Environment
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2
Situation
A given cluster had run with the same Email Addresses for cluster event notification since it was an OES 2 SP2 cluster. When trying to add an additional address, the address would appear to get added. However when saving, by clicking "apply" or "okay", the admin would receive:
Error: Cluster Administration Error
An error occurred while processing your request. Click the "More Info" button below for the full stack trace.
Summary:
An error occurred while managing the clustering software. Reason: java.lang.Exception: Unknown error with error code: 401. Click the "More Info" button below for the full stack trace.
Error: Cluster Administration Error
An error occurred while processing your request. Click the "More Info" button below for the full stack trace.
Summary:
An error occurred while managing the clustering software. Reason: java.lang.Exception: Unknown error with error code: 401. Click the "More Info" button below for the full stack trace.
Resolution
The cluster was pointing at a server in the tree that was using an ldap certificate from a third party. This certificate was not trusted by the cluster node. The quick fix was to update the /etc/opt/novell/ncs/clstrlib.conf to point to an OES server using a certificate that was signed by the Organizational tree CA. Ideally this could be the cluster node itself, even it hosts no replicas.
Section 8.13.1 Changing the Administrator Credentials or LDAP Server IP Addresses for a Cluster outlines how to update the LDAP server this without needing to restart the cluster node. (note: this needs to be accomplished on each node in the cluster).
Section 8.13.1 Changing the Administrator Credentials or LDAP Server IP Addresses for a Cluster outlines how to update the LDAP server this without needing to restart the cluster node. (note: this needs to be accomplished on each node in the cluster).
Additional Information
Before changing the LDAP server IP address on a cluster node, running
/opt/novell/ncs/bin/ncs-configd.py -init
would return a "certificate failed to verify" error.
For example:
/opt/novell/ncs/bin/ncs-configd.py -init
would return a "certificate failed to verify" error.
For example:
# /opt/novell/ncs/bin/ncs-configd.py -init
Traceback (most recent call last):
File "/opt/novell/ncs/bin/ncs-configd.py", line 157, in <module>
ld.simple_bind_s(ss.adminDn, ss.adminPw)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 198, in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 192, in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)', 'desc': "Can't contact LDAP server"}