Loading...

Type: Bug
Resolution: Won't Fix
Priority: Medium
Fix Version/s: None
Affects Version/s: 7.19.5, 8.1.1
Component/s: Data Center - Core
Labels:
None

Support reference count:
1
Symptom Severity:
Severity 2 - Major

Problem

Confluence fails to cluster on Docker when confluence.cluster.authentication.enabled is set to true

Environment

Linux host running Confluence on docker with the following parameters:

ConnieNode1

docker run -v /var/atlassian/application-data/confluence:/var/atlassian/application-data/confluence --name="confluence" -v /mnt/shared:/var/atlassian/application-data/confluence/shared-home -d -p 8090:8090 -p 8091:8091 -p 5801:5801 -e JVM_SUPPORT_RECOMMENDED_ARGS='-Dconfluence.cluster.node.name="ConnieNode1" -Dhazelcast.local.publicAddress=10.108.15.43' -p 25500:25500 -p 5701:5701 -p 54327:54327 atlassian/confluence:8.1.1

ConnieNode2

docker run -v /var/atlassian/application-data/confluence:/var/atlassian/application-data/confluence --name="confluence" -v /mnt/shared:/var/atlassian/application-data/confluence/shared-home -d -p 8090:8090 -p 8091:8091 -p 5801:5801 -e JVM_SUPPORT_RECOMMENDED_ARGS='-Dconfluence.cluster.node.name="ConnieNode2" -Dhazelcast.local.publicAddress=10.108.15.252' -p 25500:25500 -p 5701:5701 -p 54327:54327 atlassian/confluence:8.1.1

confluence.xml cluster settings for ConnieNode1 and ConnieNode2

grep cluster /var/atlassian/application-data/confluence/confluence.cfg.xml
  <setupType>cluster</setupType>
    <property name="cluster.setup.ready">false</property>
    <property name="confluence.cluster">true</property>
    <property name="confluence.cluster.authentication.enabled">true</property>
    <property name="confluence.cluster.authentication.secret">a98303d2b77365b4726e3ee4db8bee16a88da4d8</property>
    <property name="confluence.cluster.home">/var/atlassian/application-data/confluence/shared-home</property>
    <property name="confluence.cluster.interface">eth0</property>
    <property name="confluence.cluster.join.type">tcp_ip</property>
    <property name="confluence.cluster.name">InstEnv</property>
    <property name="confluence.cluster.peers">10.108.15.43,10.108.15.252</property>

confluence.xml cluster settings in shared home

    <property name="confluence.cluster">true</property>
    <property name="confluence.cluster.authentication.enabled">true</property>
    <property name="confluence.cluster.authentication.secret">a98303d2b77365b4726e3ee4db8bee16a88da4d8</property>

Steps to Reproduce

Start ConnieNode1 and check that is accessible
Start ConnieNode2
Check Confluence application logs

Expected Results

The two nodes cluster correctly.

Actual Results

The node fails to cluster and this error is returned (TRACE level log set):

