Wednesday, October 12, 2016

Pacemaker - pcs cluster auth does not work on CentOS 6.x

Recently we were trying to fix an issue with our pacemaker/cman cluster on CentOS 6.7.
Regardless of everything we tried, pcs cluster auth was not working.

Started digging and found PAM blocking auth in /var/log/secure
Upon investigation started looking at this file


And commented out this line
auth            required onerr=fail item=group sense=allow file=/etc/

This fixed the problem but since our PAM configs are pushed via puppet, they were being overwritten during puppet run so I kept looking and found this

# in this file add haclient
vim /etc/

Check auth like this
pcs cluster auth nodeA nodeB -u hacluster

Assumption is you already have a password set for hacluster user.
If not then set it from root as:
passwd hacluster
Then restart pcsd service

No comments:

Post a Comment