[ClusterLabs] pcs cluster setup removes /etc/pacemaker/authkey

Tomas Jelinek tojeline at redhat.com
Fri Feb 23 03:44:26 EST 2018 

Hi,

Since upstream version 0.9.158, pcs takes care of the pacemaker authkey 
itself [1] (Pacemaker version doesn't matter in this case).
That means:
* pcs wipes out the authkey on "cluster destroy"
* pcs creates and distributes the authkey on "cluster setup"
* pcs distributes the authkey when adding a node to a cluster
* pcs removes the authkey from a node when removing the node from a cluster

The preferred solution is to let pcs do its job.
pcs cluster setup --name <cluster-name> <node1> <node2> ... <nodeN>
will create and distribute all config files including a pacemaker 
authkey to all nodes specified for you. Why are you using the --local 
flag anyway?

In RHEL 7.4 the situation is a bit different. RHEL 7.4 pcs packages 
contain a patch which makes the "pcs cluster setup" command use an 
existing pacemaker authkey. [2] This patch however does not apply when 
the --local flag is used in the setup command.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1176018
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1459503


Regards,
Tomas


Dne 22.2.2018 v 20:50 Faaland, Olaf P. napsal(a):
> Hi,
> 
> 
> I see when I invoke
> 
> 
> # pcs cluster setup --force --local --name <cluster-name> 
> <net-interface-name>
> 
> 
> It reports "Removing all cluster configuration files..." and true to its 
> word, removes /etc/pacemaker/authkey.
> 
> 
> My cluster configuration depends on nodes running pacemaker_remote and 
> so I depend on the authkey to communicate with them.  The authkey is 
> distributed among the nodes by a configuration management tool, in this 
> case CFEngine, and if the authkey were not deleted, when pacemaker was 
> started it and the remotes would successfully communicate with each 
> other immediately.
> 
> 
> Is there some other solution to this key distribution problem that is 
> preferred, and that is not affected by the removal of authkey?  Or is 
> there some way to tell pcs not to remove that file?
> 
> 
> I see this behavior on RHEL 7.4 / pacemaker-1.1.16-12.el7.x86_64
> 
> 
> Also, is this a recent change?  I don't recall this occurring with an 
> earlier version of RHEL/pacemaker.
> 
> 
> thanks,
> 
> 
> Olaf P. Faaland
> Livermore Computing
> 
> 
> 
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> https://lists.clusterlabs.org/mailman/listinfo/users
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

More information about the Users mailing list