2049747 – ha_cluster - set permissions for haclient group

Bug 2049747 - ha_cluster - set permissions for haclient group [NEEDINFO]

Summary: ha_cluster - set permissions for haclient group

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Deadline:	2022-02-08
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	rhel-system-roles
Sub Component:
Version:	8.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.6
Assignee:	Rich Megginson
QA Contact:	David Jež
Docs Contact:	Steven J. Levine
URL:
Whiteboard:	role:ha_cluster
Depends On:
Blocks:	2049754
TreeView+	depends on / blocked

Reported:	2022-02-02 16:19 UTC by Rich Megginson
Modified:	2022-05-10 14:39 UTC (History)
CC List:	9 users (show)
Fixed In Version:	rhel-system-roles-1.14.0-1.el8
Doc Type:	Bug Fix
Doc Text:	.Default `pcsd` permissions for HA Cluster System Role now allow access for group `haclient` Previously, when a user ran the HA Cluster System Role with the default `pcsd` permissions that were set with the `ha_cluster_pcs_permission_list` variable, only members of the group `hacluster` had access to the cluster. With this fix, the default `pcsd` permissions allow the group `haclient` to manage the cluster and all members of `haclient` can now access and manage the cluster.
Clone Of:
Clones:	2049754 (view as bug list)
Environment:
Last Closed:	2022-05-10 14:12:50 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:
Flags:	rmeggins: needinfo? (mnovacek)

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	linux-system-roles ha_cluster pull 36	None	Merged	fix default pcsd permissions	2022-02-02 16:19:41 UTC
Red Hat Issue Tracker	RHELPLAN-110790	None	None	None	2022-02-02 16:32:14 UTC
Red Hat Product Errata	RHBA-2022:1896	None	None	None	2022-05-10 14:13:03 UTC

Description Rich Megginson 2022-02-02 16:19:42 UTC

Description of problem:

Previously, permissions were set for 'hacluster' group. Correct name of the group is 'haclient'.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Tomas Jelinek 2022-02-03 10:02:28 UTC

Verification instructions:
1) run the ha_cluster role with default settings
2) cat /var/lib/pcsd/pcs_settings.conf
3) find "permissions" section
before fix:
  "permissions": {
    "local_cluster": [
      {
        "type": "group",
        "name": "hacluster",
        "allow": [
          "grant",
          "read",
          "write"
        ]
      }
    ]
  }
after fix:
  "permissions": {
    "local_cluster": [
      {
        "type": "group",
        "name": "haclient",
        "allow": [
          "grant",
          "read",
          "write"
        ]
      }
    ]
  }

Comment 19 errata-xmlrpc 2022-05-10 14:12:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1896

Note You need to log in before you can comment on or make changes to this bug.