Authenticating Pacemaker cluster nodes allows pcs to coordinate resource management and distribute cluster configuration across hosts without manual credential prompts on every action.
The pcs host auth command uses the hacluster account to authenticate with the pcsd daemon on each node, establishing a trust relationship used by later cluster operations. Once authorized, pcs can communicate with the approved nodes for cluster setup and ongoing administration tasks.
Node names must resolve consistently (short name vs FQDN), and network reachability to pcsd must be available between nodes (TCP 2224 by default). Incorrect passwords, hostname resolution issues, or blocked ports can produce partial authorization that prevents cluster creation or node additions from completing cleanly.
Related: How to create a Pacemaker cluster
Related: How to add a node to a Pacemaker cluster
Steps to authenticate Pacemaker nodes with PCS:
- Confirm each node name resolves to the correct address from the node running pcs.
$ getent hosts node-01.example.net node-02.example.net node-03.example.net 192.0.2.11 node-01.example.net node-01 192.0.2.12 node-02.example.net node-02 192.0.2.13 node-03.example.net node-03
Pass the same hostname form to all pcs commands to avoid authorizing duplicates (node-01 vs node-01.example.net).
- Set the hacluster password on every node.
$ sudo passwd hacluster New password: Retype new password: passwd: password updated successfully.
The password must match on every node for a single interactive pcs host auth run.
- Verify the pcsd service is active on every node.
$ sudo systemctl is-active pcsd active
pcsd listens on TCP port 2224 by default, so host firewalls must allow node-to-node access.
- Authenticate nodes from a secured administrative host.
$ sudo pcs host auth node-01 node-02 node-03 -u hacluster -p 'ClusterPass123!' node-01: Authorized node-02: Authorized node-03: Authorized
hacluster credentials are used to authorize multiple nodes, so initiate authentication only from a trusted administrative system.
- Confirm authorization succeeds for an individual node.
$ sudo pcs host auth node-01 -u hacluster -p 'ClusterPass123!' node-01: Authorized
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
