Cluster (pacemaker)...
ANT: Starting Cluster (pacemaker)...

Synchronizing pcsd certificates on nodes ANT, BEE...
ANT: Success
BEE: Success
Restarting pcsd on the nodes in order to reload the certificates...
ANT: Success
BEE: Success

Comment 19 errata-xmlrpc 2018-10-30 08:06:06 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3066

Note You need to log in before you can comment on or make changes to this bug.