Re: [ClusterLabs] resource-agents security update

[S Sathish S via Users]

Hi Albrigtsen,

Python3-urllib3 package used from redhat and reported CVE-2024-37891 mitigated 
version available will upgrade to latest version in the system. As per below 
your statement update urllib3 package will mitigate this vulnerability no need 
to update resource-agents module. This is our understanding correct me if I am 
wrong.

Thanks and Regards,
S Sathish S
-Original Message-
From: Oyvind Albrigtsen 
Sent: Thursday, September 19, 2024 12:35 PM
To: Cluster Labs - All topics related to open-source clustering welcomed 

Cc: Tomas Jelinek ; S Sathish S 
; Kohilavani G 
Subject: Re: [ClusterLabs] resource-agents security update

[You don't often get email from oalbr...@redhat.com. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Hi,

This is a urllib3 CVE (bundled with resource-agents on RHEL8), so on other 
distros you'll have to check if the python-urllib3 package is version 1.26.19, 
2.2.2 or later. If not you can check the distro-specific changelog to see if 
the CVE has been fixed in the version you're using.

https://access.redhat.com/errata/RHSA-2024:5309
https://www.tenable.com/plugins/nessus/200807


Oyvind

On 19/09/24 06:32 GMT, S Sathish S via Users wrote:
>Thanks Tomas for your response.
>
>@Clusterlab team : can you check on below query and update us.
>
>Regards,
>S Sathish S
>-Original Message-
>From: Tomas Jelinek 
>Sent: Wednesday, September 18, 2024 9:19 PM
>To: S Sathish S ; users@clusterlabs.org
>Cc: Kohilavani G 
>Subject: Re: resource-agents security update
>
>Hi,
>
>Sorry, I don't work on resource agents, so I'm not the right person to answer 
>this question.
>
>Regards,
>Tomas
>
>
>Dne 17. 09. 24 v 14:16 S Sathish S napsal(a):
>> Hi Tomas/Team,
>>
>> In our application we are using resource-agent-4.12.0
>> <https://gi/
>> t%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a
>> 08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285
>> 9655867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
>> CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9vNDpoXa31hSP4PCdf35
>> 9LKi1ir9x1fMRYz2GCSWrfY%3D&reserved=0
>> hub.com%2FClusterLabs%2Fresource-agents%2Ftree%2Fv4.12.0&data=05%7C02
>> %
>> 7Cs.s.sathish%40ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e
>> 8
>> 4cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638622713399244865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ThxwAAaiOfBcPTLUKeYQBP2w9XHix1ZXmK0KrU4Xvs%3D&reserved=0>
>>  version and that module has vulnerability(CVE-2024-37891) reported and 
>> fixed on below RHSA Errata. can you check and provided fixed on 
>> resource-agent latest version on upstream also.
>>
>> https://acc/
>> e%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a
>> 08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285
>> 9672823%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
>> CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sMArNs1F0EhkWKOZoQGM
>> 27ky82Ih%2BoW6NbWLQgzI3bo%3D&reserved=0
>> ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish%
>> 4
>> 0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe
>> 5
>> 2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8ey
>> J
>> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
>> C
>> %7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reser
>> v
>> ed=0
>>
>> Thanks and Regards,
>> S Sathish S
>>
>
>___
>Manage your subscription:
>https://lists/
>.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers&data=05%7C02%7Cs.s.sathis
>h%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abb
>e52080c6b87953f%7C0%7C0%7C638623262859687084%7CUnknown%7CTWFpbGZsb3d8ey
>JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
>%7C%7C&sdata=wiZLjXCM743n24lC8ddorB5URDAZ9LDaJPFYVhQV%2FiQ%3D&reserved=
>0
>
>ClusterLabs home:
>https://www.c/
>lusterlabs.org%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638623262859699515%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q3NA%2FrA7X5m4ZIZH9zuSPm8E9AgdYMhw757i%2FOh5sDw%3D&reserved=0
>

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] resource-agents security update

[S Sathish S via Users]

Thanks Tomas for your response.

@Clusterlab team : can you check on below query and update us.

Regards,
S Sathish S
-Original Message-
From: Tomas Jelinek  
Sent: Wednesday, September 18, 2024 9:19 PM
To: S Sathish S ; users@clusterlabs.org
Cc: Kohilavani G 
Subject: Re: resource-agents security update

Hi,

Sorry, I don't work on resource agents, so I'm not the right person to answer 
this question.

Regards,
Tomas


Dne 17. 09. 24 v 14:16 S Sathish S napsal(a):
> Hi Tomas/Team,
> 
> In our application we are using resource-agent-4.12.0 
>  hub.com%2FClusterLabs%2Fresource-agents%2Ftree%2Fv4.12.0&data=05%7C02%
> 7Cs.s.sathish%40ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e8
> 4cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638622713399244865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ThxwAAaiOfBcPTLUKeYQBP2w9XHix1ZXmK0KrU4Xvs%3D&reserved=0>
>  version and that module has vulnerability(CVE-2024-37891) reported and fixed 
> on below RHSA Errata. can you check and provided fixed on resource-agent 
> latest version on upstream also.
> 
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Facce
> ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish%4
> 0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe5
> 2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8eyJ
> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
> %7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reserv
> ed=0
> 
> Thanks and Regards,
> S Sathish S
> 

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource-agents security update

[S Sathish S via Users]

Hi Tomas/Team,

In our application we are using 
resource-agent-4.12.0
 version and that module has vulnerability(CVE-2024-37891) reported and fixed 
on below RHSA Errata. can you check and provided fixed on resource-agent latest 
version on upstream also.

https://access.redhat.com/errata/RHSA-2024:6310

Thanks and Regards,
S Sathish S

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] 9 nodes pacemaker cluster setup non-DC nodes reboot parallelly

[S Sathish S via Users]

Hi Ken,

Thank you for quick response.

We have checked pacemaker logs found signal 15 on pacemaker component . Post 
that we have executed pcs cluster start then pacemaker and corosync service 
started properly and joined cluster also.

With respect to reboot query , In our application pacemaker cluster no quorum 
or fencing is configured. Please find reboot procedure followed in our upgrade 
procedure which will be executed parallelly on all 9 nodes cluster. Whether it 
is recommended way to reboot?


  1.   pacemaker cluster in maintenance mode.
  2.  Bring down pacemaker cluster service using below command.
# pcs cluster stop
# pcs cluster disable

 3) reboot
 4) Bring up pacemaker cluster Service


Regards,
S Sathish S

From: Ken Gaillot 
Sent: Tuesday, July 16, 2024 7:53 PM
To: Cluster Labs - All topics related to open-source clustering welcomed 

Cc: S Sathish S 
Subject: Re: [ClusterLabs] 9 nodes pacemaker cluster setup non-DC nodes reboot 
parallelly

On Tue, 2024-07-16 at 11:18 +, S Sathish S via Users wrote:
> Hi Team,
>
> In our product we have 9 nodes pacemaker cluster setup non-DC nodes
> reboot parallelly. Most of nodes join cluster properly and only one
> node pacemaker and corosync service is not came up properly with
> below error message.
>
> Error Message:
> Error: error running crm_mon, is pacemaker running?
>   crm_mon: Connection to cluster failed: Connection refused

All that indicates is that Pacemaker is not responding. You'd have to
look at the system log and/or pacemaker.log from that time to find out
more.

>
> Query : Is it recommended to reboot parallelly of non-DC nodes ?

As long as they are cleanly rebooted, there should be no fencing or
other actual problems. However the cluster will lose quorum and have to
stop all resources. If you reboot less than half of the nodes at one
time and wait for them to rejoin before rebooting more, you would avoid
that.

>
> Thanks and Regards,
> S Sathish S
> ___
> Manage your subscription:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C5e391698a47643d1c7fb08dca5a2ec0e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638567366368643199%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QIk47YY2QLsIBwA1lWM%2BeG%2FEFfEL%2B5D7GEn0nOTeRV8%3D&reserved=0<https://lists.clusterlabs.org/mailman/listinfo/users>
>
> ClusterLabs home: 
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.clusterlabs.org%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C5e391698a47643d1c7fb08dca5a2ec0e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638567366368652616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=WJe0xE95VNwHECBIB8onLtn537l9p6teIrHQGQwU24U%3D&reserved=0<https://www.clusterlabs.org/>
--
Ken Gaillot 

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] 9 nodes pacemaker cluster setup non-DC nodes reboot parallelly

[S Sathish S via Users]

Hi Team,

In our product we have 9 nodes pacemaker cluster setup non-DC nodes reboot 
parallelly. Most of nodes join cluster properly and only one node pacemaker and 
corosync service is not came up properly with below error message.

Error Message:
Error: error running crm_mon, is pacemaker running?
  crm_mon: Connection to cluster failed: Connection refused

Query : Is it recommended to reboot parallelly of non-DC nodes ?

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] PCS security vulnerability

[S Sathish S via Users]

Thanks Ondrej for the update.

Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] PCS security vulnerability

[S Sathish S via Users]

Hi Tomas/Team,

In our application we are using pcs-0.10.16 version and that module has 
vulnerability(CVE-2024-25126,CVE-2024-26141,CVE-2024-26146) reported and fixed 
on below RHSA Errata. can you check and provided fixed on PCS 0.10.x latest 
version on upstream also.

https://access.redhat.com/errata/RHSA-2024:3431

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs node removal still crm_node it is removed node is listing as lost node

[S Sathish S via Users]

Hi Ken/Team,

For us straight forward issue we are able to reproduce continuously, So please 
provide fix as soon as possible.

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs node removal still crm_node it is removed node is listing as lost node

[S Sathish S via Users]

Hi Team,


Problem Statement : we are trying to remove node on pcs cluster, post execution 
also still crm_node

it is removed node is listing as lost node.

we have checked corosync.conf file it is removed but still it is displaying on
crm_node -l.

[root@node1 ~]# pcs cluster node remove node2 --force
Destroying cluster on hosts: 'node2'...
node2: Successfully destroyed cluster
Sending updated corosync.conf to nodes...
node1: Succeeded
node1: Corosync configuration reloaded

[root@node1 ~]# crm_node -l
1 node1 member
2 node2 lost

In RHEL 7.x we are using below rpm version not seeing this issue while removing 
the node.
pacemaker-2.0.2-2.el7
corosync-2.4.4-2.el7
pcs-0.9.170-1.el7

In RHEL 8.x we are using below rpm version but seeing above issue over here.
pacemaker-2.1.6-1.el8
corosync-3.1.7-1.el8
pcs-0.10.16-1.el8

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Pacemaker logs written on message which is not expected as per configuration

[S Sathish S via Users]

Thanks Klaus and Ken for your quick support.

Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] Pacemaker logs written on message which is not expected as per configuration

[S Sathish S via Users]

Hi Team,

The pacemaker logs is written in both '/var/log/messages' and 
'/var/log/pacemaker/pacemaker.log'.
Could you please help us for not write pacemaker processes in 
/var/log/messages? Even corosync configuration we have set to_syslog: no.
Attached the corosync.conf file.

Pacemaker 2.1.6

[root@node1 username]# tail -f /var/log/messages
Jun 23 13:45:38 node1 ESAFMA_RA(ESAFMA_node1)[3593054]: INFO:  component 
is running with 10502  number
Jun 23 13:45:38 node1 HealthMonitor_RA(HEALTHMONITOR_node1)[3593055]: INFO: 
Health Monitor component is running with 3046  number
Jun 23 13:45:38 node1 ESAPMA_RA(ESAPMA_OCC)[3593056]: INFO:  component 
is running with 10902  number
Jun 23 13:45:38 node1 HP_AMSD_RA(HP_AMSD_node1)[3593057]: INFO:  
component is running with 2540  number
Jun 23 13:45:38 node1 HP_SMAD_RA(HP_SMAD_node1)[3593050]: INFO:  
component is running with 2536  number
Jun 23 13:45:38 node1 SSMAGENT_RA(SSMAGENT_node1)[3593068]: INFO:  
component is running with 2771  number
Jun 23 13:45:38 node1 HazelCast_RA(HAZELCAST_node1)[3593059]: INFO:  
component is running with 13355 number
Jun 23 13:45:38 node1 HP_SMADREV_RA(HP_SMADREV_node1)[3593062]: INFO:  
component is running with 2735  number
Jun 23 13:45:38 node1 ESAMA_RA(ESAMA_node1)[3593065]: INFO:  component 
is running with 9572  number
Jun 23 13:45:38 node1 MANAGER_RA(MANAGER_OCC)[3593071]: INFO:  
component is running with 10069 number


cat /etc/corosync/corosync.conf
totem {
version: 2
cluster_name: OCC
transport: knet
crypto_cipher: aes256
crypto_hash: sha256
cluster_uuid: 20572748740a4ac2a7bcc3a3bb6889e9
}

nodelist {
node {
ring0_addr: node1
name: node1
nodeid: 1
}
}

quorum {
provider: corosync_votequorum
}

logging {
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: no
timestamp: on
}

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs property maintenance mode --wait not supported

[S Sathish S via Users]

Hi Team,

Thanks for quick response.

Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] pcs property maintenance mode --wait not supported

[S Sathish S via Users]

Hi Team,

The '--wait' option is not supported in pcs property maintenance mode which is 
working earlier in pcs-0.9.x version. To understand may I know, why --wait 
option got removed. Could you please help on this.

 pcs property set maintenance-mode=true/false --wait=120

 [root@node1 user]#  pcs property set maintenance-mode=false --wait=120
Error: Specified option '--wait' is not supported in this command
[root@node1 user]#

 Below rpms we are using.
pcs-0.10.16-1.el8.x86_64
pacemaker-2.1.5-1.el8.x86_64
corosync-3.1.7-1.el8.x86_64
resource-agents-4.12.0-1.el8.x86_64
libknet1-1.25-1.el8.x86_64
Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs node removal still crm_node it is removed node is listing as lost node

[S Sathish S via Users]

Hi Team,

Any update on below query.

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs node removal still crm_node it is removed node is listing as lost node

[S Sathish S via Users]

Hi Team,

We have tried "crm_node -R node2 -force"  still it is crm_node list as lost 
node.

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] pcs node removal still crm_node it is removed node is listing as lost node

[S Sathish S via Users]

Hi Team,

we are trying to remove node on pcs cluster, post execution also still crm_node 
it is removed node is listing as lost node.

we have checked corosync.conf file it is removed but still it is displaying on 
crm_node -l.

[root@node1 ~]# pcs cluster node remove node2 --force
Destroying cluster on hosts: 'node2'...
node2: Successfully destroyed cluster
Sending updated corosync.conf to nodes...
node1: Succeeded
node1: Corosync configuration reloaded

[root@node1 ~]# crm_node -l
1 node1 member
2 node2 lost

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] resource going to blocked status while we restart service via systemctl twice

[S Sathish S via Users]

Hi Team,

TEST_node1 resource going to blocked status while we restart service via 
systemctl twice in less time/before completion of 1st systemctl command.
In older pacemaker version 2.0.2 we don't see this issue, only observing this 
issue on latest pacemaker version 2.1.15.

[root@node1 ~]# pcs resource status TEST_node1
  * TEST_node1  (ocf::provider:TEST_RA):  Started node1
[root@node1 ~]# systemctl restart TESTec
[root@node1 ~]# cat /var/pid/TEST.pid
271466
[root@node1 ~]# systemctl restart TESTec
[root@node1 ~]# cat /var/pid/TEST.pid
271466
[root@node1 ~]# pcs resource status TEST_node1
  * TEST_node1  (ocf::provider:TEST_RA):  FAILED node1 (blocked)
[root@node1 ~]#


[root@node1 ~]# pcs resource config TEST_node1
Resource: TEST_node1 (class=ocf provider=provider type=TEST_RA)
  Meta Attributes: TEST_node1-meta_attributes
failure-timeout=120s
migration-threshold=5
priority=60
  Operations:
migrate_from: TEST_node1-migrate_from-interval-0s
  interval=0s
  timeout=20
migrate_to: TEST_node1-migrate_to-interval-0s
  interval=0s
  timeout=20
monitor: TEST_node1-monitor-interval-10s
  interval=10s
  timeout=120s
  on-fail=restart
reload: TEST_node1-reload-interval-0s
  interval=0s
  timeout=20
start: TEST_node1-start-interval-0s
  interval=0s
  timeout=120s
  on-fail=restart
stop: TEST_node1-stop-interval-0s
  interval=0s
  timeout=120s
  on-fail=block
[root@node1 ~]#

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] ClusterMon resource creation getting illegal option -- E in ClusterMon

[S Sathish S via Users]

Hi Team,

While creating ClusterMon resource agent in Clusterlab High Availability 
getting illegal option -- E in ClusterMon.

[root@node1 tmp]# pcs resource create SNMP_test ocf:pacemaker:ClusterMon  
extra_options="-E /tmp/tools/PCSESA.sh"
Error: Validation result from agent (use --force to override):
  /usr/lib/ocf/resource.d/pacemaker/ClusterMon: illegal option -- E
  Apr 12 13:36:47 ERROR: Invalid options -E /tmp/tools/PCSESA.sh!
Error: Errors have occurred, therefore pcs is unable to continue
[root@node1 tmp]#

As per above error we use --force option now resource is getting created but 
still we get this error in the system  , But ClusterMon resource functionality 
is working as expected . we need to understand any impact with below error / 
how to rectify illegal option on ClusterMon.

