pcs cluster auth fails with ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A

Solution In Progress - Updated -

Issue

pcs cluster auth fails with ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A

On the node where pcs cluster auth is run, the command times out on all nodes but the local node. And the local pcsd.log shows:

[root@controller-0 hieradata]# tail -f /var/log/pcsd/pcsd.log -n 0 &
[1] 63294
[root@controller-0 hieradata]# /sbin/pcs cluster auth controller-0 controller-1  -u hacluster -p <token> --force
I, [2020-03-24T16:29:50.424034 #32580]  INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name
I, [2020-03-24T16:29:50.424108 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:29:50.428180 #32580]  INFO -- : Return Value: 1
W, [2020-03-24T16:29:50.428252 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file
W, [2020-03-24T16:29:50.428303 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf
I, [2020-03-24T16:29:50.428657 #32580]  INFO -- : Attempting login by 'hacluster'
I, [2020-03-24T16:29:50.452169 #32580]  INFO -- : Running: id -Gn hacluster
I, [2020-03-24T16:29:50.452241 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:29:50.455679 #32580]  INFO -- : Return Value: 0
I, [2020-03-24T16:29:50.455741 #32580]  INFO -- : Successful login by 'hacluster'
::ffff:10.148.42.143 - - [24/Mar/2020:16:29:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0327
::ffff:10.148.42.143 - - [24/Mar/2020:16:29:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0329
controller-0.localdomain - - [24/Mar/2020:16:29:50 GMT] "POST /remote/auth HTTP/1.1" 200 36
- -> /remote/auth
I, [2020-03-24T16:30:50.577947 #32580]  INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name
I, [2020-03-24T16:30:50.578017 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.582227 #32580]  INFO -- : Return Value: 1
W, [2020-03-24T16:30:50.582313 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file
W, [2020-03-24T16:30:50.582360 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf
I, [2020-03-24T16:30:50.582749 #32580]  INFO -- : Attempting login by 'hacluster'
I, [2020-03-24T16:30:50.608840 #32580]  INFO -- : Running: id -Gn hacluster
I, [2020-03-24T16:30:50.608905 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.612417 #32580]  INFO -- : Return Value: 0
I, [2020-03-24T16:30:50.612485 #32580]  INFO -- : Successful login by 'hacluster'
I, [2020-03-24T16:30:50.622922 #32580]  INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name
I, [2020-03-24T16:30:50.622977 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.626385 #32580]  INFO -- : Return Value: 1
W, [2020-03-24T16:30:50.626457 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file
W, [2020-03-24T16:30:50.626496 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf
I, [2020-03-24T16:30:50.626813 #32580]  INFO -- : Attempting login by 'hacluster'
I, [2020-03-24T16:30:50.652127 #32580]  INFO -- : Running: id -Gn hacluster
I, [2020-03-24T16:30:50.652192 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.655801 #32580]  INFO -- : Return Value: 0
I, [2020-03-24T16:30:50.655864 #32580]  INFO -- : Successful login by 'hacluster'
::ffff:10.148.42.143 - - [24/Mar/2020:16:30:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0339
::ffff:10.148.42.143 - - [24/Mar/2020:16:30:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0340
controller-0.localdomain - - [24/Mar/2020:16:30:50 GMT] "POST /remote/auth HTTP/1.1" 200 36
- -> /remote/auth
I, [2020-03-24T16:31:20.615769 #32580]  INFO -- : No response from: controller-1 request: auth, error: operation_timedout
I, [2020-03-24T16:31:20.616097 #32580]  INFO -- : Running: /usr/sbin/pcs status nodes corosync
I, [2020-03-24T16:31:20.616154 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:31:20.852379 #32580]  INFO -- : Return Value: 1
I, [2020-03-24T16:31:20.852774 #32580]  INFO -- : Saved config 'tokens' version 21 <token> to '/var/lib/pcsd/tokens'
::ffff:10.148.42.143 - - [24/Mar/2020:16:31:20 +0000] "POST /remote/auth HTTP/1.1" 200 36 30.2757
::ffff:10.148.42.143 - - [24/Mar/2020:16:31:20 +0000] "POST /remote/auth HTTP/1.1" 200 36 30.2758
controller-0.localdomain - - [24/Mar/2020:16:30:50 GMT] "POST /remote/auth HTTP/1.1" 200 36
- -> /remote/auth
Error: Operation timed out
controller-0: Authorized
Error: Unable to communicate with controller-1
[root@controller-0 hieradata]#

On the destination node, /var/log/pcs/pcsd.log shows:

[2020-03-24 14:55:10] ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
[2020-03-24 14:56:09] ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
[2020-03-24 14:56:10] ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'

Environment

pacemaker

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content