Red Hat Bugzilla – Bug 1207805
Need a way for pcs to clear out auth tokens
Last modified: 2016-01-29 13:19:52 EST
We should provide a command for pcs to clear out your current tokens, as well as clear out tokens/users on the server from /var/lib/pcsd Maybe something like this: pcs cluster auth --clear pcs cluster clear-auth pcs cluster auth --reset ...
This is where full-blown certificates might be nicer to work with -- deleting just selected (per some identification) authentication holders, etc. On the other hand, such approach might turn to be Pandora's box on its own.
Provide way to reset certificates and other files as well. Note: Tomas has already created the ability to use customer certificates and sync them to all nodes.
Fixed upstream here: https://github.com/feist/pcs/commit/2e74ea2059383cbf247ccc0166b3be5602c4a8c0 Command is 'pcs pcsd clear-auth [--remote] [--local]'. If you're root it will remove /var/lib/pcsd/tokens, if not ~/.pcs/tokens (with --local) With --remote it remove /var/lib/pcsd/pcs_users.conf And without --local or --remote it removes both files.
After Fix: [root@c3 ~]# rpm -q pcs pcs-0.9.142-1.el7.x86_64 [root@c3 ~]# ls -lh /var/lib/pcsd/tokens -rw-------. 1 root root 357 Jul 10 16:33 /var/lib/pcsd/tokens [root@c3 ~]# ls -lh /var/lib/pcsd/pcs_users.conf -rw-r--r--. 1 root root 1.4K Jul 10 16:33 /var/lib/pcsd/pcs_users.conf [root@c3 ~]# pcs pcsd clear-auth --remote [root@c3 ~]# ls -lh /var/lib/pcsd/tokens -rw-------. 1 root root 357 Jul 10 16:33 /var/lib/pcsd/tokens [root@c3 ~]# ls -lh /var/lib/pcsd/pcs_users.conf ls: cannot access /var/lib/pcsd/pcs_users.conf: No such file or directory [root@c3 ~]# pcs pcsd clear-auth --local [root@c3 ~]# ls -lh /var/lib/pcsd/pcs_users.conf ls: cannot access /var/lib/pcsd/pcs_users.conf: No such file or directory [root@c3 ~]# ls -lh /var/lib/pcsd/tokens ls: cannot access /var/lib/pcsd/tokens: No such file or directory [root@c3 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2290.html