Unable to communicate with pacemaker host while authorising
Solution 1:
I typically don't use pcsd in my clusters, but the times that I have, I recall setting up the authentication after I had a working cluster; function first, frill later.
I would try using the following commands from both nodes to create the corosync configuration and start the cluster, before setting up your authentication:
# pcs cluster setup --local --name haproxy-cluster0 vm_haproxy1 vm_haproxy2
# systemctl start corosync
# systemctl start pacemaker
Once you see your nodes online in the output of crm_mon
, try your steps for setting up the node authentication.
Solution 2:
I had this issue. In my case I tracked it down to the environment variables for proxies being set.
To check this: first run the command with --debug
enabled:
pcs --debug cluster auth clua club cluc
In the debug output I could see:
Sending HTTP Request to: https://club:2224/remote/check_auth
Data: None
Response Reason: Tunnel connection failed: 404 Not Found
...
"I, [2017-04-05T10:54:21.333320 #6755] INFO -- : No response from: cluc request: /auth, exception: 404 \"Not Found\"\n",
"I, [2017-04-05T10:54:21.334344 #6755] INFO -- : No response from: club request: /auth, exception: 404 \"Not Found\"\n",
"I, [2017-04-05T10:54:21.334852 #6755] INFO -- : No response from: clua request: /auth, exception: 404 \"Not Found\"\n"
Running curl towards the URL it was trying to use gave more explicit information:
# curl https://club:2224/remote/check_auth
curl: (56) Received HTTP code 404 from proxy after CONNECT
Unsetting http_proxy
and https_proxy
enabled it to work.
If you don't have too many nodes, you can list them in the no_proxy
environment variable. Otherwise it's a bit painful - you need to ensure you always run the pcs commands with no proxy environment variables set. I have so far not found any way to configured pcs not to use these variables.
You could write a little wrapper that unsets the variables and then calls pcs.
Solution 3:
If you are using CentOS 7, check:
systemctl start pcsd.service
systemctl enable pcsd.service
The start
will run it now. If that produces any error messages those should be addressed. The enable
cause it to start automatically on the next boot.