[Pacemaker] failed actions: insufficient privileges
Alfredo Parisi
alfredo.parisi at gmail.com
Sat Jun 11 17:45:18 UTC 2011
not installed on my servers. and now? Thanks again..
2011/6/11 Vladislav Bogdanov <bubble at hoster-ok.com>
> 11.06.2011 20:13, Alfredo Parisi wrote:
> > Thanks again for the response.
> > Actually these are my permissions on /var/run/mysqld
> >
> > root at server1:/var/run# ls -l | grep mysql
> > drwxr-xr-x 2 mysql root 40 2011-06-11 19:06
> >
> > they are correct for mysql on pacemaker?thanks
>
> Yes.
> Please check selinux state (run getenforce as root).
>
> >
> > 2011/6/11 Vladislav Bogdanov <bubble at hoster-ok.com
> > <mailto:bubble at hoster-ok.com>>
> >
> > 11.06.2011 19:01, Alfredo Parisi wrote:
> > > Hi and thanks for the reply.
> > > I've found the problem, pacemaker haven't the privileges for
> > create the
> > > file mysqld.sock, infact if I stop one server and create
> mysqld.sock
> > > with 777 and own mysql:mysql, after restart corosync, it works...
> > > but this is only a temporary solution because when corosync is
> stopped
> > > on that machine, it delete the file socks and I have again the
> error.
> > > Someone can help me for resolve this problem with the privileges.
> >
> > Resources are run by lrmd under root permissions, so mysqld is
> started
> > by root. It then switches to mysql user and then creates that unix
> > socket. Please verify that directory it use for socket is writable by
> > mysql user. F.e. not /var/run which is only root-writable, but
> > /var/run/mysql which has correct ownership and permissions. Then
> mysqld
> > has enough power to create any file there if only DAC security model
> is
> > in use.
> >
> > This is not necessary true for other security models like selinux,
> > grsecurity or RBAC. They require additional settings to be done. Most
> > common one is selinux, it is enabled by default on at least Fedora
> and
> > RHEL setups. Unfortunately there is no selinux policy module for
> > pacemaker yet, so selinux should be disabled for it to run.
> >
> > Don't you have it enabled BTW?
> >
> > If yes, then try to disable it (permanently).
> >
> >
> > Best,
> > Vladislav
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > <mailto:Pacemaker at oss.clusterlabs.org>
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs:
> >
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
> >
> >
> >
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs:
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs:
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20110611/30702c62/attachment.htm>
More information about the Pacemaker
mailing list