2023-04-20 14:11:07,888 INFO [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.DefaultClusterJoinManager] accept enableNodeAuthentication : true
2023-04-20 14:11:07,888 DEBUG [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.DefaultClusterJoinManager] accept ACCEPT(172.17.0.3:5801 <- 10.108.15.252:35797): Authenticating cluster node in accept .... 
2023-04-20 14:11:07,889 DEBUG [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.DefaultClusterJoinManager] checkNodeAuthenticationEnabled ACCEPT(172.17.0.3:5801 <- 10.108.15.252:35797): Authenticating cluster node
2023-04-20 14:11:07,889 DEBUG [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.SharedSecretClusterAuthenticator] runMutualChallengeResponse Inside runMutualChallengeResponse ... ClusterJoinRequest : ACCEPT(172.17.0.3:5801 <- 10.108.15.252:35797)
2023-04-20 14:11:07,931 TRACE [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.SharedSecretClusterAuthenticator] runMutualChallengeResponse Generated: Nonce{nonce=C039596FB2AE6C9E3CAF57288CBF3B20}
2023-04-20 14:11:08,203 DEBUG [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.SharedSecretClusterAuthenticator] createResponse Created: Response{proof=BF4983677B7DBFDC6A4B6F4336E4AAC068F3E88275CC552234BE4BDC991ED06C}
2023-04-20 14:11:08,610 TRACE [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.SharedSecretClusterAuthenticator] verifyResponse Verification: remote proof: 5C1D2A20CE54AD80D339E3A7BD2B123B0DD2ABA2FFCEA8579F911A7A20EDBE30
2023-04-20 14:11:08,610 TRACE [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.SharedSecretClusterAuthenticator] verifyResponse Verification: local proof:  AABC4BABD6A43E80B5EF46FC76104919A32ECC05CF71F38D9C688C5D3E9DC640
2023-04-20 14:11:08,610 WARN [hz.confluence.cached.thread-7] [hazelcast.interceptor.authenticator.DefaultClusterJoinManager] checkNodeAuthenticationEnabled ACCEPT(172.17.0.3:5801 <- 10.108.15.252:35797): Node authentication failed: Cluster authentication failed. Please make sure all members share the same value for 'confluence.cluster.name' and 'confluence.cluster.authentication.secret' in confluence.cfg.xml. 
2023-04-20 14:11:08,610 WARN [hz.confluence.cached.thread-7] [hazelcast.nio.tcp.TcpIpAcceptor] log [10.108.15.43]:5801 [msalvicluster] [3.12.13] com.atlassian.confluence.impl.cluster.hazelcast.interceptor.authenticator.NodeConnectionException: Cluster authentication failed. Please make sure all members share the same value for 'confluence.cluster.name' and 'confluence.cluster.authentication.secret' in confluence.cfg.xml.
com.atlassian.confluence.impl.cluster.hazelcast.interceptor.authenticator.NodeConnectionException: Cluster authentication failed. Please make sure all members share the same value for 'confluence.cluster.name' and 'confluence.cluster.authentication.secret' in confluence.cfg.xml.
        at com.atlassian.confluence.impl.cluster.hazelcast.interceptor.authenticator.DefaultClusterJoinManager.checkNodeAuthenticationEnabled(DefaultClusterJoinManager.java:68)
        at com.atlassian.confluence.impl.cluster.hazelcast.interceptor.authenticator.DefaultClusterJoinManager.accept(DefaultClusterJoinManager.java:47)
        at com.atlassian.confluence.impl.cluster.hazelcast.interceptor.ClusterJoinSocketInterceptor.onAccept(ClusterJoinSocketInterceptor.java:49)
        at com.hazelcast.nio.NodeIOService.interceptSocket(NodeIOService.java:300)
        at com.hazelcast.nio.tcp.TcpIpAcceptor$AcceptorIOThread.configureAndAssignSocket(TcpIpAcceptor.java:316)
        at com.hazelcast.nio.tcp.TcpIpAcceptor$AcceptorIOThread.access$1400(TcpIpAcceptor.java:138)
        at com.hazelcast.nio.tcp.TcpIpAcceptor$AcceptorIOThread$1.run(TcpIpAcceptor.java:305)
        at com.hazelcast.util.executor.CachedExecutorServiceDelegate$Worker.run(CachedExecutorServiceDelegate.java:227)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
        at com.hazelcast.util.executor.HazelcastManagedThread.executeRun(HazelcastManagedThread.java:64)
        at com.hazelcast.util.executor.HazelcastManagedThread.run(HazelcastManagedThread.java:80)

Workaround

Set confluence.cluster.authentication.enabled to false in all the 3 confluence.cfg.xml files.

Confluence may fail to cluster on Docker

Problem

Environment

Steps to Reproduce

Expected Results

Actual Results

Workaround

Notes

Details

Description

Problem

Environment

Steps to Reproduce

Expected Results

Actual Results

Workaround

Notes

Attachments

Activity

People

Dates