Bug 1208749 - crmsh upgrade to crmsh-4.4.0+20221209.64abfaca-150400.3.12.1.noarch breaks existing cluster
Summary: crmsh upgrade to crmsh-4.4.0+20221209.64abfaca-150400.3.12.1.noarch breaks e...
Status: NEW
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: High Availability (show other bugs)
Version: Leap 15.3
Hardware: x86-64 Other
: P5 - None : Major (vote)
Target Milestone: ---
Assignee: SUSE Linux Enterprise High Availability Team
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-28 11:10 UTC by Ralf Ronneburger
Modified: 2023-02-28 11:10 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Ronneburger 2023-02-28 11:10:32 UTC 
After the upgrade of crmsh to the latest patch 4.4.0+20221209.64abfaca-150400.3.12.1 released about two weeks ago crmsh claims that a configuration upgrade is needed. This configuration upgrade now seems to require root access to all other nodes via ssh, which is not intended and was never required before. Therefore the configuration upgrade fails:


# crm status
INFO: crmsh version is newer than its configuration. Configuration upgrade is needed.
WARNING: SSH connection to remote node XYZ failed.
parallax.Error: Exited with error code 255, Error output: root@XYZ: Permission denied (publickey).

WARNING: Upgrade of crmsh configuration skipped.


crmsh never required root ssh access to other nodes before and after downgrading crmsh to version crmsh-4.4.0+20221028.3e41444-150400.3.9.1.noarch everything works again. So the upgrade seems to have broken our existing setup. Can this be fixed with a new package or with a configuration change? We don't want root to have access to all other nodes (and we don't need it, as we roll out config-changes via ansible).