[ClusterLabs] Antw: SLES cluster join fails with TLS handshake error
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Nov 27 08:32:10 EST 2019
It seems you'll have to set up csync2 manually.
>>> "Reynolds, John F - San Mateo, CA - Contractor"
<John.F.Reynolds2 at usps.gov>
schrieb am 25.11.2019 um 23:23 in Nachricht
<6ebb0a4dbbaa41b291402bd1a3e7becb at EAGNMNSXMB48.usa.dce.usps.gov>:
> Hello.
>
> I am trying to setup a two‑node cluster of SLES12SP4 servers. The two
nodes
> are named 'eagnmnmeqfc0', IP 56.76.161.34, and 'eagnmnmeqfc1', IP
> 56.76.161.35
>
> The ha‑cluster‑init on fc0 went fine. It is set up for unicast, as
multicast
> is blocked on our networks.
>
> The cluster‑join on fc1 failed. It looks OK, but at the end, there is a TLS
> handshake error. The log is:
>
>
> eagnmnmeqfc1:/var/log # cat ha‑cluster‑bootstrap.log
> + systemctl reload rsyslog.service
> ================================================================
> 2019‑11‑25 15:28:52‑06:00 /usr/sbin/crm cluster join ‑c 56.76.161.34
> ‑‑interface=bond0 ‑y
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
> + systemctl enable sshd.service
> + mkdir ‑m 700 ‑p /root/.ssh
> # Retrieving SSH keys ‑ This may prompt for root at 56.76.161.34:
> + scp ‑oStrictHostKeyChecking=no root at 56.76.161.34:'/root/.ssh/id_*'
> /tmp/crmsh_IlBXAY/
> [login header]
> + mv /tmp/crmsh_IlBXAY/id_rsa* /root/.ssh/
> + cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
> # One new SSH key installed
> + ssh root at 56.76.161.34 ha‑cluster‑init ssh_remote
> Done (log saved to /var/log/ha‑cluster‑bootstrap.log)
> [login header]
> # Configuring csync2
> + rm ‑f /var/lib/csync2/eagnmnmeqfc1.db3
> + ssh root at 56.76.161.34 ha‑cluster‑init csync2_remote eagnmnmeqfc1
> Done (log saved to /var/log/ha‑cluster‑bootstrap.log)
> [login header]
> + scp root at 56.76.161.34:'/etc/csync2/{csync2.cfg,key_hagroup}' /etc/csync2
> [login header]
> + systemctl enable csync2.socket
> + ssh root at 56.76.161.34 "csync2 ‑mr / ; csync2 ‑fr / ; csync2 ‑xv"
> [login header]
> Marking file as dirty: /etc/corosync/authkey
> Connecting to host eagnmnmeqfc1 (SSL) ...
> Connect to 56.76.161.35:30865 (eagnmnmeqfc1).
> SSL: failed to use key file /etc/csync2/csync2_ssl_key.pem and/or
> certificate file /etc/csync2/csync2_ssl_cert.pem: Error while reading file.
> (GNUTLS_E_FILE_ERROR)
> ARNING: csync2 run failed ‑ some files may not be sync'd
> # Merging known_hosts
> parallax.call ['eagnmnmeqfc0', 'eagnmnmeqfc1'] : [ ‑e /root/.ssh/known_hosts
> ] && cat /root/.ssh/known_hosts || true
> parallax.copy ['eagnmnmeqfc0', 'eagnmnmeqfc1'] : 56.76.161.35
> ecdsa‑sha2‑nistp256
>
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1NplEqVWzby0/wwQED0s8wP
> rNhk0zzkZz4NIWOlU/Z4td75heNmPgpEhh5z6i9Jdc3hWnuhPbiP9Wso5qsJMs=
> eagnmnmeqfc0,56.76.161.34 ecdsa‑sha2‑nistp256
>
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1NplEqVWzby0/wwQED0s8wP
> rNhk0zzkZz4NIWOlU/Z4td75heNmPgpEhh5z6i9Jdc3hWnuhPbiP9Wso5qsJMs=
> eagnmnmeqfc1 ecdsa‑sha2‑nistp256
>
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1NplEqVWzby0/wwQED0s8wP
> rNhk0zzkZz4NIWOlU/Z4td75heNmPgpEhh5z6i9Jdc3hWnuhPbiP9Wso5qsJMs=
> eagnmnmeqfc1,56.76.161.35 ecdsa‑sha2‑nistp256
>
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1NplEqVWzby0/wwQED0s8wP
> rNhk0zzkZz4NIWOlU/Z4td75heNmPgpEhh5z6i9Jdc3hWnuhPbiP9Wso5qsJMs=
> eagnmnmeqfca,56.76.161.44 ecdsa‑sha2‑nistp256
>
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1NplEqVWzby0/wwQED0s8wP
> rNhk0zzkZz4NIWOlU/Z4td75heNmPgpEhh5z6i9Jdc3hWnuhPbiP9Wso5qsJMs=
> eagnmnmeqfcb,56.76.161.45 ecdsa‑sha2‑nistp256
>
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1NplEqVWzby0/wwQED0s8wP
> rNhk0zzkZz4NIWOlU/Z4td75heNmPgpEhh5z6i9Jdc3hWnuhPbiP9Wso5qsJMs=
> # Probing for new partitions...