[root@node1 tmp]# pcs resource create SNMP_test ocf:pacemaker:ClusterMon  
extra_options="-E /tmp/tools/PCSESA.sh" --force
Warning: Validation result from agent:
  /usr/lib/ocf/resource.d/pacemaker/ClusterMon: illegal option -- E
  Apr 12 13:49:43 ERROR: Invalid options -E /tmp/tools/PCSESA.sh!
[root@node1 tmp]#

Please find the Clusterlab RPM version used:
pacemaker-cluster-libs-2.1.4-1.2.1.4.git.el8.x86_64
resource-agents-4.11.0-1.el8.x86_64
pacemaker-cli-2.1.4-1.2.1.4.git.el8.x86_64
pcs-0.10.14-1.el8.x86_64
corosynclib-3.1.7-1.el8.x86_64
corosync-3.1.7-1.el8.x86_64
pacemaker-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-libs-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-schemas-2.1.4-1.2.1.4.git.el8.noarch

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] HSTS Missing From HTTPS Server on pcs daemon

[S Sathish S via Users]

Hi Tomas/Team,

In our case PCS WEB UI us disabled while accessing PCS WEB UI URL we are 
getting 404 response, As you stated we are getting this vulnerability "HSTS 
Missing From HTTPS Server"  on Tenable scan.

While going through changelog we can see fixes are available in unreleased 
version can we know when we can expect formally release ? any tentative 
timeline please.

Set Content-Security-Policy: frame-ancestors 'self'; default-src 'self' HTTP 
header for HTTP 404 responses 
(rhbz#2160555)
Thanks and Regards,
S Sathish S

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] HSTS Missing From HTTPS Server on pcs daemon

[S Sathish S via Users]

Hi Team,

In our product we are using pcs-0.10.15 version while running tenable scan 
found below vulnerability reported on 2224 pcsd daemon. Moreover we have 
disable PCSD Web UI in our application still vulnerability reported in the 
system.

Plugin ID : 84502
Plugin Name : HSTS Missing From HTTPS Server

Please provide any mitigation plan for this.

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Could not initialize corosync configuration API error 2

[S Sathish S via Users]

Hi Team,

Please find the corosync version.

[root@node2 ~]# rpm -qa corosync
corosync-2.4.4-2.el7.x86_64.

Firewall in disable state only.

Please find the debug and trace logs

Mar 31 10:07:30 [17684] node2 corosync notice  [MAIN  ] Corosync Cluster Engine 
('UNKNOWN'): started and ready to provide service.
Mar 31 10:07:30 [17684] node2 corosync info[MAIN  ] Corosync built-in 
features: pie relro bindnow
Mar 31 10:07:30 [17684] node2 corosync warning [MAIN  ] Could not set SCHED_RR 
at priority 99: Operation not permitted (1)
Mar 31 10:07:30 [17684] node2 corosync debug   [QB] shm size:8388621; 
real_size:8392704; rb->word_size:2098176
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] Corosync TTY detached
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] waiting_trans_ack 
changed to 1
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] Token Timeout (5550 ms) 
retransmit timeout (1321 ms)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] token hold (1046 ms) 
retransmits before loss (4 retrans)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] join (50 ms) send_join 
(0 ms) consensus (6660 ms) merge (200 ms)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] downcheck (1000 ms) 
fail to recv const (2500 msgs)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] seqno unchanged const 
(30 rotations) Maximum network MTU 1401
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] window size per 
rotation (50 messages) maximum messages per rotation (17 messages)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] missed count const (5 
messages)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] send threads (0 threads)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] RRP token expired 
timeout (1321 ms)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] RRP token problem 
counter (2000 ms)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] RRP threshold (10 
problem count)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] RRP multicast threshold 
(100 problem count)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] RRP automatic recovery 
check timeout (1000 ms)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] RRP mode set to none.
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] 
heartbeat_failures_allowed (0)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] max_network_delay (50 
ms)
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] HeartBeat is Disabled. 
To enable set heartbeat_failures_allowed > 0
Mar 31 10:07:30 [17684] node2 corosync notice  [TOTEM ] Initializing transport 
(UDP/IP Unicast).
Mar 31 10:07:30 [17684] node2 corosync notice  [TOTEM ] Initializing 
transmit/receive security (NSS) crypto: none hash: none
Mar 31 10:07:30 [17684] node2 corosync trace   [QB] grown poll array to 2 
for FD 8
Mar 31 10:07:30 [17684] node2 corosync notice  [TOTEM ] The network interface 
[10.33.59.175] is now up.
Mar 31 10:07:30 [17684] node2 corosync debug   [TOTEM ] Created or loaded 
sequence id 540.10.33.59.175 for this ring.
Mar 31 10:07:30 [17684] node2 corosync notice  [SERV  ] Service engine loaded: 
corosync configuration map access [0]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] Initializing IPC on 
cmap [0]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] No configured 
qb.ipc_type. Using native ipc
Mar 31 10:07:30 [17684] node2 corosync info[QB] server name: cmap
Mar 31 10:07:30 [17684] node2 corosync trace   [QB] grown poll array to 3 
for FD 9
Mar 31 10:07:30 [17684] node2 corosync notice  [SERV  ] Service engine loaded: 
corosync configuration service [1]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] Initializing IPC on cfg 
[1]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] No configured 
qb.ipc_type. Using native ipc
Mar 31 10:07:30 [17684] node2 corosync info[QB] server name: cfg
Mar 31 10:07:30 [17684] node2 corosync trace   [QB] grown poll array to 4 
for FD 10
Mar 31 10:07:30 [17684] node2 corosync notice  [SERV  ] Service engine loaded: 
corosync cluster closed process group service v1.01 [2]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] Initializing IPC on cpg 
[2]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] No configured 
qb.ipc_type. Using native ipc
Mar 31 10:07:30 [17684] node2 corosync info[QB] server name: cpg
Mar 31 10:07:30 [17684] node2 corosync trace   [QB] grown poll array to 5 
for FD 11
Mar 31 10:07:30 [17684] node2 corosync notice  [SERV  ] Service engine loaded: 
corosync profile loading service [4]
Mar 31 10:07:30 [17684] node2 corosync debug   [MAIN  ] NOT Initializing IPC on 
pload [4]
Mar 31 10:07:30 [17684] node2 corosync notice  [QUORUM] Using quorum provider 
corosync_votequorum
Mar 31 10:07:30 [17684] node2 corosync trace   [VOTEQ ] ENTERING 
votequorum_init()
Mar 31 10:07:30 [17684] node2 corosync trace   [VOTEQ ] ENTERING 
votequorum_exec_init_fn()
Mar 31 1

[ClusterLabs] Could not initialize corosync configuration API error 2

[S Sathish S via Users]

Hi Team,

we are unable to start corosync service which is already part of existing 
cluster same is running fine for longer time. Now we are seeing corosync
server unable to join "Could not initialize corosync configuration API error 
2". Please find the below logs.

[root@node1 ~]# systemctl status corosync
● corosync.service - Corosync Cluster Engine
   Loaded: loaded (/usr/lib/systemd/system/corosync.service; enabled; vendor 
preset: disabled)
   Active: failed (Result: exit-code) since Thu 2023-03-30 10:49:58 WAT; 7min 
ago
 Docs: man:corosync
   man:corosync.conf
   man:corosync_overview
  Process: 9922 ExecStop=/usr/share/corosync/corosync stop (code=exited, 
status=0/SUCCESS)
  Process: 9937 ExecStart=/usr/share/corosync/corosync start (code=exited, 
status=1/FAILURE)



Mar 30 10:48:57 node1 systemd[1]: Starting Corosync Cluster Engine...
Mar 30 10:49:58 node1 corosync[9937]: Starting Corosync Cluster Engine 
(corosync): [FAILED]
Mar 30 10:49:58 node1 systemd[1]: corosync.service: control process exited, 
code=exited status=1
Mar 30 10:49:58 node1 systemd[1]: Failed to start Corosync Cluster Engine.
Mar 30 10:49:58 node1 systemd[1]: Unit corosync.service entered failed state.
Mar 30 10:49:58 node1 systemd[1]: corosync.service failed.

Please find the corosync logs error:

Mar 30 10:49:52 [9947] node1 corosync debug   [MAIN  ] Denied connection, 
corosync is not ready
Mar 30 10:49:52 [9947] node1 corosync warning [QB] Denied connection, is 
not ready (9948-10497-23)
Mar 30 10:49:52 [9947] node1 corosync debug   [MAIN  ] 
cs_ipcs_connection_destroyed()
Mar 30 10:49:52 [9947] node1 corosync debug   [MAIN  ] Denied connection, 
corosync is not ready
Mar 30 10:49:57 [9947] node1 corosync debug   [MAIN  ] 
cs_ipcs_connection_destroyed()
Mar 30 10:49:58 [9947] node1 corosync notice  [MAIN  ] Node was shut down by a 
signal
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Unloading all Corosync 
service engines.
Mar 30 10:49:58 [9947] node1 corosync info[QB] withdrawing server 
sockets
Mar 30 10:49:58 [9947] node1 corosync debug   [QB] qb_ipcs_unref() - 
destroying
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Service engine unloaded: 
corosync vote quorum service v1.0
Mar 30 10:49:58 [9947] node1 corosync info[QB] withdrawing server 
sockets
Mar 30 10:49:58 [9947] node1 corosync debug   [QB] qb_ipcs_unref() - 
destroying
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Service engine unloaded: 
corosync configuration map access
Mar 30 10:49:58 [9947] node1 corosync info[QB] withdrawing server 
sockets
Mar 30 10:49:58 [9947] node1 corosync debug   [QB] qb_ipcs_unref() - 
destroying
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Service engine unloaded: 
corosync configuration service
Mar 30 10:49:58 [9947] node1 corosync info[QB] withdrawing server 
sockets
Mar 30 10:49:58 [9947] node1 corosync debug   [QB] qb_ipcs_unref() - 
destroying
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Service engine unloaded: 
corosync cluster closed process group service v1.01
Mar 30 10:49:58 [9947] node1 corosync info[QB] withdrawing server 
sockets
Mar 30 10:49:58 [9947] node1 corosync debug   [QB] qb_ipcs_unref() - 
destroying
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Service engine unloaded: 
corosync cluster quorum service v0.1
Mar 30 10:49:58 [9947] node1 corosync notice  [SERV  ] Service engine unloaded: 
corosync profile loading service
Mar 30 10:49:58 [9947] node1 corosync debug   [TOTEM ] sending join/leave 
message
Mar 30 10:49:58 [9947] node1 corosync notice  [MAIN  ] Corosync Cluster Engine 
exiting normally


While try manually start corosync service also getting below error.


