[DRBD-user] satellite daemon must non-3377 port for SSL?
Chad William Seys
cwseys at physics.wisc.edu
Thu Jul 2 16:49:59 CEST 2020
Hmm, OK. After looking at things again, it looks like the actual
problem is that 'linstor create' without -p sets the port to 3377 for
the Satellite:
# linstor node create --communication-type SSL vms20 --node-type Combined
SUCCESS:
Description:
New node 'vms20' registered.
Details:
Node 'vms20' UUID is: af9198db-512a-4cf3-ad31-a1e79d416596
ERROR:
Description:
(Node: 'vms20') The requested function call cannot be executed.
Cause:
Common causes of this error are:
- The function call name specified by the caller
(client side) is incorrect
- The requested function call was not loaded into
the system (server side)
Details:
The requested function call name was 'Auth'.
Node: vms20
Show reports:
linstor error-reports show 5EFDF10B-00000-000001
root at vms20:~# linstor n l
╭─────────────────────────────────────────────────────────╮
┊ Node ┊ NodeType ┊ Addresses ┊ State ┊
╞═════════════════════════════════════════════════════════╡
┊ vms20 ┊ COMBINED ┊ 128.104.164.119:3377 (SSL) ┊ OFFLINE ┊
╰─────────────────────────────────────────────────────────╯
# with -p 3367:
# linstor node create -p 3367 --communication-type SSL vms20 --node-type
Combined
SUCCESS:
Description:
New node 'vms20' registered.
Details:
Node 'vms20' UUID is: f5887821-3415-48bc-8d33-1cc4ac19efe3
SUCCESS:
Description:
Node 'vms20' authenticated
Details:
Supported storage providers: [diskless, lvm, lvm_thin, file,
file_thin, openflex_target]
Supported resource layers : [writecache, cache, openflex, storage]
Unsupported storage providers:
ZFS: 'cat /sys/module/zfs/version' returned with exit code 1
ZFS_THIN: 'cat /sys/module/zfs/version' returned with exit code 1
SPDK: IO exception occured when running 'rpc.py
get_spdk_version': Cannot run program "rpc.py": error=2, No such file or
directory
Unsupported resource layers:
DRBD: DRBD version has to be >= 9. Current DRBD version: 8.4.10
LUKS: IO exception occured when running 'cryptsetup --version':
Cannot run program "cryptsetup": error=2, No such file or directory
NVME: IO exception occured when running 'nvme version': Cannot
run program "nvme": error=2, No such file or directory
INFO:
Linstor node name 'vms20' and hostname 'vms20.physics.wisc.edu'
doesn't match.
root at vms20:~# systemctl start linstor-satellite.service ^C
root at vms20:~# linstor n l
╭────────────────────────────────────────────────────────╮
┊ Node ┊ NodeType ┊ Addresses ┊ State ┊
╞════════════════════════════════════════════════════════╡
┊ vms20 ┊ COMBINED ┊ 128.104.164.119:3367 (SSL) ┊ Online ┊
╰────────────────────────────────────────────────────────╯
Thanks!
Chad.
On 7/2/20 5:00 AM, drbd-user-request at lists.linbit.com wrote:
> Send drbd-user mailing list submissions to
> drbd-user at lists.linbit.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.linbit.com/mailman/listinfo/drbd-user
> or, via email, send a message with subject or body 'help' to
> drbd-user-request at lists.linbit.com
>
> You can reach the person managing the list at
> drbd-user-owner at lists.linbit.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of drbd-user digest..."
>
>
> Today's Topics:
>
> 1. Re: satellite daemon must non-3377 port for SSL? (Rene Peinthor)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 2 Jul 2020 07:10:10 +0200
> From: Rene Peinthor <rene.peinthor at linbit.com>
> Subject: Re: [DRBD-user] satellite daemon must non-3377 port for SSL?
> To: Chad William Seys <cwseys at physics.wisc.edu>
> Cc: drbd-user <drbd-user at lists.linbit.com>
> Message-ID:
> <CAHmn2DPLAKteM=3veZbri3-NtWUkg-0vQt=bHq36Cir2YdZDhQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi!
>
> I don't know why you think that the satellite listens on port 3377?
> Here are the default port bindings:
>
> /*
> * Default ports
> */
> public static final int DFLT_CTRL_PORT_SSL = 3377;
> public static final int DFLT_CTRL_PORT_PLAIN = 3376;
> public static final int DFLT_STLT_PORT_SSL = 3367;
> public static final int DFLT_STLT_PORT_PLAIN = 3366;
>
> It wouldn't make much sense to have a combined node, where you only can run
> either a controller or satellite...
> We have multiple setups where Controller and Satellite run on the same node.
>
> Best regards
> Rene
>
> On Thu, Jul 2, 2020 at 7:02 AM Chad William Seys <cwseys at physics.wisc.edu>
> wrote:
>
>> Hi,
>> I have a "Combined" controller/satellite node which I'm trying to set
>> up SSL on.
>> It appears that the controller binds port 3377 by default. This is
>> also the port the satellite listens to by default. When the node is
>> Combined, this causes problems connecting to the satellite daemon.
>> My hope was to have the controller bind to a non-3377 port so that
>> one would not have to specify a non-default port when creating a node.
>> However, I haven't been able to get the controller daemon to bind to
>> anything but 3377.
>> E.g. This does not work:
>> # cat /etc/linstor/linstor_controller.toml
>> [netcom]
>> type="ssl"
>> port=3388
>> server_certificate="/etc/linstor/ssl/keystore.jks"
>> trusted_certificates="/etc/linstor/ssl/certificates.jks"
>> key_password="linstor"
>> keystore_password="linstor"
>> truststore_password="linstor"
>> ssl_protocol="TLSv1.2"
>>
>>
>> Thanks!
>> Chad.
>> _______________________________________________
>> Star us on GITHUB: https://github.com/LINBIT
>> drbd-user mailing list
>> drbd-user at lists.linbit.com
>> https://lists.linbit.com/mailman/listinfo/drbd-user
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.linbit.com/pipermail/drbd-user/attachments/20200702/2157c8ef/attachment.html>
>
> ------------------------------
>
> _______________________________________________
> Star us on GITHUB: https://github.com/LINBIT
> drbd-user mailing list
> drbd-user at lists.linbit.com
> https://lists.linbit.com/mailman/listinfo/drbd-user
>
>
> End of drbd-user Digest, Vol 192, Issue 2
> *****************************************
>
More information about the drbd-user
mailing list