[Pacemaker] failed actions: insufficient privileges

Vladislav Bogdanov bubble at hoster-ok.com
Sat Jun 11 17:23:59 UTC 2011 

11.06.2011 20:13, Alfredo Parisi wrote:
> Thanks again for the response.
> Actually these are my permissions on /var/run/mysqld
> 
> root at server1:/var/run# ls -l | grep mysql
> drwxr-xr-x 2 mysql      root         40 2011-06-11 19:06
> 
> they are correct for mysql on pacemaker?thanks

Yes.
Please check selinux state (run getenforce as root).

> 
> 2011/6/11 Vladislav Bogdanov <bubble at hoster-ok.com
> <mailto:bubble at hoster-ok.com>>
> 
>     11.06.2011 19:01, Alfredo Parisi wrote:
>     > Hi and thanks for the reply.
>     > I've found the problem, pacemaker haven't the privileges for
>     create the
>     > file mysqld.sock, infact if I stop one server and create mysqld.sock
>     > with 777 and own mysql:mysql, after restart corosync, it works...
>     > but this is only a temporary solution because when corosync is stopped
>     > on that machine, it delete the file socks and I have again the error.
>     > Someone can help me for resolve this problem with the privileges.
> 
>     Resources are run by lrmd under root permissions, so mysqld is started
>     by root. It then switches to mysql user and then creates that unix
>     socket. Please verify that directory it use for socket is writable by
>     mysql user. F.e. not /var/run which is only root-writable, but
>     /var/run/mysql which has correct ownership and permissions. Then mysqld
>     has enough power to create any file there if only DAC security model is
>     in use.
> 
>     This is not necessary true for other security models like selinux,
>     grsecurity or RBAC. They require additional settings to be done. Most
>     common one is selinux, it is enabled by default on at least Fedora and
>     RHEL setups. Unfortunately there is no selinux policy module for
>     pacemaker yet, so selinux should be disabled for it to run.
> 
>     Don't you have it enabled BTW?
> 
>     If yes, then try to disable it (permanently).
> 
> 
>     Best,
>     Vladislav
> 
>     _______________________________________________
>     Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
>     <mailto:Pacemaker at oss.clusterlabs.org>
>     http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
>     Project Home: http://www.clusterlabs.org
>     Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>     Bugs:
>     http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
> 
> 
> 
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker

More information about the Pacemaker mailing list