[root@node1 ~]# bash -x /usr/share/corosync/corosync start
+ desc='Corosync Cluster Engine'
+ prog=corosync
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin
+ '[' -f /etc/sysconfig/corosync ']'
+ . /etc/sysconfig/corosync
++ COROSYNC_INIT_TIMEOUT=60
++ COROSYNC_OPTIONS=
+ case '/etc/sysconfig' in
+ '[' -f /etc/init.d/functions ']'
+ . /etc/init.d/functions
++ TEXTDOMAIN=initscripts
++ umask 022
++ PATH=/sbin:/usr/sbin:/bin:/usr/bin
++ export PATH
++ '[' 28864 -ne 1 -a -z '' ']'
++ '[' -d /run/systemd/system ']'
++ case "$0" in
++ '[' -z '' ']'
++ COLUMNS=80
++ '[' -z '' ']'
++ '[' -c /dev/stderr -a -r /dev/stderr ']'
+++ /sbin/consoletype
++ CONSOLETYPE=pty
++ '[' -z '' ']'
++ '[' -z '' ']'
++ '[' -f /etc/sysconfig/i18n -o -f /etc/locale.conf ']'
++ . /etc/profile.d/lang.sh
++ unset LANGSH_SOURCED
++ '[' -z '' ']'
++ '[' -f /etc/sysconfig/init ']'
++ . /etc/sysconfig/init
+++ BOOTUP=color
+++ RES_COL=60
+++ MOVE_TO_COL='echo -en \033[60G'
+++ SETCOLOR_SUCCESS='echo -en \033[0;32m'
+++ SETCOLOR_FAILURE='echo -en \033[0;31m'
+++ SETCOLOR_WARNING='echo -en \033[0;33m'
+++ SETCOLOR_NORMAL='echo -en \033[0;39m'
++ '[' pty = serial ']'
++ 
__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.

Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default

[S Sathish S via Users]

Hi Jan,

In Corosync which all scenario it send cpg message and what is impact if we are 
not secure communication.


  1.  Any outsider attacker can manipulate the system using unencrypted 
communication.
  2.  Corosync used for heartbeat communication in that we don't have any 
sensitive data really need to secure ? if not then any other sensitive data 
transferred via corosync communication.

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] Migrated to corosync 3.x knet become default protocol

[S Sathish S via Users]

Hi Team,

In our application we are currently using UDPU as transport protocol with 
single ring, while migrated to corosync 3.x knet become default protocol.

We need to understand any maintenance overhead that any required 
certificate/key management would bring in for knet transport protocol (or) it 
will use existing authorization key /etc/corosync/authkey file for secure 
communication between nodes using knet transport protocol.



https://access.redhat.com/solutions/5963941

https://access.redhat.com/solutions/1182463


We shouldn't end up in a case where Pacemaker stops working due to some 
certificate/key expiry?

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default

[S Sathish S via Users]

Hi Jan/Team,

Yes , In syslog we noticed "crypto: none" during startup of corosync service.

In Corosync communication which protocols/ports transfer sensitive data which 
need to be secured ?

Or It will have only binary protocol like 5405 port for all corosync 
communication?

Thanks and Regards,
S Sathish S
-Original Message-
From: Jan Friesse  
Sent: 23 January 2023 14:50
To: Cluster Labs - All topics related to open-source clustering welcomed 

Cc: S Sathish S 
Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the 
communication by default

Hi,

On 23/01/2023 01:37, S Sathish S via Users wrote:
> Hi Team,
> 
> corosync 2.4.4 version provide mechanism to secure the communication path 
> between nodes of a cluster by default? bcoz in our configuration secauth is 
> turned off but still communication occur is encrypted.
> 
> Note : Capture tcpdump for port 5405 and I can see that the data is already 
> garbled and not in the clear.

It's binary protocol so don't expect some really readable format (like 
xml/json/...). But with your config it should be unencrypted. You can check 
message "notice  [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.

Regards,
   Honza


> 
> [root@node1 ~]# cat /etc/corosync/corosync.conf totem {
>  version: 2
>  cluster_name: OCC
> secauth: off
>  transport: udpu
> }
> 
> nodelist {
>  node {
>  ring0_addr: node1
>  nodeid: 1
>  }
> 
>  node {
>  ring0_addr: node2
>  nodeid: 2
>  }
> 
>  node {
>  ring0_addr: node3
>  nodeid: 3
>  }
> }
> 
> quorum {
>  provider: corosync_votequorum
> }
> 
> logging {
>  to_logfile: yes
>  logfile: /var/log/cluster/corosync.log
>  to_syslog: no
>  timestamp: on
> }
> 
> Thanks and Regards,
> S Sathish S
> 
> 
> ___
> Manage your subscription:
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 731-d41b18997a64a81a&q=1&e=d75dcac1-7d11-41aa-b596-47366bde2862&u=
> https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers
> 
> ClusterLabs home: 
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 731-b3537e65a3f1def4&q=1&e=d75dcac1-7d11-41aa-b596-47366bde2862&u=
> https%3A%2F%2Fwww.clusterlabs.org%2F
> 
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] corosync 2.4.4 version provide secure the communication by default

[S Sathish S via Users]

Hi Team,

corosync 2.4.4 version provide mechanism to secure the communication path 
between nodes of a cluster by default? bcoz in our configuration secauth is 
turned off but still communication occur is encrypted.

Note : Capture tcpdump for port 5405 and I can see that the data is already 
garbled and not in the clear.

[root@node1 ~]# cat /etc/corosync/corosync.conf
totem {
version: 2
cluster_name: OCC
   secauth: off
transport: udpu
}

nodelist {
node {
ring0_addr: node1
nodeid: 1
}

node {
ring0_addr: node2
nodeid: 2
}

node {
ring0_addr: node3
nodeid: 3
}
}

quorum {
provider: corosync_votequorum
}

logging {
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: no
timestamp: on
}

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] PCS WEB UI is not reachable via inside/outside of the server getting "404 Page Not Found" Error

[S Sathish S via Users]

Hi Tomas/Team,

As you stated we have disabled the web UI on pcs-0.10.14 version, while 
enabling PCS web UI it is working as expected.

In earlier pcs-0.9.x version even we disable the web UI  still page is 
assessable and it print "PCS Web UI is disabled", so we have raised this query 
now it is clarify from your end.

Thanks for the support.

Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] PCS WEB UI is not reachable via inside/outside of the server getting "404 Page Not Found" Error

[S Sathish S via Users]

Hi Team,
we have took pcs-0.10.14 version and then compiled build rpm successfully, All 
pcs remote command is working as expected able to form cluster and create 
required resource group for the same.
Issue : PCS WEB UI is not reachable via inside/outside of the server getting 
"404 Page Not Found" Error, please find input from our analysis.
# curl -k -vvv https://node1:2224/
* Rebuilt URL to: https://node1:2224/
*   Trying 10.x.x.x...
* TCP_NODELAY set
* Connected to node1 (10.x.x.x) port 2224 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=IN; ST=TN; L=CHENNAI; O=Organe; OU=OCC; CN=node1.
*  start date: Dec  2 06:22:52 2022 GMT
*  expire date: Nov 29 06:22:52 2032 GMT
*  issuer: C=IN; ST=TN; L=CHENNAI; O=Organe; OU=OCC; CN=node1.
*  SSL certificate verify result: self signed certificate (18), continuing 
anyway.
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET / HTTP/1.1
> Host: node1:2224
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 404 Not Found
< Server: TornadoServer/6.1
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 13 Dec 2022 00:43:56 GMT
< Content-Length: 69
<
* Connection #0 to host node1 left intact
404: Not Found404: Not Found


Kindly let me know if any additional information need to analysis on this.
One more observation in older pcs-0.9 version will have /usr/lib/pcsd/pcsd.conf 
and /etc/sysconfig/pcsd configuration file . In pcs-0.10 version onward
after build rpm we dont see /usr/lib/pcsd/pcsd.conf file , Only configure 
/etc/sysconfig/pcsd file should be sufficient on latest of pcs-0.10 version?
Thanks and Regards,
S Sathish
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] ClusterMon SNMP resource agent unable to start

[S Sathish S via Users]

Hi Reid Wahl/Team,

With user=root getting error "This account is currently not available" may be 
bcoz in our application we disable root user account in the system.

