On 12/06/2013, at 8:28 PM, Wolfgang Routschka <wolfgang.routsc...@drumedar.de> wrote:
> Hi, > > sorry for my mistake of course is hacluster the pacemaker user. > > nagios user is in haclient group and have full access for crmshell without > having any role/user configuration. my pacemaker version is > pacemaker-1.1.10-1.1622.6ca9c6b.git.el6.x86_64 > > In my opinion the user doesn´t have any rights although the user is in > haclient group and having no role/user configuration. Is it right? No. Users in the haclient group have full access. Thats what it is for. > > Greetings Wolfgang > > Date: Mon, 10 Jun 2013 23:03:12 +0200 > From: Lars Marowsky-Bree <l...@suse.com> > To: The Pacemaker cluster resource manager > <pacemaker@oss.clusterlabs.org> > Subject: Re: [Pacemaker] pacemaker monitoring user permision denied > Message-ID: <20130610210312.go4...@suse.de> > Content-Type: text/plain; charset=iso-8859-1 > > On 2013-06-10T18:22:37, Wolfgang Routschka <wolfgang.routsc...@drumedar.de> > wrote: > >> After reading Documentation (http://clusterlabs.org/doc/acls.html) I found >> "All user accounts must be in the haclient group." but all users in haclient >> group have full access "Note that the root and hacluster users will always >> have full access." > > uid=hacluster != gid=haclient > > > Regards, > Lars > > -- > Architect Storage/HA > SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend?rffer, > HRB 21284 (AG N?rnberg) "Experience is the name everyone gives to their > mistakes." -- Oscar Wilde > > ----- > > Hi, > > one more question about this topic. > > I installed pacemaker-1.1.10-1.1622.6ca9c6b.git.el6.x86_64 for testing with > acl. > > user nagios is configured with crm-shell and role monitor > > role monitor \ > read cib > user nagios \ > role:monitor > > After starting crmsh "Attempting connection to the cluster...Could not > establish cib_ro connection:" > > After reading Documentation (http://clusterlabs.org/doc/acls.html) I found > "All user accounts must be in the haclient group." but all users in haclient > group have full access "Note that the root and hacluster users will always > have full access." > > How can I configure my nagios user to only running crm_mon for reading > cluster status. > > Greeting Wolfgang > >> On 23/04/2013, at 2:56 PM, Andreas Mock <Andreas.Mock at >> web.de<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>> wrote: >> >> Hi Andrew, >> >> is 1.1.10-rc1 a working title or can the package be found somewhere? >> >> Its currently just a tag. >> Grabbing the source tree and running "make TAG=Pacemaker-1.1.10-rc1 rpm" >> will give you packages. >> >> >> I saw that on http://clusterlabs.org/rpm-next/rhel-6/x86_64/ >> there is a new 1.1.9 build. >> Is this a new snapshop build (e.g. having memory leak corrections)? >> >> No, its a rebuild that turns cman support back on. >> >> >> Best regards >> Andreas Mock >> >> >> -----Ursprüngliche Nachricht----- >> Von: Andrew Beekhof [mailto:andrew at >> beekhof.net<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>] >> Gesendet: Dienstag, 23. April 2013 01:46 >> An: The Pacemaker cluster resource manager >> Betreff: Re: [Pacemaker] pacemaker monitoring user permision denied >> >> >> On 23/04/2013, at 1:45 AM, Wolfgang Routschka >> <wolfgang.routschka at >> drumedar.de<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>> wrote: >> >>> Hi everbody, >>> >>> I want to monitor our pacemaker/cman cluster on scientific linux 6.4 RHEL >> clone with nagios . >>> >>> After reading documentation http://clusterlabs.org/doc/acls.html and >>> configuration my nagios user isn´t able to start crm_mon >>> >>> "Attempting connection to the cluster...Could not establish cib_ro >> connection: Permission denied (13)" >>> >>> User is in haclient group >>> >>> [nagios at xx<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> ~]$ id >>> uid=510(nagios) gid=310(nagios) Gruppen=310(nagios),498(haclient) >> >> This is a known issue that has been fixed in 1.1.10-rc1 >> >>> >>> I used Pacemaker 1.1.8-7.el6.x86_64 >>> >>> My CIB schema is configured for pacemaker-1.2 >>> >>> <cib epoch="259" num_updates="31" admin_epoch="0" >> validate-with="pacemaker-1.2" >>> >>> enable acl is configured >>> >>> crm configure show >>> >>> property $id="cib-bootstrap-options" \ >>> dc-version="1.1.8-7.el6-394e906" \ >>> cluster-infrastructure="cman" \ >>> no-quorum-policy="ignore" \ >>> stonith-enabled="false" \ >>> enable-acl="true" >>> >>> Greetings >>> >>> _______________________________________________ >>> Pacemaker mailing list: Pacemaker at >>> oss.clusterlabs.org<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker >>> >>> Project Home: http://www.clusterlabs.org Getting started: >>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>> Bugs: http://bugs.clusterlabs.org >> >> >> _______________________________________________ >> Pacemaker mailing list: Pacemaker at >> oss.clusterlabs.org<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >> http://oss.clusterlabs.org/mailman/listinfo/pacemaker >> >> Project Home: http://www.clusterlabs.org Getting started: >> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >> Bugs: http://bugs.clusterlabs.org >> >> >> _______________________________________________ >> Pacemaker mailing list: Pacemaker at >> oss.clusterlabs.org<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >> http://oss.clusterlabs.org/mailman/listinfo/pacemaker >> >> Project Home: http://www.clusterlabs.org >> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >> Bugs: http://bugs.clusterlabs.org > > > -------------- n?chster Teil -------------- > Ein Dateianhang mit HTML-Daten wurde abgetrennt... > URL: > <http://oss.clusterlabs.org/pipermail/pacemaker/attachments/20130610/154edaef/attachment.html> > > Previous message: [Pacemaker] What kind of cluster stack at > opensuse-repositories > Next message: [Pacemaker] pacemaker monitoring user permision denied > Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] > > More information about the Pacemaker mailing list > > > _______________________________________________ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org