Hi,
one more question about this topic.
I installed pacemaker-1.1.10-1.1622.6ca9c6b.git.el6.x86_64 for testing with acl.
user nagios is configured with crm-shell and role monitor
role monitor \
read cib
user nagios \
role:monitor
After starting crmsh "Attempting connection to the cluster...Could not
establish cib_ro connection:"
After reading Documentation (http://clusterlabs.org/doc/acls.html) I found "All
user accounts must be in the haclient group." but all users in haclient group
have full access "Note that the root and hacluster users will always have full
access."
How can I configure my nagios user to only running crm_mon for reading cluster
status.
Greeting Wolfgang
>On 23/04/2013, at 2:56 PM, Andreas Mock <Andreas.Mock at
>web.de<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>> wrote:
>
> Hi Andrew,
>
> is 1.1.10-rc1 a working title or can the package be found somewhere?
>
> Its currently just a tag.
> Grabbing the source tree and running "make TAG=Pacemaker-1.1.10-rc1 rpm" will
> give you packages.
>
>
> I saw that on http://clusterlabs.org/rpm-next/rhel-6/x86_64/
> there is a new 1.1.9 build.
> Is this a new snapshop build (e.g. having memory leak corrections)?
>
> No, its a rebuild that turns cman support back on.
>
>
> Best regards
> Andreas Mock
>
>
> -----Ursprüngliche Nachricht-----
> Von: Andrew Beekhof [mailto:andrew at
> beekhof.net<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>]
> Gesendet: Dienstag, 23. April 2013 01:46
> An: The Pacemaker cluster resource manager
> Betreff: Re: [Pacemaker] pacemaker monitoring user permision denied
>
>
> On 23/04/2013, at 1:45 AM, Wolfgang Routschka
> <wolfgang.routschka at
> drumedar.de<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>> wrote:
>
>> Hi everbody,
>>
>> I want to monitor our pacemaker/cman cluster on scientific linux 6.4 RHEL
> clone with nagios .
>>
>> After reading documentation http://clusterlabs.org/doc/acls.html and
>> configuration my nagios user isn´t able to start crm_mon
>>
>> "Attempting connection to the cluster...Could not establish cib_ro
> connection: Permission denied (13)"
>>
>> User is in haclient group
>>
>> [nagios at xx<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> ~]$ id
>> uid=510(nagios) gid=310(nagios) Gruppen=310(nagios),498(haclient)
>
> This is a known issue that has been fixed in 1.1.10-rc1
>
>>
>> I used Pacemaker 1.1.8-7.el6.x86_64
>>
>> My CIB schema is configured for pacemaker-1.2
>>
>> <cib epoch="259" num_updates="31" admin_epoch="0"
> validate-with="pacemaker-1.2"
>>
>> enable acl is configured
>>
>> crm configure show
>>
>> property $id="cib-bootstrap-options" \
>> dc-version="1.1.8-7.el6-394e906" \
>> cluster-infrastructure="cman" \
>> no-quorum-policy="ignore" \
>> stonith-enabled="false" \
>> enable-acl="true"
>>
>> Greetings
>>
>> _______________________________________________
>> Pacemaker mailing list: Pacemaker at
>> oss.clusterlabs.org<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>
>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>>
>> Project Home: http://www.clusterlabs.org Getting started:
>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>> Bugs: http://bugs.clusterlabs.org
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at
> oss.clusterlabs.org<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at
> oss.clusterlabs.org<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