Error logs: 
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: Initiating start 
operation SNMP_tnode1_start_0 locally on node1
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: Requesting local 
execution of start operation for SNMP_node1 on node1
Nov 25 01:08:02 node1 su[1433598]: (to root) root on none
Nov 25 01:08:02 node1 systemd[1]: Started Session c325947 of user root.
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: Result of start 
operation for SNMP_node1 on node1: error
Nov 25 01:08:02 node1 systemd[1]: session-c325947.scope: Succeeded.
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: 
SNMP_node1_start_0@node1 output [ This account is currently not available.\n ]
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: Transition 714229 
aborted by operation SNMP_node1_start_0 'modify' on node1: Event failed
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: Transition 714229 
action 44 (SNMP_node1_start_0 on node1): expected 'ok' but got 'error'
Nov 25 01:08:02 node1 pacemaker-controld[1360516]: notice: Transition 714229 
(Complete=2, Pending=0, Fired=0, Skipped=0, Incomplete=1, 
Source=/var/lib/pacemaker/pengine/pe-input-2920.bz2): Complete
Nov 25 01:08:02 node1 pacemaker-attrd[1360514]: notice: Setting 
fail-count-SNMP_node1#start_0[node1]: 124 -> 125

As per your suggestion , we have omit the user attribute while create SNMP 
ClusterMon resource type and it able to start without error.

Thanks for the support.

Regards,
S Sathish S

-Original Message-
From: Reid Wahl  
Sent: 25 November 2022 01:56
To: S Sathish S 
Cc: Cluster Labs - All topics related to open-source clustering welcomed 

Subject: Re: [ClusterLabs] ClusterMon SNMP resource agent unable to start

On Thu, Nov 24, 2022 at 6:09 AM S Sathish S  wrote:
>
> Thanks Reid Wahl for below suggestion.
>
> As you said , We want to keep symmetric-cluster=false I have created location 
> constraints for the resources and enable it .
>
> Now resource is try to start but failed with below error message , we have 
> tried both root and hacluster users it doesn’t not work for us.
>
> While Config user are hacluster:
> Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Initiating 
> start operation SNMP_node1_start_0 locally on node1 Nov 24 09:02:34 
> node1pacemaker-controld[1360516]: notice: Requesting local execution 
> of start operation for SNMP_node1on node1 Nov 24 09:02:34 node1su[2094082]: 
> (to hacluster) root on none Nov 24 09:02:34 node1systemd[1]: Started Session 
> c24515 of user hacluster.
> Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Result of 
> start operation for SNMP_node1on node1: error Nov 24 09:02:34 
> node1pacemaker-controld[1360516]: notice: SNMP_node1_start_0@node1output [ 
> This account is currently not available.\n ] Nov 24 09:02:34 node1systemd[1]: 
> session-c24515.scope: Succeeded.
> Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Transition 
> 114937 aborted by operation SNMP_node1_start_0 'modify' on node1: Event 
> failed Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Transition 
> 114937 action 44 (SNMP_node1_start_0 on node1): expected 'ok' but got 'error'
> Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Transition 
> 114937 (Complete=2, Pending=0, Fired=0, Skipped=0, Incomplete=1, 
> Source=/var/lib/pacemaker/pengine/pe-input-3646.bz2): Complete Nov 24 
> 09:02:34 node1pacemaker-attrd[1360514]: notice: Setting 
> fail-count-SNMP_node1#start_0[node1]: 9 -> 10
>
> Regards,
> S Sathish S

The ocf:pacemaker:ClusterMon agent's start operation runs `su - 
$OCF_RESKEY_user -c "$CMON_CMD" if the user attribute is set. For the hacluster 
user, this will fail with the error that you showed above because the hacluster 
user's default shell is /sbin/nologin.

I'm not sure why it fails with user=root or what error it throws. But if you 
want to run it as root, you don't need to specify user=root.
You can just omit the user attribute.

If that still doesn't work, please share the logs when starting it as root, and 
perhaps someone can help further.


>
> -Original Message-
> From: Reid Wahl 
> Sent: 24 November 2022 16:30
> To: S Sathish S 
> Cc: Cluster Labs - All topics related to open-source clustering 
> welcomed 
> Subject: Re: [ClusterLabs] ClusterMon SNMP resource agent unable to 
> start
>
> On Thu, Nov 24, 2022 at 12:14 AM S Sathish S  wrote:
> >
> > Hi Reid Wahl/Team,
> >
> > In below command execution we can see crm_mon --help-all output, so we 
> > thought some syntax error while invoke Clustermon resource due that 
> > SNMP_node1 resource is not started.
> >
> > [root@node1 ~]# pcs resource enable SNMP_node1 --debug
> >
> > Our Query execute above command SNMP_node1 Clustermon resource is not went 
> > to started state.
> >
> > P

Re: [ClusterLabs] ClusterMon SNMP resource agent unable to start

[S Sathish S via Users]

Thanks Reid Wahl for below suggestion.

As you said , We want to keep symmetric-cluster=false I have created location 
constraints for the resources and enable it .

Now resource is try to start but failed with below error message , we have 
tried both root and hacluster users it doesn’t not work for us.

While Config user are hacluster:
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Initiating start 
operation SNMP_node1_start_0 locally on node1
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Requesting local 
execution of start operation for SNMP_node1on node1
Nov 24 09:02:34 node1su[2094082]: (to hacluster) root on none
Nov 24 09:02:34 node1systemd[1]: Started Session c24515 of user hacluster.
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Result of start 
operation for SNMP_node1on node1: error
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: 
SNMP_node1_start_0@node1output [ This account is currently not available.\n ]
Nov 24 09:02:34 node1systemd[1]: session-c24515.scope: Succeeded.
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Transition 114937 
aborted by operation SNMP_node1_start_0 'modify' on node1: Event failed
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Transition 114937 
action 44 (SNMP_node1_start_0 on node1): expected 'ok' but got 'error'
Nov 24 09:02:34 node1pacemaker-controld[1360516]: notice: Transition 114937 
(Complete=2, Pending=0, Fired=0, Skipped=0, Incomplete=1, 
Source=/var/lib/pacemaker/pengine/pe-input-3646.bz2): Complete
Nov 24 09:02:34 node1pacemaker-attrd[1360514]: notice: Setting 
fail-count-SNMP_node1#start_0[node1]: 9 -> 10

Regards,
S Sathish S

-Original Message-
From: Reid Wahl  
Sent: 24 November 2022 16:30
To: S Sathish S 
Cc: Cluster Labs - All topics related to open-source clustering welcomed 

Subject: Re: [ClusterLabs] ClusterMon SNMP resource agent unable to start

On Thu, Nov 24, 2022 at 12:14 AM S Sathish S  wrote:
>
> Hi Reid Wahl/Team,
>
> In below command execution we can see crm_mon --help-all output, so we 
> thought some syntax error while invoke Clustermon resource due that 
> SNMP_node1 resource is not started.
>
> [root@node1 ~]# pcs resource enable SNMP_node1 --debug
>
> Our Query execute above command SNMP_node1 Clustermon resource is not went to 
> started state.
>
> Please let me know if any further input required from my end.

Thanks, Sathish.

pcs is running the `crm_mon --help-all` to find out features are supported in 
the installed version of Pacemaker. That's expected :)

The `pcs resource enable` command doesn't tell a resource to start. It just 
un-disables the resource if you've previously disabled it. (More precisely, it 
unsets the target-role meta attribute, which defaults to
Started.)
In this case, Pacemaker is not even trying to start the resource. This is 
because you've configured symmetric-cluster="false". That makes this an 
"opt-in" cluster instead of an "opt-out" cluster (the default behavior). You 
can find further explanation here:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444731-3d6a989d5c120b4c&q=1&e=979d6b69-25c8-4cab-a2a0-b35edd07af81&u=https%3A%2F%2Fclusterlabs.org%2Fpacemaker%2Fdoc%2F2.1%2FPacemaker_Explained%2Fsinglehtml%2F%23asymmetrical-opt-in-clusters

The simplest solution is to set the symmetric-cluster property to true.

# pcs property set symmetric-cluster=true

If you want to keep symmetric-cluster=false, then you'll need to create 
location constraints for the resources that you want to enable.

