<div class="gmail_quote">On Mon, Dec 12, 2011 at 9:48 PM, Larry Brigman <span dir="ltr">&lt;<a href="mailto:larry.brigman@gmail.com">larry.brigman@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="HOEnZb"><div class="h5"><div class="gmail_quote">On Mon, Dec 12, 2011 at 4:38 PM, Andreas Kurz <span dir="ltr">&lt;<a href="mailto:andreas@hastexo.com" target="_blank">andreas@hastexo.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>On 12/12/2011 03:37 AM, Larry Brigman wrote:<br></div></blockquote></div>....<br></div></div>[root@sweng0057 ~]# cibadmin -!<br>Pacemaker 1.1.5-1.1.sme (Build: 01e86afaaa6d4a8c4836f68df80ababd6ca3902f):  docbook-manpages ncurses cs-quorum corosync<br>
<br>Not enabled....<br>
<br>That explains it.  The configure script doesn&#39;t enable acls by default so it&#39;s not built with<br>them.<br><br>I&#39;ll make another pass when I rebuild my rpm package.<br><br></blockquote><div>Testing new build still doesn&#39;t work when acl is enabled.<br>
<br>cibadmin -!<br>Pacemaker 1.1.5-1.2.sme (Build: 01e86afaaa6d4a8c4836f68df80ababd6ca3902f):  docbook-manpages ncurses cs-quorum corosync acl<br>[root@sweng0096 ~]# cibadmin --modify --xml-text &#39;&lt;cib validate-with=&quot;pacemaker-1.1&quot;/&gt;&#39;<br>
[root@sweng0096 ~]# crm configure property enable-acl=true<br>[root@sweng0096 ~]# crm <br>crm(live)# <br>role monitor \<br>&gt;         read xpath:&quot;/cib&quot;<br>crm(live)configure#  user nvs role:monitor<br>crm(live)configure# user acm role:monitor<br>
crm(live)configure# commit<br>crm(live)configure# exit<br>bye<br>[root@sweng0096 ~]# su - nvs<br>[nvs@sweng0096 ~]$ crm status<br><br>Connection to cluster failed: connection failed<br><br><br>[root@sweng0096 ~]# cibadmin --query<br>
output modified to only include relevent portions.<br>&lt;cib epoch=&quot;16&quot; num_updates=&quot;17&quot; admin_epoch=&quot;0&quot; validate-with=&quot;pacemaker-1.1&quot; crm_feature_set=&quot;3.0.5&quot; have-quorum=&quot;0&quot; cib-last-written=&quot;Wed Jan  4 10:29:16 2012&quot; dc-uuid=&quot;<a href="http://sweng0096.lab.c-cor.com">sweng0096.lab.c-cor.com</a>&quot;&gt;<br>
  &lt;configuration&gt;<br>    &lt;crm_config&gt;<br>      &lt;cluster_property_set id=&quot;cib-bootstrap-options&quot;&gt;<br>...<br>        &lt;nvpair id=&quot;cib-bootstrap-options-enable-acl&quot; name=&quot;enable-acl&quot; value=&quot;true&quot;/&gt;<br>
      &lt;/cluster_property_set&gt;<br>...<br>    &lt;acls&gt;<br>      &lt;acl_role id=&quot;monitor&quot;&gt;<br>        &lt;read id=&quot;monitor-read&quot; xpath=&quot;/cib&quot;/&gt;<br>      &lt;/acl_role&gt;<br>      &lt;acl_user id=&quot;nvs&quot;&gt;<br>
        &lt;role_ref id=&quot;monitor&quot;/&gt;<br>      &lt;/acl_user&gt;<br>      &lt;acl_user id=&quot;acm&quot;&gt;<br>        &lt;role_ref id=&quot;monitor&quot;/&gt;<br>      &lt;/acl_user&gt;<br>    &lt;/acls&gt;<br>
  &lt;/configuration&gt;<br>...<br>&lt;/cib&gt;<br><br></div></div><br>