Bug 1590533 - 'pcs cluster setup' not accepting hostnames with upper case characters
Summary: 'pcs cluster setup' not accepting hostnames with upper case characters
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pcs
Version: 7.5
Hardware: x86_64
OS: Linux
Target Milestone: rc
: 7.5
Assignee: Tomas Jelinek
QA Contact: cluster-qe@redhat.com
Steven J. Levine
Depends On:
TreeView+ depends on / blocked
Reported: 2018-06-12 19:23 UTC by Tim Quinlan
Modified: 2018-10-30 08:07 UTC (History)
12 users (show)

Fixed In Version: pcs-0.9.165-1.el7
Doc Type: Bug Fix
Doc Text:
PCS is able to find a token and connect to a node with upper case characters in its node name Previously, PCS was unable to find a token for any node name with upper case characters, and it would report an error that the node is not authenticated. This occurred because the `pcs cluster auth` command would lowercase all node names before storing them to the PCS token file. With this fix, PCS does not lowercase node names before storing them to the PCS token file.
Clone Of:
Last Closed: 2018-10-30 08:06:06 UTC
Target Upstream Version:

Attachments (Terms of Use)
proposed fix (3.08 KB, patch)
2018-06-15 13:52 UTC, Tomas Jelinek
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3483801 0 None None None 2018-08-07 12:59:24 UTC
Red Hat Product Errata RHBA-2018:3066 0 None None None 2018-10-30 08:07:26 UTC

Description Tim Quinlan 2018-06-12 19:23:19 UTC
Description of problem:

[root@DB1 ~]# pcs cluster auth -u hacluster DB1 DB2
db1: Authorized 
db2: Authorized

The above "pcs cluster auth..." has completed successfully, but note that the response has the hostnames changed to lowercase

Running the 'pcs cluster setup' command with the same uppercase hostnames returns an error:

[root@DB1 ~]# pcs cluster setup --name clus DB1 DB2
Error: DB1: unable to authenticate to node
Error: DB2: unable to authenticate to node
Error: nodes availability check failed, use --force to override. WARNING: This will destroy existing cluster on the nodes.

[root@DB1 ~]# pcs cluster setup --name clus db1 db2
Destroying cluster on nodes: db1, db2...
db1: Stopping Cluster (pacemaker)...
db2: Stopping Cluster (pacemaker)...
db1: Successfully destroyed cluster
db2: Successfully destroyed cluster

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 7.5 

How reproducible:

Steps to Reproduce:
1. run  'pcs cluster setup --name <clustername> <HOST1> <HOST2>' using a node hostname with uppercase characters 

Actual results:
Upper case characters in hostnames are causing 'pcs cluster setup' to fail

Expected results:
Upper case characters in hostnames should either be converted to lower (as with pcs cluster auth) and run, possibly with a warning. 

Additional info:
On previous versions of RHEL 7 (up to RHEL 7.4/pacemaker 1.1.16), the nodenames passed to the pacemaker cluster setup command ('pcs cluster setup') were not case-sensitive, and using uppercase characters in the command worked successfully.

Comment 5 Ken Gaillot 2018-06-12 19:57:07 UTC
Reassigning to check whether it's in pcs itself first

It's not necessary to file a separate bz for 7.5.z; if one is required, we can set a flag on this one and it will be created automatically once approved

Comment 6 Tomas Jelinek 2018-06-13 08:05:27 UTC
I confirm this is a pcs issue. The `pcs cluster auth` command changes node names to lower case when parsing command line arguments. Other pcs commands keep the case untouched. Pcs is then unable to get a token for nodes with upper case letters.

The easiest fix might be to lowercase a node name / address when getting its token.

Comment 7 Jan Pokorný [poki] 2018-06-14 13:32:20 UTC
I think complaining about hostnames not conforming to DNS scheme
would be in order so as to prevent any future issues (note that
interpreting non-ASCII byte sequences is a subject of how the
environment is configured!).

Per hostname(5):

> The hostname may be a free-form string up to 64 characters in
> length; however, it is recommended that it consists only of 7-bit
> ASCII lower-case characters and no spaces or dots, and limits itself
> to the format allowed for DNS domain name labels, even though this
> is not a strict requirement.

Comment 9 Tomas Jelinek 2018-06-15 13:52:17 UTC
Created attachment 1451933 [details]
proposed fix

This got broken in upstream commit https://github.com/ClusterLabs/pcs/commit/a0ad8f1eff38ae587adf9be07727998103256c2d
Since that commit, node addresses passed to the 'pcs cluster auth' command were parsed to split them to an address and a port. During this process, addresses were lowercased. These lowercased addresses were then stored into pcsd token file. As a result, pcs was not able to get a token for node addresses with upper case characters and therefore was unable to connect to such nodes.
This patch restores the previous behavior.

Comment 11 Ivan Devat 2018-06-22 12:14:35 UTC
After Fix:

[ant ~] $ rpm -q pcs pcs-snmp

[ant ~] $ pcs cluster auth ANT BEE
Username: hacluster
ANT: Authorized
BEE: Authorized
[ant ~] $ pcs cluster setup --name=zoo ANT BEE --start
Destroying cluster on nodes: ANT, BEE...
ANT: Stopping Cluster (pacemaker)...
BEE: Stopping Cluster (pacemaker)...
ANT: Successfully destroyed cluster
BEE: Successfully destroyed cluster

Sending 'pacemaker_remote authkey' to 'ANT', 'BEE'
ANT: successful distribution of the file 'pacemaker_remote authkey'
BEE: successful distribution of the file 'pacemaker_remote authkey'
Sending cluster config files to the nodes...
ANT: Succeeded
BEE: Succeeded

Starting cluster on nodes: ANT, BEE...
ANT: Starting Cluster (corosync)...
BEE: Starting Cluster (corosync)...
BEE: Starting Cluster (pacemaker)...
ANT: Starting Cluster (pacemaker)...

Synchronizing pcsd certificates on nodes ANT, BEE...
ANT: Success
BEE: Success
Restarting pcsd on the nodes in order to reload the certificates...
ANT: Success
BEE: Success

Comment 19 errata-xmlrpc 2018-10-30 08:06:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.