As a side note, I see that there are some dangerous cluster property settings 
in this cluster as well, which can lead to corruption and/or undefined behavior.

 enable-startup-probes: false
 no-quorum-policy: ignore
 startup-fencing: false
 stonith-enabled: false

Unless you have good reasons for these, I strongly recommend setting:

# pcs property set enable-startup-probes=true
# pcs property set no-quorum-policy=stop
# pcs property set startup-fencing=true
# pcs property set stonith-enabled=true

>
> Thanks and Regards,
> S Sathish S
> -Original Message-
> From: Reid Wahl 
> Sent: 24 November 2022 13:36
> To: Cluster Labs - All topics related to open-source clustering 
> welcomed 
> Cc: S Sathish S 
> Subject: Re: [ClusterLabs] ClusterMon SNMP resource agent unable to 
> start
>
> On Thu, Nov 24, 2022 at 12:04 AM Reid Wahl  wrote:
> >
> > On Wed, Nov 23, 2022 at 10:55 PM S Sathish S via Users 
> >  wrote:
> > >
> > > Hi Team,
> > >
> > >
> > >
> > > we have created ClusterMon resource agent in Clusterlab High Availability 
> > > , Able to create SNMP resource but unable to start resource further 
> > > analysis in deb

Re: [ClusterLabs] ClusterMon SNMP resource agent unable to start

[S Sathish S via Users]

Hi Reid Wahl/Team,

In below command execution we can see crm_mon --help-all output, so we thought 
some syntax error while invoke Clustermon resource due that SNMP_node1 resource 
is not started.

[root@node1 ~]# pcs resource enable SNMP_node1 --debug

Our Query execute above command SNMP_node1 Clustermon resource is not went to 
started state.

Please let me know if any further input required from my end.

Thanks and Regards,
S Sathish S
-Original Message-
From: Reid Wahl  
Sent: 24 November 2022 13:36
To: Cluster Labs - All topics related to open-source clustering welcomed 

Cc: S Sathish S 
Subject: Re: [ClusterLabs] ClusterMon SNMP resource agent unable to start

On Thu, Nov 24, 2022 at 12:04 AM Reid Wahl  wrote:
>
> On Wed, Nov 23, 2022 at 10:55 PM S Sathish S via Users 
>  wrote:
> >
> > Hi Team,
> >
> >
> >
> > we have created ClusterMon resource agent in Clusterlab High Availability , 
> > Able to create SNMP resource but unable to start resource further analysis 
> > in debug mode it say crm_mon syntax/usage error, Please help us to solve 
> > this issue.

I don't see a usage error. pcs ran `crm_mon --help-all`, and it printed the 
`crm_mon --help-all` output. Is there an error somewhere?

> >
> >
> >
> > Please find the Clusterlab RPM version used:
> >
> > pacemaker-cluster-libs-2.1.4-1.2.1.4.git.el8.x86_64
> >
> > resource-agents-4.11.0-1.el8.x86_64
> >
> > pacemaker-cli-2.1.4-1.2.1.4.git.el8.x86_64
> >
> > pcs-0.10.14-1.el8.x86_64
> >
> > corosynclib-3.1.7-1.el8.x86_64
> >
> > corosync-3.1.7-1.el8.x86_64
> >
> > pacemaker-2.1.4-1.2.1.4.git.el8.x86_64
> >
> > pacemaker-libs-2.1.4-1.2.1.4.git.el8.x86_64
> >
> > pacemaker-schemas-2.1.4-1.2.1.4.git.el8.noarch
> >
> >
> >
> > Command used to create resource:
> >
> > pcs resource create SNMP_node1 ClusterMon user='root' extra_options="-E 
> > /opt/occ/test/tools/PCSESA.sh"
> >
> > crm_resource --resource SNMP_node1 --set-parameter priority --meta 
> > --parameter-value 10
> >
> > crm_resource --resource SNMP_node1 --set-parameter failure-timeout 
> > --meta --parameter-value 120s
> >
> >
> >
> >
> >
> > [root@node1 ~]# pcs resource config SNMP_node1
> >
> > Resource: SNMP_node1 (class=ocf provider=pacemaker type=ClusterMon)
> >
> >   Attributes: SNMP_node1-instance_attributes
> >
> > extra_options="-E /opt/occ/test/tools/PCSESA.sh"
> >
> > user=root
> >
> >   Meta Attributes: SNMP_node1-meta_attributes
> >
> > failure-timeout=120s
> >
> > priority=10
> >
> >   Operations:
> >
> > monitor: SNMP_node1-monitor-interval-10s
> >
> >   interval=10s
> >
> >   timeout=20s
> >
> > start: SNMP_node1-start-interval-0s
> >
> >   interval=0s
> >
> >   timeout=20s
> >
> > stop: SNMP_node1-stop-interval-0s
> >
> >   interval=0s
> >
> >   timeout=20s
> >
> > [root@node1 ~]#
> >
> >
> >
> > Debug Logs:
> >
> > [root@node1 ~]# pcs resource enable SNMP_node1 --debug
> >
> > Running: /usr/sbin/cibadmin --local --query
> >
> > Environment:
> >
> >   LC_ALL=C
> >
> >
> >
> > Finished running: /usr/sbin/cibadmin --local --query
> >
> > Return value: 0
> >
> > --Debug Stdout Start--
> >
> >  > epoch="171" num_updates="1" admin_epoch="0" cib-last-written="Thu 
> > Nov 24 01:10:33 2022" update-origin="node1" update-client="cibadmin" 
> > update-user="root" have-quorum="1" dc-uuid="1">
> >
> >   
> >
> > 
> >
> >   
> >
> >  > name="have-watchdog" value="false"/>
> >
> >  > name="dc-version" value="2.1.4-1.2.1.4.git.el8-dc6eb4362e6"/>
> >
> >  > name="cluster-infrastructure" value="corosync"/>
> >
> >  > name="cluster-name" value="OCC"/>
> >
> >  > name="stonith-enabled" value="false"/>
> >
> >  > name="no-quorum-policy" value="ignore"/>
> >
> >  > name="startup-fencing" valu

[ClusterLabs] ClusterMon SNMP resource agent unable to start

[S Sathish S via Users]

Hi Team,

we have created ClusterMon resource agent in Clusterlab High Availability , 
Able to create SNMP resource but unable to start resource further analysis in 
debug mode it say crm_mon syntax/usage error, Please help us to solve this 
issue.

Please find the Clusterlab RPM version used:
pacemaker-cluster-libs-2.1.4-1.2.1.4.git.el8.x86_64
resource-agents-4.11.0-1.el8.x86_64
pacemaker-cli-2.1.4-1.2.1.4.git.el8.x86_64
pcs-0.10.14-1.el8.x86_64
corosynclib-3.1.7-1.el8.x86_64
corosync-3.1.7-1.el8.x86_64
pacemaker-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-libs-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-schemas-2.1.4-1.2.1.4.git.el8.noarch

Command used to create resource:
pcs resource create SNMP_node1 ClusterMon user='root' extra_options="-E 
/opt/occ/test/tools/PCSESA.sh"
crm_resource --resource SNMP_node1 --set-parameter priority --meta 
--parameter-value 10
crm_resource --resource SNMP_node1 --set-parameter failure-timeout --meta 
--parameter-value 120s


[root@node1 ~]# pcs resource config SNMP_node1
Resource: SNMP_node1 (class=ocf provider=pacemaker type=ClusterMon)
  Attributes: SNMP_node1-instance_attributes
extra_options="-E /opt/occ/test/tools/PCSESA.sh"
user=root
  Meta Attributes: SNMP_node1-meta_attributes
failure-timeout=120s
priority=10
  Operations:
monitor: SNMP_node1-monitor-interval-10s
  interval=10s
  timeout=20s
start: SNMP_node1-start-interval-0s
  interval=0s
  timeout=20s
stop: SNMP_node1-stop-interval-0s
  interval=0s
  timeout=20s
[root@node1 ~]#

Debug Logs:
[root@node1 ~]# pcs resource enable SNMP_node1 --debug
Running: /usr/sbin/cibadmin --local --query
Environment:
  LC_ALL=C

Finished running: /usr/sbin/cibadmin --local --query
Return value: 0
--Debug Stdout Start--

  

  












  


  


  

  
  


  
  
  


  
  

  


  
  

  

  
  

  

  


--Debug Stdout End--
--Debug Stderr Start--

--Debug Stderr End--

Running: /usr/sbin/crm_mon --help-all
Environment:
  LC_ALL=C

Finished running: /usr/sbin/crm_mon --help-all
Return value: 0
--Debug Stdout Start--
Usage:
  crm_mon [OPTION?]

Provides a summary of cluster's current state.

Outputs varying levels of detail in a number of different formats.

Help Options:
  -?, --helpShow help options
  --help-allShow all help options
  --help-output Show output help
  --help-displayShow display options
  --help-additional Show additional options
  --help-deprecated Show deprecated options

Output Options:
  --output-as=FORMATSpecify output format as one of: console 
(default), html, text, xml
  --output-to=DEST  Specify file name for output (or "-" for 
stdout)
  --html-cgiAdd CGI headers (requires --output-as=html)
  --html-stylesheet=URI Link to an external stylesheet (requires 
--output-as=html)
  --html-title=TITLESpecify a page title (requires 
--output-as=html)
  --text-fancy  Use more highly formatted output (requires 
--output-as=text)

Display Options:
  -I, --include=SECTION(s)  A list of sections to include in the output.
See `Output Control` help for more 
information.
  -U, --exclude=SECTION(s)  A list of sections to exclude from the 
output.
See `Output Control` help for more 
information.
  --node=NODE   When displaying information about nodes, 
show only what's related to the given
node, or to all nodes tagged with the given 
tag
  --resource=RSCWhen displaying information about 
resources, show only what's related to the given
resource, or to all resources tagged with 
the given tag
  -n, --group-by-node   Group resources by node
  -r, --inactiveDisplay inactive resources
  -f, --failcounts  Display resource fail counts
  -o, --operations  Display resource operation history
  -t, --timing-details  Display resource operation history with 
timing details
  -c, --tickets Display cluster tickets
  -m, --fence-history=LEVEL Show fence history:
0=off, 1=failures and pending (default 
without option),
2=add successes (default without value for 
option),
3=show full history without reduction to 
most recent of each flavor
  -L, --neg-locations   Displa

Re: [ClusterLabs] Unable to build rpm using make rpm command for pacemaker-2.1.4.

