[ClusterLabs] Node replies with 401 ssl connect error

Wed Jan 15 06:31:14 EST 2020

Hello,

I'm trying to setup a cluster made up by three servers.

Two of them runs on Debian 10 and they are already part of the cluster 
and marked online.

I can't join the third machine running on Debian 9.

I can see the following error when trying to authenticate the third machine:

pcs host auth vracktenjin

Username: hacluster
Password:
Running: /usr/bin/ruby -I/usr/share/pcsd/ /usr/share/pcsd/pcsd-cli.rb auth
Environment:
   HOME=/root
   LANG=en_US.UTF-8
   LC_ALL=C
   LOGNAME=root
   MAIL=/var/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
   PCSD_DEBUG=true
   PCSD_NETWORK_TIMEOUT=60
   PWD=/root
   SHELL=/bin/bash
   SHLVL=1
   SSH_CLIENT=xx.xx.xx.xx 1612 22
   SSH_CONNECTION=xx.xx.xx.xx 1612 46.105.107.214 22
   SSH_TTY=/dev/pts/0
   TERM=xterm
   USER=root
   XDG_RUNTIME_DIR=/run/user/0
   XDG_SESSION_CLASS=user
   XDG_SESSION_ID=19
   XDG_SESSION_TYPE=tty
   _=/usr/sbin/pcs
--Debug Input Start--
{"nodes": {"vracktenjin": {"dest_list": [{"addr": "vracktenjin", "port": 
2224}], "username": "hacluster", "password": "INE -> S_IDLE | 
input=I_TE_SUCCESS cause=C_FSA_INTERNAL origin=notify_crmd"}}}
--Debug Input End--

Finished running: /usr/bin/ruby -I/usr/share/pcsd/ 
/usr/share/pcsd/pcsd-cli.rb auth
Return value: 0
--Debug Stdout Start--
{
   "status": "ok",
   "data": {
     "auth_responses": {
       "vracktenjin": {
         "status": "noresponse"
       }
     },
     "sync_successful": true,
     "sync_nodes_err": [

     ],
     "sync_responses": {
     }
   },
   "log": [
     "I, [2020-01-15T11:22:20.649294 #17621]  INFO -- : PCSD Debugging 
enabled\n",
     "D, [2020-01-15T11:22:20.649320 #17621] DEBUG -- : Detected systemd 
is in use\n",
     "I, [2020-01-15T11:22:20.699475 #17621]  INFO -- : Connecting to: 
https://vracktenjin:2224/remote/auth\n",
     "I, [2020-01-15T11:22:20.704920 #17621]  INFO -- : No response 
from: vracktenjin request: auth, error: ssl_connect_error\n"
   ]
}

--Debug Stdout End--
--Debug Stderr Start--

--Debug Stderr End--

Error: Unable to communicate with vracktenjin

And the follwing error on the target machine pcsd.log file:

ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: 
sslv3 alert handshake failure
         /usr/lib/ruby/2.3.0/openssl/ssl.rb:404:in `accept'

Debian 10 versions:

     corosync 3.0.1

     pacemaker 2.0.1

Debian 9 versions:

     corosync 2.4.2

     pacemaker 1.1.6

Any hints?

(I previously setup a six machines test plant with no errors like this 
one. All those machines are running on Debian 9)

Thank you!

Raffaele Pantaleoni

/
/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20200115/f6a9363a/attachment.html>