tinygg / mysql-mha-setup

mysql-master-ha scripts
0 stars 0 forks source link

masterha_check_ssh issue #13

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem ?
1. Configure ssh keys on all servers
2. Test ssh connection with command line => OK
3. Test ssh connection with masterha_check_ssh => KO

What is the expected output? What do you see instead ?

Wed Jan  4 16:47:30 2012 - [warning] Global configuration file 
/etc/masterha_default.cnf not found. Skipping.
Wed Jan  4 16:47:30 2012 - [info] Reading application default configurations 
from /etc/myha.cnf..
Wed Jan  4 16:47:30 2012 - [info] Reading server configurations from 
/etc/myha.cnf..
Wed Jan  4 16:47:30 2012 - [info] Starting SSH connection tests..
Wed Jan  4 16:47:30 2012 - [error][/usr/local/share/perl5/MHA/SSHCheck.pm, ln63]
Wed Jan  4 16:47:30 2012 - [debug]  Connecting via SSH from root@node1 to 
root@node2..
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Wed Jan  4 16:47:30 2012 - [error][/usr/local/share/perl5/MHA/SSHCheck.pm, 
ln106] SSH connection from root@node1 to root@node2 failed!
Wed Jan  4 16:47:31 2012 - [debug]
Wed Jan  4 16:47:30 2012 - [debug]  Connecting via SSH from root@node2 to 
root@node1..
Wed Jan  4 16:47:30 2012 - [debug]   ok.
SSH Configuration Check Failed!
 at ./masterha_check_ssh line 44

What version of the product are you using? On what operating system?

0.52 on redhat 6

Original issue reported on code.google.com by cedric.p...@gmail.com on 4 Jan 2012 at 3:58

GoogleCodeExporter commented 8 years ago
Please configure SSH public key authentication with no passphrase.
http://code.google.com/p/mysql-master-ha/wiki/Requirements#SSH_public_key_authen
tication

Original comment by Yoshinor...@gmail.com on 5 Jan 2012 at 12:43

GoogleCodeExporter commented 8 years ago
Hi, there isn't passphrase.
And a command line test rocks !
Have you see this error ? : [error][/usr/local/share/perl5/MHA/SSHCheck.pm, 
ln63]

Original comment by cedric.p...@gmail.com on 5 Jan 2012 at 8:49

GoogleCodeExporter commented 8 years ago
Did no-passphrase ssh connection succeed from node1 to node2?

Original comment by Yoshinor...@gmail.com on 5 Jan 2012 at 1:59

GoogleCodeExporter commented 8 years ago
Yes, it did !

Original comment by cedric.p...@gmail.com on 5 Jan 2012 at 9:57

GoogleCodeExporter commented 8 years ago
I ran into this issue too when running the manager on the node2 of a 2 node 
demo cluster; it totally did not occur to me that I'd also need to setup public 
key authentication to/from local host of the second node.
Self referential, but necessary! 

Example: 
root@10.0.1.36:/# ssh-copy-id root@10.0.1.36

It's not a bug/defect in my book. -Simply addressing the potential for 
confusion in tutorial may be enough. 

Thanks for building this!

A

Original comment by estrov...@gmail.com on 7 Mar 2012 at 11:40

GoogleCodeExporter commented 8 years ago
@Cédric: You have to setup public key authentication from the MHA Manager to 
every MySQL servers first and from the each MySQL server to the remaining (not 
includes MHA Manager if it is separated server).

For example: assuming that you have a pair Master (server1), Slave (server2) 
and MHA Manager is installed on another machine (server3). Make sure that you 
can ssh without password prompting:
- from server3 to server1
- from server3 to server2
- from server1 to server2
- from server2 to server1

Original comment by quanta.l...@gmail.com on 12 Apr 2012 at 10:30

GoogleCodeExporter commented 8 years ago
No more problem since 0.53

Original comment by cedric.p...@gmail.com on 25 Apr 2012 at 10:24

GoogleCodeExporter commented 8 years ago
I have a three-node cluster, Ubuntu 12.04 in EC2, and all three nodes can SSH 
to/from each other, and MHA manager can SSH to all three, but I get this error. 
I'm using 0.53.

Any clues what caused this and/or how to fix it?

