[ClusterLabs] pcs cluster setup removes /etc/pacemaker/authkey
Tomas Jelinek
tojeline at redhat.com
Fri Feb 23 03:44:26 EST 2018
Hi,
Since upstream version 0.9.158, pcs takes care of the pacemaker authkey
itself [1] (Pacemaker version doesn't matter in this case).
That means:
* pcs wipes out the authkey on "cluster destroy"
* pcs creates and distributes the authkey on "cluster setup"
* pcs distributes the authkey when adding a node to a cluster
* pcs removes the authkey from a node when removing the node from a cluster
The preferred solution is to let pcs do its job.
pcs cluster setup --name <cluster-name> <node1> <node2> ... <nodeN>
will create and distribute all config files including a pacemaker
authkey to all nodes specified for you. Why are you using the --local
flag anyway?
In RHEL 7.4 the situation is a bit different. RHEL 7.4 pcs packages
contain a patch which makes the "pcs cluster setup" command use an
existing pacemaker authkey. [2] This patch however does not apply when
the --local flag is used in the setup command.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1176018
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1459503
Regards,
Tomas
Dne 22.2.2018 v 20:50 Faaland, Olaf P. napsal(a):
> Hi,
>
>
> I see when I invoke
>
>
> # pcs cluster setup --force --local --name <cluster-name>
> <net-interface-name>
>
>
> It reports "Removing all cluster configuration files..." and true to its
> word, removes /etc/pacemaker/authkey.
>
>
> My cluster configuration depends on nodes running pacemaker_remote and
> so I depend on the authkey to communicate with them. The authkey is
> distributed among the nodes by a configuration management tool, in this
> case CFEngine, and if the authkey were not deleted, when pacemaker was
> started it and the remotes would successfully communicate with each
> other immediately.
>
>
> Is there some other solution to this key distribution problem that is
> preferred, and that is not affected by the removal of authkey? Or is
> there some way to tell pcs not to remove that file?
>
>
> I see this behavior on RHEL 7.4 / pacemaker-1.1.16-12.el7.x86_64
>
>
> Also, is this a recent change? I don't recall this occurring with an
> earlier version of RHEL/pacemaker.
>
>
> thanks,
>
>
> Olaf P. Faaland
> Livermore Computing
>
>
>
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
More information about the Users
mailing list