[S Sathish S via Users]

Hi Ken/Klaus/Team,

I have verified https://github.com/ClusterLabs/pacemaker/pull/2949  for build 
rpm is work as expected.

Thanks for quick support.

Regards,
S Sathish S
-Original Message-
From: Ken Gaillot  
Sent: 22 November 2022 22:52
To: S Sathish S ; Cluster Labs - All topics related 
to open-source clustering welcomed 
Subject: Re: [ClusterLabs] Unable to build rpm using make rpm command for 
pacemaker-2.1.4.

2.1.5-rc3 is available and worked in my development environment. Let me know if 
you have any problems.

After your comment here, I tested as far back as 1.1.12 (released in
2014) and couldn't build RPMs from a source distribution, so I'm not sure how 
long it's been broken. I know it was supposed to work, so it probably did at 
some point.

On Tue, 2022-11-22 at 12:16 +, S Sathish S wrote:
> Hi Ken/Team,
> 
> We have tried on pacemaker 2.1.1 also faced same issue , later we have 
> perform below steps as workaround to build pacemaker rpm as you said 
> it run from a git checkout and build rpm.
> 
> #./autogen.sh
> #./configure/
> #make
> #make dist
> #rpmbuild -v -bb 
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 731-eaff28d0e7dc6695&q=1&e=2ae0ba53-50e0-48cf-aca5-28ec12f969f6&u=
> http%3A%2F%2Fspec.in%2F
> 
> RPM output in below format:
> pacemaker-cluster-libs-2.1.4-1.2.1.4.git.el8.x86_64
> pacemaker-schemas-2.1.4-1.2.1.4.git.el8.noarch
> pacemaker-2.1.4-1.2.1.4.git.el8.x86_64
> pacemaker-libs-2.1.4-1.2.1.4.git.el8.x86_64
> pacemaker-cli-2.1.4-1.2.1.4.git.el8.x86_64
> 
> Please let us know once it is fixed on 2.1.5-rc3 ,we need to build rpm 
> without git checkout method.
> 
> Thanks and Regards,
> S Sathish S
> -Original Message-
> From: Ken Gaillot 
> Sent: 21 November 2022 21:52
> To: Cluster Labs - All topics related to open-source clustering 
> welcomed 
> Cc: S Sathish S 
> Subject: Re: [ClusterLabs] Unable to build rpm using make rpm command 
> for pacemaker-2.1.4.
> 
> Hi,
> 
> Currently the RPM targets can only be run from a git checkout, not a 
> distribution tarball. It looks like that's a regression introduced in
> 2.1.2 so I'll try to fix it for 2.1.5-rc3 (expected this week).
> 
> On Mon, 2022-11-21 at 13:04 +, S Sathish S via Users wrote:
> > Hi Team,
> >  
> > I am getting the below error when executing make rpm command to 
> > build
> > pacemaker-2.1.4 package on linux 8 server.
> >  
> > [root@node1 pacemaker-Pacemaker-2.1.4]# make rpm make  -C rpm  "rpm"
> > make[1]: Entering directory '/root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm'
> > cd /root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm/..;   \
> > if [ -n "" ]; then  \
> > git commit -m "DO-NOT-PUSH"
> > -a; \
> > git archive --prefix=pacemaker-DIST/ -o
> > "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-
> > DIST.tar.gz" HEAD^{tree};  \
> > git reset --mixed
> > HEAD^;\
> > echo "`date`: Rebuilt /root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm/../pacemaker-
> > DIST.tar.gz"; \
> > elif [ -f "/root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm/../pacemaker-DIST.tar.gz" ];
> > then \
> > echo "`date`: Using existing tarball:
> > /root/smf_source/pacemaker-
> > Pacemaker-2.1.4/rpm/../pacemaker-
> > DIST.tar.gz"; \
> > else   
> >   
> >\
> > git archive --prefix=pacemaker-DIST/ -o
> > "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-
> > DIST.tar.gz" DIST^{tree};  \
> > echo "`date`: Rebuilt /root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm/../pacemaker-
> > DIST.tar.gz"; \
> > fi
> > fatal: not a git repository (or any of the parent directories):
> > .git
> > Mon Nov 21 07:42:25 EST 2022: Rebuilt /root/smf_source/pacemaker- 
> > Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz
> > rm -f "/root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm/SRPMS"/*.src.rpm
> > rm -f "/root/smf_source/pacemaker-Pacemaker-
> > 2.1.4/rpm/SPECS/pacemaker.spec"
> > fatal: not a git repository (or any of the parent directories):
> > .git
> > fatal: not a git repository (

Re: [ClusterLabs] Unable to build rpm using make rpm command for pacemaker-2.1.4.

[S Sathish S via Users]

Hi Ken/Team,

We have tried on pacemaker 2.1.1 also faced same issue , later we have perform 
below steps as workaround to build pacemaker rpm as you said it run from a git 
checkout and build rpm.

#./autogen.sh
#./configure/
#make
#make dist
#rpmbuild -v -bb spec.in

RPM output in below format:
pacemaker-cluster-libs-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-schemas-2.1.4-1.2.1.4.git.el8.noarch
pacemaker-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-libs-2.1.4-1.2.1.4.git.el8.x86_64
pacemaker-cli-2.1.4-1.2.1.4.git.el8.x86_64

Please let us know once it is fixed on 2.1.5-rc3 ,we need to build rpm without 
git checkout method.

Thanks and Regards,
S Sathish S
-Original Message-
From: Ken Gaillot  
Sent: 21 November 2022 21:52
To: Cluster Labs - All topics related to open-source clustering welcomed 

Cc: S Sathish S 
Subject: Re: [ClusterLabs] Unable to build rpm using make rpm command for 
pacemaker-2.1.4.

Hi,

Currently the RPM targets can only be run from a git checkout, not a 
distribution tarball. It looks like that's a regression introduced in
2.1.2 so I'll try to fix it for 2.1.5-rc3 (expected this week).

On Mon, 2022-11-21 at 13:04 +, S Sathish S via Users wrote:
> Hi Team,
>  
> I am getting the below error when executing make rpm command to build
> pacemaker-2.1.4 package on linux 8 server.
>  
> [root@node1 pacemaker-Pacemaker-2.1.4]# make rpm make  -C rpm  "rpm"
> make[1]: Entering directory '/root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm'
> cd /root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/..;   \
> if [ -n "" ]; then  \
> git commit -m "DO-NOT-PUSH"
> -a; \
> git archive --prefix=pacemaker-DIST/ -o
> "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-
> DIST.tar.gz" HEAD^{tree};  \
> git reset --mixed
> HEAD^;\
> echo "`date`: Rebuilt /root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/../pacemaker-
> DIST.tar.gz"; \
> elif [ -f "/root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/../pacemaker-DIST.tar.gz" ];
> then \
> echo "`date`: Using existing tarball: /root/smf_source/pacemaker-
> Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz"; \
> else 
>\
> git archive --prefix=pacemaker-DIST/ -o
> "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-
> DIST.tar.gz" DIST^{tree};  \
> echo "`date`: Rebuilt /root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/../pacemaker-
> DIST.tar.gz"; \
> fi
> fatal: not a git repository (or any of the parent directories): .git 
> Mon Nov 21 07:42:25 EST 2022: Rebuilt /root/smf_source/pacemaker- 
> Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz
> rm -f "/root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/SRPMS"/*.src.rpm
> rm -f "/root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/SPECS/pacemaker.spec"
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git
> fatal: not a git repository (or any of the parent directories): .git 
> /usr/bin/mkdir -p "/root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/SPECS"
> if [ x"`git ls-files -m 
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444731-da62d98365929a68&q=1&e=8617afbf-d9b3-4f10-880c-745c5d63df19&u=http%3A%2F%2Fpacemaker.spec.in%2F
>  2>/dev/null`" != x ];
> then\
> cat "/root/smf_source/pacemaker-Pacemaker-
> 2.1.4/rpm/pacemaker.spec.in"; \
> elif git cat-file -e DIST:rpm/pacemaker.spec.in 2>/dev/null;
> then   \
> git show
> DIST:rpm/pacemaker.spec.in;\
> elif git cat-file -e DIST:pacemaker.spec.in 2>/dev/null;
> then   \
> git show
> DIST:pacemaker.spec.in;\
> else
>\
> cat "/root/smf_source/pacemaker-Pacemaker-
&g

[ClusterLabs] Unable to build rpm using make rpm command for pacemaker-2.1.4.

