cluster creation and joining error

[Straightman]

I have 4 proxmox servers that I wish to configure into a cluster. When I attempted to create the first node I received an error posted below:

I am logged into the server gui my non-root credentials "jdoe@pam" which is a member of a Admins group which has permissions set for path=/ and role = Administrator. This login can be elevated to su using sudo in the shell. As su in the shell I was able to create the cluster node successfully using the pvecm create command. I am trying to understand how to resolve the configuration so that I can do this successfully in the GUI. I am gettign the same error when attempting to join the cluste ron the second node through the gui. All the nodes have the root user replaced with "jdoe@pam" and setup similarly as described for su. I have researched the error online without success and hope someone has a suggestion to try.
Note: when setting up my non-root credentials I removed the root password using cli, passwd -dl root which removes root login ability at the gui or ssh.

 

[aPollO]

The root password of a cluster node is required for adding nodes.

From this:
https://pve.proxmox.com/wiki/Cluster_Manager

And some futher information here: https://forum.proxmox.com/threads/j...ut-using-the-root-password.112345/post-484938

So in my opinion it is not supported to remove the root password. You can disable root login with password for SSH (Web UI Login still possible) in /etc/ssh/sshd_config

Just add or change this line:

# Disable root login trough SSH completly
PermitRootLogin no
# Disable root login trough SSH with password, pubkey (if set) will work
PermitRootLogin prohibit-password

If you absolutely must remove the root password, I think the only solution is to do what you did: switch to the root account from a suitably privileged user and execute the cluster join in the command line. Or, you could just temporarily set the root password for the join.

 

[Straightman]

From this:
https://pve.proxmox.com/wiki/Cluster_Manager

And some futher information here: https://forum.proxmox.com/threads/j...ut-using-the-root-password.112345/post-484938

So in my opinion it is not supported to remove the root password. You can disable root login with password for SSH (Web UI Login still possible) in /etc/ssh/sshd_config

Just add or change this line:

# Disable root login trough SSH completly
PermitRootLogin no
# Disable root login trough SSH with password, pubkey (if set) will work
PermitRootLogin prohibit-password

If you absolutely must remove the root password, I think the only solution is to do what you did: switch to the root account from a suitably privileged user and execute the cluster join in the command line. Or, you could just temporarily set the root password for the join.

Thanks for the links I will review those. Some additional questions:
1) Is it possible then to re-establish the root password and restore login to the proxmox gui?
2) Is it possible to add permissions or privileges to the jdoe authentication in the gui to align with root capabilities? When I established the jdoe account and added the admin role to that in the gui I thought that it would have elevated the capabilities to a similar level as root which is not the case.
3) Is there an equivalent ability to elevate the access and privilege in the context of the gui to allow root behaviour similarly to how sudo or su does at the CLI.

 

[Straightman]

I have resolved the question I asked in 1 above using an ssh session as jdoe elevated to su through sudo using the cli command: passwd root, the system then prompts for the root password and now root is back both in the cli and in the proxmox gui. I am able to create the cluster in the GUI now as root. Thanks for the support and I am interested in commentary regarding questions 2 and 3 above.