[DRBD-user] Authentication of peer failed ?

Lars Ellenberg lars.ellenberg at linbit.com
Tue Sep 12 00:11:55 CEST 2017

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


On Mon, Sep 11, 2017 at 11:21:35AM +0200, Julien Escario wrote:
> Hello,
> This moring, when creating a ressource from Proxmox, I got a nice
> "Authentication of peer failed".
> 
> [33685507.246574] drbd vm-115-disk-1 vm7: Handshake to peer 2 successful: Agreed
> network protocol version 111
> [33685507.246579] drbd vm-115-disk-1 vm7: Feature flags enabled on protocol
> level: 0x7 TRIM THIN_RESYNC WRITE_SAME.
> [33685507.246597] drbd vm-115-disk-1 vm7: sock was shut down by peer
> [33685507.246617] drbd vm-115-disk-1 vm7: conn( Connecting -> BrokenPipe )
> [33685507.246642] drbd vm-115-disk-1 vm7: short read (expected size 16)
> [33685507.246644] drbd vm-115-disk-1 vm7: Authentication of peer failed, trying
> again.

Well, in this case, the "authentication" failed, because the connection
was torn down during the exchange. Which is why it thinks it could help
to try again. If it had failed auth because, well, "wrong credentials",
which really is only "shared secret" & node-id not matching,
it would not try again: the shared secret that "impostor" peer knows
won't change because we try again.

Why was it torn down?  I don't know.


> [33685507.289987] drbd vm-115-disk-1 vm7: Connection closed
> [33685507.290013] drbd vm-115-disk-1 vm7: conn( BrokenPipe -> Unconnected )
> 
> My install is a bit outdated :
> python-drbdmanage                                0.97-1
> drbd-utils                                       8.9.7-1

And you rather not even mention the kernel module version :-)

> but upgrading is ... complex ;-)
> 
> Any way to correct this without shuting down all ressources ? (and reboot).
> 
> I was thinking of some so-nice hidden command to force a kind of reauth between
> 2 hosts.

It even wrote that it was trying again, all by itself.
If it does not do that, but is in fact stuck in some supposedly
transient state like "Unconnected", you ran into a bug.

Of course you still can try to "--force disconnect", and/or "adjust".
Depends on what the current state is.


-- 
: Lars Ellenberg
: LINBIT | Keeping the Digital World Running
: DRBD -- Heartbeat -- Corosync -- Pacemaker

DRBD® and LINBIT® are registered trademarks of LINBIT
__
please don't Cc me, but send to list -- I'm subscribed



More information about the drbd-user mailing list