It seems the installer is placing the "root" username with a blank password into /etc/sysconfig/clustercheck.  This is a poor security practice as the root user has unlimited permissions and is also misleading to users who often change their root account password such that clustercheck no longer functions.

Best practice for /etc/sysconfig/clustercheck is that a user named "clustercheck" is created with any strong password; then, the account should be created in the Galera cluster as:

    GRANT USAGE ON *.* TO 'clustercheck'@'localhost' IDENTIFIED BY PASSWORD '<password>';

The above grant most likely needs to be established on each MariaDB node running individually, since the Galera cluster can't be started by pacemaker until /etc/sysconfig/clustercheck has a working login.   OTOH, if the Galera cluster is up and running through some other means, the above grant can be invoked on just one node and Galera will replicate it to the other nodes.