The "corosync" service fails to start with "nsscrypto" error: NSS DB initialization failed (err -8023)
Issue
-
The
corosync.service
fails to start and reports the below error forcrypto_nss
:$ cat /var/log/messages ---------------------------------------->8----------------------------------------- Dec 1 10:52:39 efedb1u4 corosync[2413878]: [MAIN ] Corosync Cluster Engine 3.1.7 starting up Dec 1 10:52:39 efedb1u4 corosync[2413878]: [MAIN ] Corosync built-in features: dbus systemd xmlconf vqsim nozzle snmp pie relro bindnow Dec 1 10:52:39 efedb1u4 corosync[2413878]: [TOTEM ] Initializing transport (Kronosnet). Dec 1 10:52:39 efedb1u4 corosync[2413878]: [TOTEM ] knet_handle_crypto_set_config (index 1) failed: -2 Dec 1 10:52:39 efedb1u4 corosync[2413878]: [KNET ] pmtud: MTU manually set to: 0 Dec 1 10:52:39 efedb1u4 corosync[2413878]: [KNET ] common: crypto_nss.so has been loaded from /usr/lib64/kronosnet/crypto_nss.so Dec 1 10:52:39 efedb1u4 corosync[2413878]: [KNET ] nsscrypto: NSS DB initialization failed (err -8023): A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot. Dec 1 10:52:39 efedb1u4 corosync[2413878]: [MAIN ] Can't initialize TOTEM layer Dec 1 10:52:39 efedb1u4 corosync[2413878]: [MAIN ] Corosync Cluster Engine exiting with status 15 at main.c:1608.
-
You may additionally see errors resembling the below, while creating the cluster ( reviewing
journalctl -xe
would reflect the above errors ):$ pcs cluster setup --start rhel8_cluster rhel8-node1 rhel8-node2 No addresses specified for host 'rhel8-node1', using 'rhel8-node1' No addresses specified for host 'rhel8-node2', using 'rhel8-node2' Destroying cluster on hosts: 'rhel8-node1', 'rhel8-node2'... rhel8-node2: Successfully destroyed cluster rhel8-node1: Successfully destroyed cluster Requesting remove 'pcsd settings' from 'rhel8-node1', 'rhel8-node2' rhel8-node2: successful removal of the file 'pcsd settings' rhel8-node1: successful removal of the file 'pcsd settings' Sending 'corosync authkey', 'pacemaker authkey' to 'rhel8-node1', 'rhel8-node2' rhel8-node1: successful distribution of the file 'corosync authkey' rhel8-node1: successful distribution of the file 'pacemaker authkey' rhel8-node2: successful distribution of the file 'corosync authkey' rhel8-node2: successful distribution of the file 'pacemaker authkey' Sending 'corosync.conf' to 'rhel8-node1', 'rhel8-node2' rhel8-node1: successful distribution of the file 'corosync.conf' rhel8-node2: successful distribution of the file 'corosync.conf' Cluster has been successfully set up. Starting cluster on hosts: 'rhel8-node1', 'rhel8-node2'... Error: rhel8-node1: Starting Cluster... Error: Unable to start corosync: Job for corosync.service failed because the control process exited with error code. See "systemctl status corosync.service" and "journalctl -xe" for details. Error: rhel8-node2: Starting Cluster... Error: Unable to start corosync: Job for corosync.service failed because the control process exited with error code. See "systemctl status corosync.service" and "journalctl -xe" for details. Error: Errors have occurred, therefore pcs is unable to continue
Environment
- Red Hat Enterprise Linux (RHEL) 8 and higher (with the High Availability Add-On)
- corosync
- nss
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.