[Linux-cluster] Ricci doesn't work

Jan Pokorný jpokorny at redhat.com
Thu Sep 6 18:32:31 UTC 2012

On 06/09/12 15:11 +0000, Chip Burke wrote:
> Well that was an easy enough fix finally. I thought perhaps the password
> for the VMWare fence account was the issue and updated cluster.conf with a
> place holder password of 'password'. Ricci would not work. So I updated
> the actual ricci user account to use a password of 'password' and
> restarted Ricci on all of the nodes. Ricci now works. So indeed, it
> certainly did not like a character in the password I was using which was
> 65peC&E$taFRE&U. In all likelihood the & was the problem character.

Bull's eye.

> On 9/6/12 6:11 AM, "Jan Pokorný" <jpokorny at redhat.com> wrote:
>> The easiest explanation is that this XML is not well-formed, which
>> would boil down to your obfuscated password (not offending it,
>> it's highly reasonable).  Did you password contain any XML-nonfriendly
>> character, such as one of '<>"&'?  If so, could you please try digits,
>> ASCII letters and surely-safe characters only (dot, dash, etc.)?

Admittedly, this obstacle should be easier to track down, if allowed
to exist at all (see bellow).

> To confirm that hypothesis, I changed the Ricci password to 65peC&E$taFREU
> and everything still worked as expected.

Once at it, it should have been "65peCE$taFREU" (no & char), shouldn't

> From your stand point I don't know if that needs to be coded around or what,
> but at least we know how to reproduce the issue.

Thanks for bringing up this part we should be more careful about.
As a starter, I filed these bugs:

- ricci (needs to understand the XML entities properly)

(clients need to do a proper encoding into XML entities)
- luci:     https://bugzilla.redhat.com/show_bug.cgi?id=855112
- ccs:      https://bugzilla.redhat.com/show_bug.cgi?id=855117
- ccs_sync: https://bugzilla.redhat.com/show_bug.cgi?id=855120

Also based on studying some relevant parts of the ricci's code,
I've added a few private suggestions under the umbrella of bug 849233.

> Thanks again for sticking with me on this even if the cause was somewhat
> silly.

To be fair enough, no matter how unprobable the reason of not working
correctly is (let's keep complex configuration errors aside), one
can expect such things self-evident (via the messages, logs, etc.),
not as an exercise left to the user and indirectly back to the
maintainer :-)


More information about the Linux-cluster mailing list