Wednesday, October 12, 2016
Pacemaker - pcs cluster auth does not work on CentOS 6.x
Recently we were trying to fix an issue with our pacemaker/cman cluster on CentOS 6.7.
Regardless of everything we tried, pcs cluster auth was not working.
Started digging and found PAM blocking auth in /var/log/secure
Upon investigation started looking at this file
And commented out this line
auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/login.group.allowed
This fixed the problem but since our PAM configs are pushed via puppet, they were being overwritten during puppet run so I kept looking and found this
# in this file add haclient
Check auth like this
pcs cluster auth nodeA nodeB -u hacluster
Assumption is you already have a password set for hacluster user.
If not then set it from root as:
Then restart pcsd service