Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2132582

Summary: pcs booth - consider adding support for enable-authfile
Product: Red Hat Enterprise Linux 8 Reporter: Tomas Jelinek <tojeline>
Component: pcsAssignee: Ondrej Mular <omular>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: high Docs Contact: Steven J. Levine <slevine>
Priority: high    
Version: 8.0CC: bstinson, cluster-maint, cluster-qe, idevat, jfriesse, jwboyer, mlisik, mmazoure, mpospisi, nhostako, omular, slevine, svalasti, tojeline
Target Milestone: rcKeywords: Triaged
Target Release: 8.8Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.10.15-1.el8 Doc Type: Enhancement
Doc Text:
.New `enable-authfile` Booth configuration option When you create a Booth configuration to use the Booth ticket manager in a cluster configuration, the `pcs booth setup` command now enables the new `enable-authfile` Booth configuration option by default. You can enable this option on an existing cluster with the `pcs booth enable-authfile` command. Additionally, the `pcs status` and `pcs booth status` commands now display warnings when they detect a possible `enable-authfile` misconfiguration.
 Story Points: ---
Clone Of: 2116295 Environment:
Last Closed: 2023-05-16 08:12:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Jelinek 2022-10-06 08:15:26 UTC 
+++ This bug was initially created as a clone of Bug #2116295 +++

Description of problem:
Add support for booth enable-authfile directive added because of bug 2111669 (reproducer bug 2111669 comment 5)

TL;DR booth was ignoring authfile directive (added by default by pcs) - to prevent breaking compatibility with existing configurations during update, RHEL 8/9 specific patch was added (so by default authfile is ignored until enable-authfile is set).

Version-Release number of selected component (if applicable):
Everywhere

How reproducible:
100%

Steps to Reproduce:
1. configure booth using pcs

Actual results:
`enable-authfile` not added

Expected results (all are questionable):
- enable-authfile set by default for new configs (when authfile is filled)?
- add ability to change enable-authfile?
- display warning when authfile is set and enable-authfile is unset?

Additional info:
enable-authfile directive is RHEL specific and will be removed in next major RHEL version (for Fedora, it's in f35/36 but it doesn't exist in rawhide).
Comment 1 Tomas Jelinek 2022-10-06 08:29:30 UTC 
What we want to do:
* Add 'enable-authfile: yes' to newly created booth config ('pcs booth setup' command)
* Print a warning in 'pcs status', if booth is enabled, authfile is present, and 'enable-authfile: yes' is missing in booth config
* Add a command for changing 'enable-authfile' so that it can be enabled in existing configuration
Comment 5 Ondrej Mular 2022-11-11 10:12:59 UTC 
Upstream patch: https://github.com/ClusterLabs/pcs/commit/9b5f1410efe6ae5cd033bb0bcd28e76b76123ac9

Option `enable-authfile = yes` is always added to booth configuration for new booth setups when using `pcs booth setup` command
New commands for managing `enable-authfile` booth option:
 - pcs booth enable-authfile
 - pcs booth clean-enable-authfile
Incorrect usage of `enable-authfile` option warnings are displayed when running `pcs status` and `pcs booth status`.

Test:
[root@rhel87-devel1 pcs]# pcs booth setup sites rhel87-devel1 rhel87-devel2 arbitrators rhel87-devel3
[root@rhel87-devel1 pcs]# pcs booth config | grep authfile
authfile = /etc/booth/booth.key
enable-authfile = yes
Comment 6 Michal Pospisil 2022-11-24 16:53:02 UTC 
DevTestResults:

[root@r08-08-a ~]# rpm -q pcs
pcs-0.10.15-1.el8.x86_64

[root@r08-08-a ~]# pcs booth setup sites r08-08-a.vm r08-08-b.vm arbitrators r08-08-c.vm

[root@r08-08-a ~]# pcs booth config | grep authfile
authfile = /etc/booth/booth.key
enable-authfile = yes
Comment 15 errata-xmlrpc 2023-05-16 08:12:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (pcs bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2738