> + partprobe /dev/sde /dev/sdf /dev/sdb /dev/sdc /dev/sda /dev/sdd /dev/sdg
> /dev/sdm /dev/sdn /dev/sdq /dev/sdr /dev/sdh /dev/sdk /dev/sdi /dev/sdl
> /dev/sdp /dev/sds /dev/sdj /dev/sdu /dev/sdt /dev/sdv /dev/sdo /dev/sdx
> /dev/sdw /dev/mapper/360000970000197200928533030333644
> /dev/mapper/360000970000197200928533030324134
> /dev/mapper/360000970000197200928533030324135
> /dev/mapper/360000970000197200928533030333645
> /dev/mapper/360000970000197200498533031374344
> /dev/mapper/360000970000197200498533030324637
> /dev/mapper/360000970000197200498533030324639
> /dev/mapper/360000970000197200498533030324638 /dev/sdy /dev/sdz /dev/sdaa
> /dev/sdab /dev/sdac /dev/sdad /dev/sdae /dev/sdaf
> /dev/mapper/vg_qncoa_noncloned‑‑a00‑lv_a00shared
> /dev/mapper/vg_rootdisk‑lv_export /dev/mapper/vg_rootdisk‑lv_patrol
> /dev/mapper/vg_rootdisk‑lv_root /dev/mapper/vg_rootdisk‑lv_swap
> /dev/mapper/vg_rootdisk‑lv_var /dev/mapper/vg_rootdisk‑lv_var_log
> # done
> + mkdir ‑p /ncoa/qncoa/a00shared
> + mkdir ‑p /mqm/qncoa/u00
> + mkdir ‑p /ncoa/qncoa/a01shared
> + mkdir ‑p /ncoa/qncoa/a02shared
> + mkdir ‑p /ncoa/qncoa/a03shared
> + mkdir ‑p /ncoa/qncoa/a04shared
> + mkdir ‑p /ncoa/qncoa/a05shared
> + ssh root at 56.76.161.34 systemctl is‑enabled sbd.service
> disabled
> [login header]
> + rm ‑f /var/lib/heartbeat/crm/* /var/lib/pacemaker/cib/*
> + systemctl enable hawk.service
> + systemctl start hawk.service
> # Hawk cluster interface is now running. To see cluster status, open:
> # https://56.76.161.35:7630/
> # Log in with username 'hacluster'
> + systemctl disable sbd.service
> + systemctl enable pacemaker.service
> + systemctl start pacemaker.service
> # Waiting for cluster...
> # done
> + csync2 ‑rm /etc/corosync/corosync.conf
> + csync2 ‑rf /etc/corosync/corosync.conf
> + csync2 ‑rxv /etc/corosync/corosync.conf
> Marking file as dirty: /etc/corosync/corosync.conf
> Connecting to host eagnmnmeqfc0 (SSL) ...
> Connect to 56.76.161.34:30865 (eagnmnmeqfc0).
> SSL: handshake failed: The TLS connection was non‑properly terminated.
> (GNUTLS_E_PREMATURE_TERMINATION)
> + corosync‑cfgtool ‑R
> Reloading corosync.conf...
> Done
> + crm cluster run 'crm corosync reload'
> ERROR: [eagnmnmeqfc1]: Exited with error code 1, Error output:
> [login header]
> ERROR: corosync: [Errno 2] No such file or directory: '/proc/30517/cmdline'
> # Done (log saved to /var/log/ha‑cluster‑bootstrap.log)
> eagnmnmeqfc1:/var/log #
>
> I've done some googling, but haven't found anything that seems to apply.
>
> Advice, please?
>
> Thank you.
>
> John Reynolds
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
More information about the Users
mailing list