Hi Lars,
> "This doesn't "allow" the user to configure the cluster, but runs all
commands from crm as this user (even if running as root). I'm not sure
this is very well tested. "
When i then run commands like crm configure under the root user it also
hangs.
> "I have the impression that the user colinlinux doesn't have
/usr/sbin in its path."
I do, see my original mail (but i understand you could have missed it as
it was a large mail)
Thanks for your reply and time taken.
I would be keen to verify that this behaviour is reasonable to assume
<i>should</i> be in pacemaker. The equivilant is in Veritas cluster
server where certain commands are issued from a 'normal' user and
trusted to configure the cluster/node.
Thanks again
Col
On 09/27/12 18:07, pacemaker-requ...@oss.clusterlabs.org wrote:
Message: 3
Date: Thu, 27 Sep 2012 16:40:15 +0200
From: Lars Marowsky-Bree<l...@suse.com>
To: The Pacemaker cluster resource manager
<pacemaker@oss.clusterlabs.org>
Subject: Re: [Pacemaker] Can't issue 'crm configure' commands under
privileged user
Message-ID:<20120927144015.go4...@suse.de>
Content-Type: text/plain; charset=iso-8859-1
On 2012-09-27T14:57:08, Colin McCormack<colin.mccorm...@openet.com> wrote:
> I installed pacemaker/corosync as root (details below):
> Pacemaker version 1.0.12, release 1.el5.centos, x86_64
> Corosync version 1.2.7, release 1.1.el5, x86_64
You have the user in the haclient group, and thus it should be able to
control the cluster. Perhaps
> Allow user with privileged access to configure the node:
> crm options user colinlinux
This doesn't "allow" the user to configure the cluster, but runs all
commands from crm as this user (even if running as root). I'm not sure
this is very well tested.
> WITH SUDO:
> colinlinux# sudo crm configure primitive xclock ocf:tester:xclock op monitor
interval=20 timeout=20 start-delay=30s params run_user=colinlinux meta
failure-timeout="360" migration-threshold=5
> error given:
> # cibadmin not available, check your installation
I have the impression that the user colinlinux doesn't have /usr/sbin in
its path.
If you want to restrict the commands that a non-root user can execute on
the cluster, check out the CIB and the shell's ACL support.
Regards,
Lars
--
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend?rffer, HRB
21284 (AG N?rnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you are not the intended recipient, please note that any review, dissemination,
disclosure, alteration, printing, circulation, retention or transmission of
this e-mail and/or any file or attachment transmitted with it, is prohibited
and may be unlawful. If you have received this e-mail or any file or attachment
transmitted with it in error please notify postmas...@openet.com. Although
Openet has taken reasonable precautions to ensure no viruses are present in
this email, we cannot accept responsibility for any loss or damage arising from
the use of this email or attachments.
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
