Hi, On Tue, Oct 02, 2012 at 09:52:39AM +0100, Colin McCormack wrote: > Hi again, > > "OK. This seems to be a deficiency in lrmd which got fixed later. But > there was a workaround in crm shell for almost two years (iirc since > pacemaker v1.1.5)." > > What was this workaround - sorry for such low-level questions - but > googling for this isn't very useful - they're all re-posts from this > mailing i think > > "I meant the Pacemaker ACLs. But those are available starting with > Pacemaker v1.1.6." > > I'm bound to CentOS 5.x - i did a yum install pacemaker corosync to get > pacemaker - and the version the EPEL installed for me is 1.0.12 - can i > get the latest version? yum update of course had no tagged updates.
Ah, it's v1.0.x. The workaround is here: https://github.com/ClusterLabs/pacemaker/commit/dc015e4b9b38ca5a76f36a3245719966082dcdd4 Thanks, Dejan > Cheers and thanks again > > Col > > > > On 10/01/12 10:06, pacemaker-requ...@oss.clusterlabs.org wrote: > >On Fri, Sep 28, 2012 at 04:51:36PM +0100, Colin McCormack wrote: > >>> Hi Dejan - thanks for taking the time to respond again > >>> > >>>> >"Hangs? Wasn't it in the first message that "cibadmin is not > >>> available"? If it hangs, then you should check the process list (pstree) > >>> to see what the shell is doing at the time and take a look at the logs." > >>> > >>> crm configure... > >>> Hangs > >>> > >>> sudo crm configure... > >>> cibadmin is not available is issued > >>> > >>> When it hangs this is what i see with a grepped ps: > >>> > >>> 500 13710 13677 0 13:19 pts/10 00:00:00 /bin/sh -c sudo -E -u > >>> colinlinux>/dev/null 2>&1 lrmadmin -C > >OK. This seems to be a deficiency in lrmd which got fixed later. > >But there was a workaround in crm shell for almost two years > >(iirc since pacemaker v1.1.5). > > > >>> ********************************************************** > >>> > >>>> > "For this, if I understood correctly, you would like to take a look > >>> at ACLs. That doesn't require configuring sudo, i.e. the crm shell runs > >>> all the time as the real user and the cluster should be instructed by a > >>> set of ACL rules about users' rights." > >>> > >>> I haven't configured any ACLs yet - but i have given permissions (as a > >>> test) to all of dir /var/lib/heartbeat/crm with no luck > >That's not needed actually. And better not to change default > >permissions. > > > >>> What directorie(s) should i apply ACLs on? > >I meant the Pacemaker ACLs. But those are available starting with > >Pacemaker v1.1.6. > > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you are not the intended recipient, please note that any review, > dissemination, disclosure, alteration, printing, circulation, retention or > transmission of this e-mail and/or any file or attachment transmitted with > it, is prohibited and may be unlawful. If you have received this e-mail or > any file or attachment transmitted with it in error please notify > postmas...@openet.com. Although Openet has taken reasonable precautions to > ensure no viruses are present in this email, we cannot accept responsibility > for any loss or damage arising from the use of this email or attachments. > > _______________________________________________ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org