[Pacemaker] failed actions: insufficient privileges

Vladislav Bogdanov bubble at hoster-ok.com
Sat Jun 11 17:01:12 UTC 2011


11.06.2011 19:01, Alfredo Parisi wrote:
> Hi and thanks for the reply.
> I've found the problem, pacemaker haven't the privileges for create the
> file mysqld.sock, infact if I stop one server and create mysqld.sock
> with 777 and own mysql:mysql, after restart corosync, it works...
> but this is only a temporary solution because when corosync is stopped
> on that machine, it delete the file socks and I have again the error.
> Someone can help me for resolve this problem with the privileges.

Resources are run by lrmd under root permissions, so mysqld is started
by root. It then switches to mysql user and then creates that unix
socket. Please verify that directory it use for socket is writable by
mysql user. F.e. not /var/run which is only root-writable, but
/var/run/mysql which has correct ownership and permissions. Then mysqld
has enough power to create any file there if only DAC security model is
in use.

This is not necessary true for other security models like selinux,
grsecurity or RBAC. They require additional settings to be done. Most
common one is selinux, it is enabled by default on at least Fedora and
RHEL setups. Unfortunately there is no selinux policy module for
pacemaker yet, so selinux should be disabled for it to run.

Don't you have it enabled BTW?

If yes, then try to disable it (permanently).


Best,
Vladislav




More information about the Pacemaker mailing list