[SOLVED] Cluster Broken: nsscrypto: Digest does not match

B

boopzz

Well-Known Member
Dec 6, 2016
45
4
48
UK
I have a 3 node cluster with a VM that temporarily comes online just for quorate duties.
It
I have an old PC that Im turning into a server. I removed the VM from the cluster then tried to add the new server. It failed and seemed to break the cluster. At first the 2 remaining members wouldnt see eachother. The cluster info also looked like they were standalone but had clsuter nodes which was weird. After another post suggested removing the new host I did this and the cluster info comes back in the GUI now. However the 2 hosts dont have eachother in the pvecm status, but they have matching corosync.conf files.

Im sure at some point I had to recreate the corosync authkey as it had disappeared. Now when I do a "grep corosync /var/log/syslog" twice a second I get an error of "[KNET ] nsscrypto: Digest does not match"

I assume its something to do with the corosync authkey but am not sure how to sync them back up or trust eachothers keys?

I've also done a "pvesh get /cluster/config/join --output-format json-pretty" and the only difference between the 2x hosts is the preferred node is the object of the one it is run on. Im not sure if this config should match or prefer the local node that the command is run on.
 
Got it sorted.

I looked up the manual for corosync and the authkey needed to match across the cluster nodes. Picked one authkey and copied across to the other node. then restarted pve-cluster and corosync services and then the log was showing the cluster was up!
Code: 
Dec  3 09:18:07 auricom corosync[55370]:   [KNET  ] nsscrypto: Digest does not match
Dec  3 09:18:08 auricom corosync[55370]:   [KNET  ] nsscrypto: Digest does not match
Dec  3 09:18:08 auricom corosync[55370]:   [KNET  ] nsscrypto: Digest does not match
Dec  3 09:18:10 auricom corosync[55370]:   [KNET  ] rx: host: 1 link: 0 is up
Dec  3 09:18:10 auricom corosync[55370]:   [KNET  ] host: host: 1 (passive) best link: 0 (pri: 1)
Dec  3 09:18:10 auricom corosync[55370]:   [KNET  ] pmtud: PMTUD link change for host: 1 link: 0 from 469 to 1397
Dec  3 09:18:10 auricom corosync[55370]:   [KNET  ] pmtud: Global data MTU changed to: 1397
Dec  3 09:18:10 auricom corosync[55370]:   [TOTEM ] A new membership (1.1127) was formed. Members joined: 1
Dec  3 09:18:10 auricom corosync[55370]:   [QUORUM] This node is within the primary component and will provide service.
Dec  3 09:18:10 auricom corosync[55370]:   [QUORUM] Members[2]: 1 2
Dec  3 09:18:10 auricom corosync[55370]:   [MAIN  ] Completed service synchronization, ready to provide service.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back