----------------------------------------------------------------------
ubuntu@ip-10-244-141-67:~$ masterha_manager -v
masterha_manager version 0.53.
----------------------------------------------------------------------

----------------------------------------------------------------------
Mon Aug 27 19:00:52 2012 - [info] Starting SSH connection tests..
Mon Aug 27 19:00:54 2012 - [error][/usr/share/perl5/MHA/SSHCheck.pm, ln63] 
Mon Aug 27 19:00:52 2012 - [debug]  Connecting via SSH from 
ubuntu@10.248.86.135(10.248.86.135:22) to 
ubuntu@10.248.109.158(10.248.109.158:22)..
Permission denied (publickey).
Mon Aug 27 19:00:54 2012 - [error][/usr/share/perl5/MHA/SSHCheck.pm, ln107] SSH 
connection from ubuntu@10.248.86.135(10.248.86.135:22) to 
ubuntu@10.248.109.158(10.248.109.158:22) failed!
Mon Aug 27 19:00:55 2012 - [error][/usr/share/perl5/MHA/SSHCheck.pm, ln63] 
----------------------------------------------------------------------

----------------------------------------------------------------------
ubuntu@ip-10-248-86-135:~$ ssh ubuntu@10.248.109.158
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-25-virtual x86_64)
...[other successful login text snipped]...
ubuntu@ip-10-248-109-158:~$ 
----------------------------------------------------------------------

Original comment by timeless...@gmail.com on 27 Aug 2012 at 7:04

GoogleCodeExporter commented 8 years ago
Sorry to post comments so quick in succession, but I have an interesting 
development. It looks like it has something to do with SSH key-pair management, 
though I haven't yet figured out why. Look at this. The machine where I'm 
running this is the MHA manager:

-----------------------------------------------------------------------------
ubuntu@ip-10-244-141-67:~$ ssh ubuntu@10.248.86.135 "ssh ubuntu@10.248.109.158 
'ls'"
Permission denied (publickey).

ubuntu@ip-10-244-141-67:~$ ssh ubuntu@10.248.86.135 "ssh -i 
~/.ssh/mha-ubuntu-keypair ubuntu@10.248.109.158 'ifconfig | grep addr:'"
          inet addr:10.248.109.158  Bcast:10.248.109.191  Mask:255.255.255.192
          inet6 addr: fe80::2000:aff:fef8:6d9e/64 Scope:Link
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
-----------------------------------------------------------------------------

So if I, on the MHA node, specify the private key file, then I can succeed on 
this check, but if I don't specify it, it doesn't know the keypair to use. I 
assume this is because it's trying for a default "id_dsa" rather than the 
unusually-named SSH keypair.

I tested this theory, by linking the SSH privkey on all hosts:

-----------------------------------------------------------------------------
ubuntu@ip-10-248-86-135:~/.ssh$ ln -s mha-ubuntu-keypair id_dsa
-----------------------------------------------------------------------------

And sure enough!

-----------------------------------------------------------------------------
ubuntu@ip-10-244-141-67:~$ masterha_check_ssh 
--conf=/etc/mha/palominoClusterTool.cnf 
...[bunch of successful output]...
Mon Aug 27 19:11:16 2012 - [info] All SSH connection tests passed successfully.
-----------------------------------------------------------------------------

Original comment by timeless...@gmail.com on 27 Aug 2012 at 7:13

GoogleCodeExporter commented 8 years ago
Can anybody let me know what is the solution of above problem as i am also 
getting same issue while connecting with  masterha_check_ssh while it's 
connecting via command line directoly but not with the utility.

Original comment by yogeshba...@gmail.com on 1 Jan 2013 at 5:27

GoogleCodeExporter commented 8 years ago
Using sudo user or root? if using sudo user, please ssh-keygen -t rsa and build 
ssh connection under sudo user then 
sudo su - 
to root user and build ssh again, then everything work fine.

Original comment by gb.oldga...@gmail.com on 2 Mar 2015 at 10:32

GoogleCodeExporter commented 8 years ago
For whatever reason timeless' solution didn't work for me.  What did was 
actually modifying the ssh call in SSHCheck.pm and passing it: -i 
~$src->{ssh_user}/.ssh/id_rsa or whatever the location of your private key is.

Original comment by ste...@shots.com on 9 Mar 2016 at 5:52

GoogleCodeExporter commented 8 years ago
Yes, changing SSHCheck.pm to specify the private key file seems a great 
solution to me, in retrospect.

Original comment by timeless...@gmail.com on 9 Mar 2016 at 6:18