Bug 2049747 - ha_cluster - set permissions for haclient group [NEEDINFO]
Summary: ha_cluster - set permissions for haclient group
Alias: None
Deadline: 2022-02-08
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: rhel-system-roles
Version: 8.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.6
Assignee: Rich Megginson
QA Contact: David Jež
Steven J. Levine
Whiteboard: role:ha_cluster
Depends On:
Blocks: 2049754
TreeView+ depends on / blocked
Reported: 2022-02-02 16:19 UTC by Rich Megginson
Modified: 2022-05-10 14:39 UTC (History)
9 users (show)

Fixed In Version: rhel-system-roles-1.14.0-1.el8
Doc Type: Bug Fix
Doc Text:
.Default `pcsd` permissions for HA Cluster System Role now allow access for group `haclient` Previously, when a user ran the HA Cluster System Role with the default `pcsd` permissions that were set with the `ha_cluster_pcs_permission_list` variable, only members of the group `hacluster` had access to the cluster. With this fix, the default `pcsd` permissions allow the group `haclient` to manage the cluster and all members of `haclient` can now access and manage the cluster.
Clone Of:
: 2049754 (view as bug list)
Last Closed: 2022-05-10 14:12:50 UTC
Type: Bug
Target Upstream Version:
rmeggins: needinfo? (mnovacek)

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github linux-system-roles ha_cluster pull 36 0 None Merged fix default pcsd permissions 2022-02-02 16:19:41 UTC
Red Hat Issue Tracker RHELPLAN-110790 0 None None None 2022-02-02 16:32:14 UTC
Red Hat Product Errata RHBA-2022:1896 0 None None None 2022-05-10 14:13:03 UTC

Description Rich Megginson 2022-02-02 16:19:42 UTC
Description of problem:

Previously, permissions were set for 'hacluster' group. Correct name of the group is 'haclient'.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 2 Tomas Jelinek 2022-02-03 10:02:28 UTC
Verification instructions:
1) run the ha_cluster role with default settings
2) cat /var/lib/pcsd/pcs_settings.conf
3) find "permissions" section
before fix:
  "permissions": {
    "local_cluster": [
        "type": "group",
        "name": "hacluster",
        "allow": [
after fix:
  "permissions": {
    "local_cluster": [
        "type": "group",
        "name": "haclient",
        "allow": [

Comment 19 errata-xmlrpc 2022-05-10 14:12:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.