1596721 – pcs is unable to setup new qnetd and add it to a cluster

Bug 1596721 - pcs is unable to setup new qnetd and add it to a cluster

Summary: pcs is unable to setup new qnetd and add it to a cluster

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pcs
Sub Component:
Version:	29
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Jelinek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1596712
Blocks:
TreeView+	depends on / blocked

Reported:	2018-06-29 14:28 UTC by Tomas Jelinek
Modified:	2019-06-28 05:20 UTC (History)
CC List:	6 users (show)
Fixed In Version:	pcs-0.10.0.alpha.6-1.fc29 pcs-0.10.2-1.fc30 pcs-0.10.2-1.fc29
Clone Of:
Environment:
Last Closed:	2019-06-27 00:54:41 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tomas Jelinek 2018-06-29 14:28:05 UTC

Due to changes in nss-tools package pcs is now unable to setup new qnetd and add it to a cluster. This is partially caused by issues in corosync-qnetd-certutil which pcs uses, partially by pcs itself as it hard-codes "cert8.db" filename in a few places.

# rpm -q corosync-qnetd
corosync-qnetd-2.91.0-1.fc29.x86_64
# rpm -q corosync-qdevice
corosync-qdevice-2.91.0-1.fc29.x86_64
# rpm -q nss-tools
nss-tools-3.37.3-3.fc29.x86_64

[root@fed28-node3:~]# pcs qdevice setup model net
Quorum device 'net' initialized

[root@fed28-node1:~]# pcs quorum device add model net host=fed28-node3 algorithm=ffsplit 
Setting up qdevice certificates on nodes...
Error: fed28-node1: Error: Unable to initialize quorum device 'net': password file contains no data
Invalid password.
certutil: Could not set password for the slot: SEC_ERROR_INVALID_ARGS: security library: invalid arguments.
chown: cannot access '/etc/corosync/qdevice/net/nssdb/key3.db': No such file or directory
chown: cannot access '/etc/corosync/qdevice/net/nssdb/cert8.db': No such file or directory
chown: cannot access '/etc/corosync/qdevice/net/nssdb/secmod.db': No such file or directory
chmod: cannot access '/etc/corosync/qdevice/net/nssdb/key3.db': No such file or directory
chmod: cannot access '/etc/corosync/qdevice/net/nssdb/cert8.db': No such file or directory
chmod: cannot access '/etc/corosync/qdevice/net/nssdb/secmod.db': No such file or directory
certutil: could not decode certificate: SEC_ERROR_REUSED_ISSUER_AND_SERIAL: You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
Creating new key and cert db
Using existing noise file /etc/corosync/qdevice/net/nssdb/noise.txt
Importing CA, use --skip-offline to override
Error: fed28-node2: Error: Unable to initialize quorum device 'net': password file contains no data
Invalid password.
certutil: Could not set password for the slot: SEC_ERROR_INVALID_ARGS: security library: invalid arguments.
chown: cannot access '/etc/corosync/qdevice/net/nssdb/key3.db': No such file or directory
chown: cannot access '/etc/corosync/qdevice/net/nssdb/cert8.db': No such file or directory
chown: cannot access '/etc/corosync/qdevice/net/nssdb/secmod.db': No such file or directory
chmod: cannot access '/etc/corosync/qdevice/net/nssdb/key3.db': No such file or directory
chmod: cannot access '/etc/corosync/qdevice/net/nssdb/cert8.db': No such file or directory
chmod: cannot access '/etc/corosync/qdevice/net/nssdb/secmod.db': No such file or directory
certutil: could not decode certificate: SEC_ERROR_REUSED_ISSUER_AND_SERIAL: You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
Creating new key and cert db
Using existing noise file /etc/corosync/qdevice/net/nssdb/noise.txt
Importing CA, use --skip-offline to override
Error: Errors have occurred, therefore pcs is unable to continue

[root@fed28-node3:~]# pcs qdevice destroy net
Stopping quorum device...
quorum device stopped
quorum device disabled
Quorum device 'net' configuration files removed
[root@fed28-node3:~]# pcs qdevice setup model net
Error: Quorum device 'net' has been already initialized

Comment 1 Jan Kurik 2018-08-14 09:56:32 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle.
Changing version to '29'.

Comment 2 Tomas Jelinek 2018-08-15 13:34:48 UTC

Fixed in https://github.com/ClusterLabs/pcs/commit/f2be0aa53c7762931730371375fec2f89b3365d1

Comment 3 Fedora Update System 2019-06-17 08:45:46 UTC

FEDORA-2019-6f8b8534a2 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6f8b8534a2

Comment 4 Fedora Update System 2019-06-17 18:17:25 UTC

pcs-0.10.2-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6f8b8534a2

Comment 5 Fedora Update System 2019-06-17 20:12:05 UTC

pcs-0.10.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8864b0c71a

Comment 6 Fedora Update System 2019-06-27 00:54:41 UTC

pcs-0.10.2-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2019-06-28 05:20:45 UTC

pcs-0.10.2-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.