[S Sathish S via Users]

Hi Team,

I am getting the below error when executing make rpm command to build 
pacemaker-2.1.4 package on linux 8 server.

[root@node1 pacemaker-Pacemaker-2.1.4]# make rpm
make  -C rpm  "rpm"
make[1]: Entering directory '/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm'
cd /root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/..;   
\
if [ -n "" ]; then  \
git commit -m "DO-NOT-PUSH" -a; \
git archive --prefix=pacemaker-DIST/ -o 
"/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz" 
HEAD^{tree};  \
git reset --mixed HEAD^;\
echo "`date`: Rebuilt 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz";   
  \
elif [ -f 
"/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz" ]; 
then \
echo "`date`: Using existing tarball: 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz";   
  \
else\
git archive --prefix=pacemaker-DIST/ -o 
"/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz" 
DIST^{tree};  \
echo "`date`: Rebuilt 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz";   
  \
fi
fatal: not a git repository (or any of the parent directories): .git
Mon Nov 21 07:42:25 EST 2022: Rebuilt 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/../pacemaker-DIST.tar.gz
rm -f "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SRPMS"/*.src.rpm
rm -f "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SPECS/pacemaker.spec"
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
/usr/bin/mkdir -p "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SPECS"
if [ x"`git ls-files -m pacemaker.spec.in 2>/dev/null`" != x ]; then\
cat "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/pacemaker.spec.in"; 
\
elif git cat-file -e DIST:rpm/pacemaker.spec.in 2>/dev/null; then   
\
git show DIST:rpm/pacemaker.spec.in;
\
elif git cat-file -e DIST:pacemaker.spec.in 2>/dev/null; then   
\
git show DIST:pacemaker.spec.in;
\
else
\
cat "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/pacemaker.spec.in"; 
\
fi | sed
\
-e 's/^\(%global pcmkversion \).*/\12.1.4/' \
-e 's/^\(%global specversion \).*/\11/' \
-e 's/^\(%global commit \).*/\1DIST/'   \
-e 's/^\(%global commit_abbrev \).*/\14/'   \
-e "s/PACKAGE_DATE/$(date +'%a %b %d %Y')/" \
-e 's/PACKAGE_VERSION/2.1.4-1/' \
> "/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SPECS/pacemaker.spec"
if [ -e "../build.counter" ]; then  \
   echo 1 > "../build.counter";\
fi
rpmbuild -bs --define "_sourcedir 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/.." --define "_topdir 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm" --without doc 
"/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SPECS/pacemaker.spec"
error: File /root/smf_source/pacemaker-Pacemaker-2.1.4/pacemaker-DIST.tar.gz is 
smaller than 13 bytes
Wrote: 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SRPMS/pacemaker-2.1.4-1.DIST.git.el8.src.rpm
To create custom builds, edit the flags and options in pacemaker.spec first
rpmbuild --define "_sourcedir 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/.." --define "_topdir 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm" --without doc --rebuild 
"/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SRPMS"/*.src.rpm
Installing 
/root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/SRPMS/pacemaker-2.1.4-1.DIST.git.el8.src.rpm
error: File /root/smf_source/pacemaker-Pacemaker-2.1.4/pacemaker-DIST.tar.gz is 
smaller than 13 bytes
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.fb1j8n
+ umask 022
+ cd /root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/BUILD
+ cd /root/smf_source/pacemaker-Pacemaker-2.1.4/rpm/BUILD
+ rm -rf pacemaker

[ClusterLabs] pcs cluster auth with a key instead of password #179

[S Sathish S via Users]

Hi Team,

We are using hacluster to perform pcs cluster auth & for that user we doesn't 
set password expiry to avoid any impact PCS functionality.

But as per security best practice its not recommended to set password never 
expire for any OS user account , so we are planning to change pcs cluster auth 
with a key instead of password and then see know limitation in Clusterlab. Can 
we know when we can expect the fix for the below open issue.

pcs cluster auth with a key instead of password * Issue #179 * ClusterLabs/pcs 
* GitHub

[root@node01 ]# rpm -qa | grep -Ei 'pcs|pacemaker|corosync'
pacemaker-2.0.2-2.el7.x86_64
corosync-2.4.4-2.el7.x86_64
pcs-0.9.169-1.el7.x86_64
[root@node01 ]#

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs update resource command not working

[S Sathish S via Users]

Hi Ken/Team,

ClusterMon for SNMP has been deprecated but still we are able to use CLusterMon 
resource with below stated PCS version.

Kindly let us know when Clustermon functionality when will be removed from 
which PCS version , so we will Plan for migrating from CLustermon resource to 
Alert Agent function.

[root@node01 testadmin]# rpm -qa | grep -Ei 'pcs|pacemaker|corosync'
pacemaker-2.0.2-2.el7.x86_64
corosync-2.4.4-2.el7.x86_64
pcs-0.9.169-1.el7.x86_64
[root@node01 testadmin]#

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] pcs add node command is success but node is not configured to existing cluster

[S Sathish S via Users]

Hi Team,

We have validated firewall on both working node and problematic node all 
configuration are similar only.

corosync level if all nodes reach each other --> we have checked corosync 
configured ip are reachable from all node , but not sure how to validate 
corosync level all node reach each other any command to check this.

Workaround : we have removed node03 from cluster and try to add this node again 
to cluster it rejoin without issue, now we need to understand why this issue is 
inconsistent with available pacemaker and corosync log we don't understand 
exact RCA.

Please let us know any debug log need to enable to understand more on this 
problem statement.

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] pcs add node command is success but node is not configured to existing cluster

[S Sathish S via Users]

Hi Team,

we are trying to add node03 to existing cluster after adding we could see only 
2 nodes are configured and validated corosync log also "Waiting for all cluster 
members. Current votes: 2 expected_votes: 3" but in node3 pcs cluster status 
output it show 3 nodes are configured and no resource are listing but in node02 
we have 40 resource configured which is not reflecting on node03.

This issue occur only on few problematic hardware not on all hardware , we 
don't know why this is joining into cluster.

[root@node02 ~]# pcs cluster status
Cluster Status:
Stack: corosync
Current DC: node01 (version 2.0.2-744a30d655) - partition WITHOUT quorum
Last updated: Wed Jul 28 14:58:13 2021
Last change: Wed Jul 28 14:41:41 2021 by root via cibadmin on node01
2 nodes configured
40 resources configured

PCSD Status:
  node02: Online
  node01: Online
  node03: Online
[root@node02 ~]#

Corosync log on node added execution :
Jul 28 11:15:05 [17598] node01 corosync notice  [TOTEM ] A new membership 
(10.216.x.x:42660) was formed. Members
Jul 28 11:15:05 [17598] node01 corosync notice  [QUORUM] Members[2]: 1 2
Jul 28 11:15:05 [17598] node01 corosync notice  [MAIN  ] Completed service 
synchronization, ready to provide service.
Jul 28 11:15:05 [17598] node01 corosync notice  [CFG   ] Config reload 
requested by node 1
Jul 28 11:15:05 [17598] node01 corosync notice  [TOTEM ] adding new UDPU member 
{10.216.x.x}
Jul 28 11:15:07 [17599] node01 corosync notice  [VOTEQ ] Waiting for all 
cluster members. Current votes: 2 expected_votes: 3
Jul 28 11:15:07 [17599] node01 corosync notice  [VOTEQ ] Waiting for all 
cluster members. Current votes: 2 expected_votes: 3
Jul 28 11:15:07 [17599] node01 corosync notice  [TOTEM ] A new membership 
(10.216.x.x:42664) was formed. Members
Jul 28 11:15:07 [17599] node01 corosync notice  [VOTEQ ] Waiting for all 
cluster members. Current votes: 2 expected_votes: 3
Jul 28 11:15:07 [17599] node01 corosync notice  [VOTEQ ] Waiting for all 
cluster members. Current votes: 2 expected_votes: 3
Jul 28 11:15:07 [17599] node01 corosync notice  [QUORUM] This node is within 
the non-primary component and will NOT provide any services.
Jul 28 11:15:07 [17599] node01 corosync notice  [QUORUM] Members[2]: 1 2
Jul 28 11:15:07 [17599] node01 corosync notice  [MAIN  ] Completed service 
synchronization, ready to provide service.
Jul 28 11:15:07 [17599] node01 corosync notice  [VOTEQ ] Waiting for all 
cluster members. Current votes: 2 expected_votes: 3
Jul 28 11:15:07 [17599] node01 corosync notice  [VOTEQ ] Waiting for all 
cluster members. Current votes: 2 expected_votes: 3
Jul 28 11:15:11 [17599] node01 corosync notice  [TOTEM ] A new membership 
(10.216.x.x:42668) was formed. Members


[root@node03 ~]# pcs cluster status
Cluster Status:
Stack: corosync
Current DC: node03 (version 2.0.2-744a30d655) - partition WITHOUT quorum
Last updated: Wed Jul 28 15:04:31 2021
Last change: Wed Jul 28 15:04:00 2021 by root via cibadmin on node03
3 nodes configured
0 resources configured

PCSD Status:
  node03: Online
  node01: Online
  node02: Online
[root@node03 ~]#

Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/