Pacemaker ACL with "write xpath /cib" permission does not allow the creation of constraints
Issue
- A user's Pacemaker ACL role has full write permissions, but creating a constraint fails as shown below.
[testuser@fastvm-rhel-7-6-21 ~]$ pcs acl
ACLs are enabled
User: testuser
Roles: ATSE_Admin
Role: ATSE_Admin
Description: admin
Permission: write xpath /cib (ATSE_Admin-write)
[testuser@fastvm-rhel-7-6-21 ~]$ groups
testuser haclient
[testuser@fastvm-rhel-7-6-21 ~]$ pcs constraint location my_dummy prefers fastvm-rhel-7-6-21
Error: Unable to update cib
Call cib_replace failed (-13): Permission denied
Environment
- Red Hat Enterprise Linux 7 (with the High Availability Add-on)
- Red Hat Enterprise Linux 8 (with the High Availability Add-on)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.