turn off configs syncing if the nodelist is empty

This fixes problems on Debian which distributes corosync with a default
corosync.conf containing no nodes. The configs synchronization mechanism
then sends configs to (and load from) an empty set of nodes effectively
not saving the configs anywhere. This is especially bad when running
'pcs cluster auth' before creating a cluster since the tokens are
dropped which prevents a cluster to be created and the default
corosync.conf replaced by our own with a valid nodelist.

#153

CHANGELOG.md

@@ -17,7 +17,10 @@
 - It is now possible to set the `action` option of stonith devices in web UI by
   using force ([rhbz#1421702])
 - Do not crash when `--wait` is used in `pcs stonith create` ([rhbz#1522813])
+- Nodes are now authenticated after running `pcs cluster auth` even if
+  an existing corosync.conf defines no nodes ([ghissue#153])
 
+[ghissue#153]: https://github.com/ClusterLabs/pcs/issues/153
 [rhbz#1421702]: https://bugzilla.redhat.com/show_bug.cgi?id=1421702
 [rhbz#1522813]: https://bugzilla.redhat.com/show_bug.cgi?id=1522813
 [rhbz#1523378]: https://bugzilla.redhat.com/show_bug.cgi?id=1523378

pcsd/cfgsync.rb

@@ -730,7 +730,7 @@ def self.get_configs_local(with_missing=false)
   def self.save_sync_new_version(
     config, nodes, cluster_name, fetch_on_conflict, tokens={}, ports={}
   )
-    if not cluster_name or cluster_name.empty?
+    if not cluster_name or cluster_name.empty? or not nodes or nodes.empty?
       # we run on a standalone host, no config syncing
       config.version += 1
       config.save()
@@ -786,7 +786,7 @@ def self.save_sync_new_tokens(
     with_new_tokens.tokens.update(new_tokens)
     with_new_tokens.ports.update(new_ports)
     config_new = PcsdTokens.from_text(with_new_tokens.text)
-    if not cluster_name or cluster_name.empty?
+    if not cluster_name or cluster_name.empty? or not nodes or nodes.empty?
       # we run on a standalone host, no config syncing
       config_new.version += 1
       config_new.save()

pcsd/pcs.rb

@@ -1251,7 +1251,6 @@ def pcs_auth(auth_user, nodes, username, password, force=false, local=true)
     end
   }
   if not new_tokens.empty?
-    cluster_nodes = get_corosync_nodes()
     tokens_cfg = Cfgsync::PcsdTokens.from_file()
     # only tokens used in pcsd-to-pcsd communication can and need to be synced
     # those are accessible only when running under root account
@@ -1262,10 +1261,10 @@ def pcs_auth(auth_user, nodes, username, password, force=false, local=true)
       )
       return auth_responses, sync_successful, sync_failed_nodes, sync_responses
     end
+    cluster_nodes = get_corosync_nodes()
     sync_successful, sync_responses = Cfgsync::save_sync_new_tokens(
       tokens_cfg, new_tokens, cluster_nodes, $cluster_name, ports
     )
-    sync_failed_nodes = []
     sync_not_supported_nodes = []
     sync_responses.each { |node, response|
       if 'not_supported' == response['status']

pcsd/pcsd.rb

@@ -132,11 +132,14 @@ def generate_cookie_secret
         begin
           # do not sync if this host is not in a cluster
           cluster_name = get_cluster_name()
-          if cluster_name and !cluster_name.empty?()
+          cluster_nodes = get_corosync_nodes()
+          if cluster_name and !cluster_name.empty?() and cluster_nodes and !cluster_nodes.empty?
             $logger.debug('Config files sync thread fetching')
             fetcher = Cfgsync::ConfigFetcher.new(
-              PCSAuth.getSuperuserAuth(), Cfgsync::get_cfg_classes(),
-              get_corosync_nodes(), cluster_name
+              PCSAuth.getSuperuserAuth(),
+              Cfgsync::get_cfg_classes(),
+              cluster_nodes,
+              cluster_name
             )
             cfgs_to_save, _ = fetcher.fetch()
             cfgs_to_save.each { |cfg_to_save|