Hi,
Since upstream version 0.9.158, pcs takes care of the pacemaker authkey
itself [1] (Pacemaker version doesn't matter in this case).
That means:
* pcs wipes out the authkey on "cluster destroy"
* pcs creates and distributes the authkey on "cluster setup"
* pcs distributes the authkey when adding a node to a cluster
* pcs removes the authkey from a node when removing the node from a cluster
The preferred solution is to let pcs do its job.
pcs cluster setup --name <cluster-name> <node1> <node2> ... <nodeN>
will create and distribute all config files including a pacemaker
authkey to all nodes specified for you. Why are you using the --local
flag anyway?
In RHEL 7.4 the situation is a bit different. RHEL 7.4 pcs packages
contain a patch which makes the "pcs cluster setup" command use an
existing pacemaker authkey. [2] This patch however does not apply when
the --local flag is used in the setup command.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1176018
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1459503
Regards,
Tomas
Dne 22.2.2018 v 20:50 Faaland, Olaf P. napsal(a):
Hi,
I see when I invoke
# pcs cluster setup --force --local --name <cluster-name>
<net-interface-name>
It reports "Removing all cluster configuration files..." and true to its
word, removes /etc/pacemaker/authkey.
My cluster configuration depends on nodes running pacemaker_remote and
so I depend on the authkey to communicate with them. The authkey is
distributed among the nodes by a configuration management tool, in this
case CFEngine, and if the authkey were not deleted, when pacemaker was
started it and the remotes would successfully communicate with each
other immediately.
Is there some other solution to this key distribution problem that is
preferred, and that is not affected by the removal of authkey? Or is
there some way to tell pcs not to remove that file?
I see this behavior on RHEL 7.4 / pacemaker-1.1.16-12.el7.x86_64
Also, is this a recent change? I don't recall this occurring with an
earlier version of RHEL/pacemaker.
thanks,
Olaf P. Faaland
Livermore Computing
_______________________________________________
Users mailing list: [email protected]
https://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: [email protected]
https://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
