[Pacemaker] failed actions: insufficient privileges

Alfredo Parisi alfredo.parisi at gmail.com
Sat Jun 11 13:45:18 EDT 2011 

not installed on my servers. and now? Thanks again..

2011/6/11 Vladislav Bogdanov <bubble at hoster-ok.com>

> 11.06.2011 20:13, Alfredo Parisi wrote:
> > Thanks again for the response.
> > Actually these are my permissions on /var/run/mysqld
> >
> > root at server1:/var/run# ls -l | grep mysql
> > drwxr-xr-x 2 mysql      root         40 2011-06-11 19:06
> >
> > they are correct for mysql on pacemaker?thanks
>
> Yes.
> Please check selinux state (run getenforce as root).
>
> >
> > 2011/6/11 Vladislav Bogdanov <bubble at hoster-ok.com
> > <mailto:bubble at hoster-ok.com>>
> >
> >     11.06.2011 19:01, Alfredo Parisi wrote:
> >     > Hi and thanks for the reply.
> >     > I've found the problem, pacemaker haven't the privileges for
> >     create the
> >     > file mysqld.sock, infact if I stop one server and create
> mysqld.sock
> >     > with 777 and own mysql:mysql, after restart corosync, it works...
> >     > but this is only a temporary solution because when corosync is
> stopped
> >     > on that machine, it delete the file socks and I have again the
> error.
> >     > Someone can help me for resolve this problem with the privileges.
> >
> >     Resources are run by lrmd under root permissions, so mysqld is
> started
> >     by root. It then switches to mysql user and then creates that unix
> >     socket. Please verify that directory it use for socket is writable by
> >     mysql user. F.e. not /var/run which is only root-writable, but
> >     /var/run/mysql which has correct ownership and permissions. Then
> mysqld
> >     has enough power to create any file there if only DAC security model
> is
> >     in use.
> >
> >     This is not necessary true for other security models like selinux,
> >     grsecurity or RBAC. They require additional settings to be done. Most
> >     common one is selinux, it is enabled by default on at least Fedora
> and
> >     RHEL setups. Unfortunately there is no selinux policy module for
> >     pacemaker yet, so selinux should be disabled for it to run.
> >
> >     Don't you have it enabled BTW?
> >
> >     If yes, then try to disable it (permanently).
> >
> >
> >     Best,
> >     Vladislav
> >
> >     _______________________________________________
> >     Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> >     <mailto:Pacemaker at oss.clusterlabs.org>
> >     http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> >     Project Home: http://www.clusterlabs.org
> >     Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> >     Bugs:
> >
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
> >
> >
> >
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs:
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs:
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20110611/30702c62/attachment-0003.html>

More information about the Pacemaker mailing list