pcs cluster auth fails with ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A

Solution In Progress - Updated -

Issue

pcs cluster auth fails with ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A

On the node where pcs cluster auth is run, the command times out on all nodes but the local node. And the local pcsd.log shows:

[root@controller-0 hieradata]# tail -f /var/log/pcsd/pcsd.log -n 0 &
[1] 63294
[root@controller-0 hieradata]# /sbin/pcs cluster auth controller-0 controller-1  -u hacluster -p <token> --force
I, [2020-03-24T16:29:50.424034 #32580]  INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name
I, [2020-03-24T16:29:50.424108 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:29:50.428180 #32580]  INFO -- : Return Value: 1
W, [2020-03-24T16:29:50.428252 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file
W, [2020-03-24T16:29:50.428303 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf
I, [2020-03-24T16:29:50.428657 #32580]  INFO -- : Attempting login by 'hacluster'
I, [2020-03-24T16:29:50.452169 #32580]  INFO -- : Running: id -Gn hacluster
I, [2020-03-24T16:29:50.452241 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:29:50.455679 #32580]  INFO -- : Return Value: 0
I, [2020-03-24T16:29:50.455741 #32580]  INFO -- : Successful login by 'hacluster'
::ffff:10.148.42.143 - - [24/Mar/2020:16:29:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0327
::ffff:10.148.42.143 - - [24/Mar/2020:16:29:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0329
controller-0.localdomain - - [24/Mar/2020:16:29:50 GMT] "POST /remote/auth HTTP/1.1" 200 36
- -> /remote/auth
I, [2020-03-24T16:30:50.577947 #32580]  INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name
I, [2020-03-24T16:30:50.578017 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.582227 #32580]  INFO -- : Return Value: 1
W, [2020-03-24T16:30:50.582313 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file
W, [2020-03-24T16:30:50.582360 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf
I, [2020-03-24T16:30:50.582749 #32580]  INFO -- : Attempting login by 'hacluster'
I, [2020-03-24T16:30:50.608840 #32580]  INFO -- : Running: id -Gn hacluster
I, [2020-03-24T16:30:50.608905 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.612417 #32580]  INFO -- : Return Value: 0
I, [2020-03-24T16:30:50.612485 #32580]  INFO -- : Successful login by 'hacluster'
I, [2020-03-24T16:30:50.622922 #32580]  INFO -- : Running: /usr/sbin/corosync-cmapctl totem.cluster_name
I, [2020-03-24T16:30:50.622977 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.626385 #32580]  INFO -- : Return Value: 1
W, [2020-03-24T16:30:50.626457 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file
W, [2020-03-24T16:30:50.626496 #32580]  WARN -- : Cannot read config 'corosync.conf' from '/etc/corosync/corosync.conf': No such file or directory - /etc/corosync/corosync.conf
I, [2020-03-24T16:30:50.626813 #32580]  INFO -- : Attempting login by 'hacluster'
I, [2020-03-24T16:30:50.652127 #32580]  INFO -- : Running: id -Gn hacluster
I, [2020-03-24T16:30:50.652192 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:30:50.655801 #32580]  INFO -- : Return Value: 0
I, [2020-03-24T16:30:50.655864 #32580]  INFO -- : Successful login by 'hacluster'
::ffff:10.148.42.143 - - [24/Mar/2020:16:30:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0339
::ffff:10.148.42.143 - - [24/Mar/2020:16:30:50 +0000] "POST /remote/auth HTTP/1.1" 200 36 0.0340
controller-0.localdomain - - [24/Mar/2020:16:30:50 GMT] "POST /remote/auth HTTP/1.1" 200 36
- -> /remote/auth
I, [2020-03-24T16:31:20.615769 #32580]  INFO -- : No response from: controller-1 request: auth, error: operation_timedout
I, [2020-03-24T16:31:20.616097 #32580]  INFO -- : Running: /usr/sbin/pcs status nodes corosync
I, [2020-03-24T16:31:20.616154 #32580]  INFO -- : CIB USER: hacluster, groups:
I, [2020-03-24T16:31:20.852379 #32580]  INFO -- : Return Value: 1
I, [2020-03-24T16:31:20.852774 #32580]  INFO -- : Saved config 'tokens' version 21 <token> to '/var/lib/pcsd/tokens'
::ffff:10.148.42.143 - - [24/Mar/2020:16:31:20 +0000] "POST /remote/auth HTTP/1.1" 200 36 30.2757
::ffff:10.148.42.143 - - [24/Mar/2020:16:31:20 +0000] "POST /remote/auth HTTP/1.1" 200 36 30.2758
controller-0.localdomain - - [24/Mar/2020:16:30:50 GMT] "POST /remote/auth HTTP/1.1" 200 36
- -> /remote/auth
Error: Operation timed out
controller-0: Authorized
Error: Unable to communicate with controller-1
[root@controller-0 hieradata]#

On the destination node, /var/log/pcs/pcsd.log shows:

[2020-03-24 14:55:10] ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
[2020-03-24 14:56:09] ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'
[2020-03-24 14:56:10] ERROR OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client key exchange A
        /usr/share/ruby/openssl/ssl.rb:280:in `accept'

Environment

pacemaker

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In