© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hi Billy,
So can you confirm that pacemaker *is* running under haclient/hacluster uid/gid?
Note, the comments above don't seem correct to me. The 'INSTALL' file shipped with corosync says:
> Before running any of the test programs
> -------
> The corosync executive will ensure security by only allowing the UID 0(root) or
> GID 0(root) to connect to it. To allow other users to access the corosync
> executive, create a directory called /etc/corosync/
> it named in some way that is identifiable to you. All files in this directory
> will be scanned and their contents added to the allowed uid gid database. The
> contents of this file should be
> uidgid {
> uid: username
> gid: groupname
> }
> Please note that these users then have full ability to transmit and receive
> messages in the cluster and are not bound by the threat model described in
> SECURITY.
So the 'workaround' in comment #14 seems to be not a a workaround but required configuration (for the charm to do).