Bug 1207805

Summary: Need a way for pcs to clear out auth tokens
Product: Red Hat Enterprise Linux 7 Reporter: Chris Feist <cfeist>
Component: pcsAssignee: Chris Feist <cfeist>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: medium Docs Contact:
Priority: high    
Version: 7.2CC: cluster-maint, jpokorny, rsteiger, sbradley, tojeline
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.9.142-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 09:36:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Feist 2015-03-31 18:28:15 UTC 
We should provide a command for pcs to clear out your current tokens, as well as clear out tokens/users on the server from /var/lib/pcsd

Maybe something like this:
pcs cluster auth --clear
pcs cluster clear-auth
pcs cluster auth --reset
...
Comment 1 Jan Pokorný [poki] 2015-03-31 18:37:11 UTC 
This is where full-blown certificates might be nicer to work with
-- deleting just selected (per some identification) authentication
holders, etc.  On the other hand, such approach might turn to be
Pandora's box on its own.
Comment 2 Chris Feist 2015-06-11 15:12:33 UTC 
Provide way to reset certificates and other files as well.

Note: Tomas has already created the ability to use customer certificates and sync them to all nodes.
Comment 3 Chris Feist 2015-06-23 21:30:50 UTC 
Fixed upstream here:

https://github.com/feist/pcs/commit/2e74ea2059383cbf247ccc0166b3be5602c4a8c0

Command is 'pcs pcsd clear-auth [--remote] [--local]'.

If you're root it will remove /var/lib/pcsd/tokens, if not ~/.pcs/tokens (with --local)

With --remote it remove /var/lib/pcsd/pcs_users.conf

And without --local or --remote it removes both files.
Comment 4 Chris Feist 2015-07-10 21:40:15 UTC 
After Fix:

[root@c3 ~]# rpm -q pcs
pcs-0.9.142-1.el7.x86_64
[root@c3 ~]# ls -lh /var/lib/pcsd/tokens 
-rw-------. 1 root root 357 Jul 10 16:33 /var/lib/pcsd/tokens
[root@c3 ~]# ls -lh /var/lib/pcsd/pcs_users.conf 
-rw-r--r--. 1 root root 1.4K Jul 10 16:33 /var/lib/pcsd/pcs_users.conf
[root@c3 ~]# pcs pcsd clear-auth --remote
[root@c3 ~]# ls -lh /var/lib/pcsd/tokens 
-rw-------. 1 root root 357 Jul 10 16:33 /var/lib/pcsd/tokens
[root@c3 ~]# ls -lh /var/lib/pcsd/pcs_users.conf 
ls: cannot access /var/lib/pcsd/pcs_users.conf: No such file or directory
[root@c3 ~]# pcs pcsd clear-auth --local
[root@c3 ~]# ls -lh /var/lib/pcsd/pcs_users.conf 
ls: cannot access /var/lib/pcsd/pcs_users.conf: No such file or directory
[root@c3 ~]# ls -lh /var/lib/pcsd/tokens 
ls: cannot access /var/lib/pcsd/tokens: No such file or directory
[root@c3 ~]#
Comment 8 errata-xmlrpc 2015-11-19 09:36:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2290.html