[DRBD-user] Authentication of peer failed ?

Julien Escario julien.escario at altinea.fr
Tue Sep 12 10:17:04 CEST 2017

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

Le 12/09/2017 à 00:11, Lars Ellenberg a écrit :
> On Mon, Sep 11, 2017 at 11:21:35AM +0200, Julien Escario wrote:
>> Hello,
>> This moring, when creating a ressource from Proxmox, I got a nice
>> "Authentication of peer failed".
>> [33685507.246574] drbd vm-115-disk-1 vm7: Handshake to peer 2 successful: Agreed
>> network protocol version 111
>> [33685507.246579] drbd vm-115-disk-1 vm7: Feature flags enabled on protocol
>> [33685507.246597] drbd vm-115-disk-1 vm7: sock was shut down by peer
>> [33685507.246617] drbd vm-115-disk-1 vm7: conn( Connecting -> BrokenPipe )
>> [33685507.246642] drbd vm-115-disk-1 vm7: short read (expected size 16)
>> [33685507.246644] drbd vm-115-disk-1 vm7: Authentication of peer failed, trying
>> again.
> Well, in this case, the "authentication" failed, because the connection
> was torn down during the exchange. Which is why it thinks it could help
> to try again. If it had failed auth because, well, "wrong credentials",
> which really is only "shared secret" & node-id not matching,
> it would not try again: the shared secret that "impostor" peer knows
> won't change because we try again.
> Why was it torn down?  I don't know.

Small precision : it's only on one ressource (every other is fine) :

vm-115-disk-1 role:Secondary
  vm4 connection:StandAlone
  vm7 connection:StandAlone

This ressource isn't anymore defined on 'vm4' and 'vm7' nodes.

>> My install is a bit outdated :
>> python-drbdmanage                                0.97-1
>> drbd-utils                                       8.9.7-1
> And you rather not even mention the kernel module version :-)

Right, sorry :
# cat /proc/drbd
version: 9.0.3-1 (api:2/proto:86-111)
GIT-hash: a14cb9c3818612dfb8c3288db28a591d5a0fc2a6 build by root at nora,
2016-07-28 10:59:06
Transports (api:14): tcp (1.0.0)

> It even wrote that it was trying again, all by itself.
> If it does not do that, but is in fact stuck in some supposedly
> transient state like "Unconnected", you ran into a bug.
> Of course you still can try to "--force disconnect", and/or "adjust".
> Depends on what the current state is.

Tried a few things :
# drbdadm adjust vm-115-disk-1
'vm-115-disk-1' not defined in your config (for this host).

# drbdadm down vm-115-disk-1
'vm-115-disk-1' not defined in your config (for this host).

# drbdmanage unassign vm-115-disk-1 vm5
Error: Object not found

It seems that neither drbdadm nor drbdmanage doesn't anymore know this
ressource. Sad :-(


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3715 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.linbit.com/pipermail/drbd-user/attachments/20170912/9c76be4d/attachment.bin>

More information about the drbd-user mailing list