<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Courier New" size="2"><span style="font-size:10pt;">
<div>Hi,</div>
<div> </div>
<div>one more question about this topic.</div>
<div> </div>
<div>I installed pacemaker-1.1.10-1.1622.6ca9c6b.git.el6.x86_64 for testing with acl.</div>
<div> </div>
<div>user nagios is configured with crm-shell and role monitor</div>
<div> </div>
<div>role monitor \</div>
<div> read cib</div>
<div>user nagios \</div>
<div> role:monitor</div>
<div> </div>
<div>After starting crmsh "Attempting connection to the cluster...Could not establish cib_ro connection:"</div>
<div> </div>
<div>After reading Documentation (<a href="http://clusterlabs.org/doc/acls.html"><font color="blue"><u>http://clusterlabs.org/doc/acls.html</u></font></a>) I found "All user accounts must be in the haclient group." but all users in haclient group have full
access "Note that the root and hacluster users will always have full access."</div>
<div> </div>
<div>How can I configure my nagios user to only running crm_mon for reading cluster status.</div>
<div> </div>
<div>Greeting Wolfgang</div>
<div> </div>
<div>>On 23/04/2013, at 2:56 PM, Andreas Mock <<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><u>Andreas.Mock at web.de</u></font></a>> wrote:</div>
<div>></div>
<div>><i> Hi Andrew,</i></div>
<div>><i> </i></div>
<div>><i> is 1.1.10-rc1 a working title or can the package be found somewhere?</i></div>
<div>></div>
<div>> Its currently just a tag.</div>
<div>> Grabbing the source tree and running "make TAG=Pacemaker-1.1.10-rc1 rpm" will give you packages.</div>
<div>></div>
<div>><i> </i></div>
<div>><i> I saw that on </i><a href="http://clusterlabs.org/rpm-next/rhel-6/x86_64/"><font color="blue"><i><u>http://clusterlabs.org/rpm-next/rhel-6/x86_64/</u></i></font></a></div>
<div>><i> there is a new 1.1.9 build. </i></div>
<div>><i> Is this a new snapshop build (e.g. having memory leak corrections)?</i></div>
<div>></div>
<div>> No, its a rebuild that turns cman support back on.</div>
<div>></div>
<div>><i> </i></div>
<div>><i> Best regards</i></div>
<div>><i> Andreas Mock</i></div>
<div>><i> </i></div>
<div>><i> </i></div>
<div>><i> -----Ursprüngliche Nachricht-----</i></div>
<div>><i> Von: Andrew Beekhof [mailto:</i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>andrew at beekhof.net</u></i></font></a><i>] </i></div>
<div>><i> Gesendet: Dienstag, 23. April 2013 01:46</i></div>
<div>><i> An: The Pacemaker cluster resource manager</i></div>
<div>><i> Betreff: Re: [Pacemaker] pacemaker monitoring user permision denied</i></div>
<div>><i> </i></div>
<div>><i> </i></div>
<div>><i> On 23/04/2013, at 1:45 AM, Wolfgang Routschka</i></div>
<div>><i> <</i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>wolfgang.routschka at drumedar.de</u></i></font></a><i>> wrote:</i></div>
<div>><i> </i></div>
<div>>><i> Hi everbody,</i></div>
<div>>><i> </i></div>
<div>>><i> I want to monitor our pacemaker/cman cluster on scientific linux 6.4 RHEL</i></div>
<div>><i> clone with nagios .</i></div>
<div>>><i> </i></div>
<div>>><i> After reading documentation </i><a href="http://clusterlabs.org/doc/acls.html"><font color="blue"><i><u>http://clusterlabs.org/doc/acls.html</u></i></font></a><i> and </i></div>
<div>>><i> configuration my nagios user isn´t able to start crm_mon</i></div>
<div>>><i> </i></div>
<div>>><i> "Attempting connection to the cluster...Could not establish cib_ro</i></div>
<div>><i> connection: Permission denied (13)"</i></div>
<div>>><i> </i></div>
<div>>><i> User is in haclient group</i></div>
<div>>><i> </i></div>
<div>>><i> [</i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>nagios at xx</u></i></font></a><i> ~]$ id</i></div>
<div>>><i> uid=510(nagios) gid=310(nagios) Gruppen=310(nagios),498(haclient)</i></div>
<div>><i> </i></div>
<div>><i> This is a known issue that has been fixed in 1.1.10-rc1</i></div>
<div>><i> </i></div>
<div>>><i> </i></div>
<div>>><i> I used Pacemaker 1.1.8-7.el6.x86_64</i></div>
<div>>><i> </i></div>
<div>>><i> My CIB schema is configured for pacemaker-1.2</i></div>
<div>>><i> </i></div>
<div>>><i> <cib epoch="259" num_updates="31" admin_epoch="0"</i></div>
<div>><i> validate-with="pacemaker-1.2"</i></div>
<div>>><i> </i></div>
<div>>><i> enable acl is configured</i></div>
<div>>><i> </i></div>
<div>>><i> crm configure show</i></div>
<div>>><i> </i></div>
<div>>><i> property $id="cib-bootstrap-options" \</i></div>
<div>>><i> dc-version="1.1.8-7.el6-394e906" \</i></div>
<div>>><i> cluster-infrastructure="cman" \</i></div>
<div>>><i> no-quorum-policy="ignore" \</i></div>
<div>>><i> stonith-enabled="false" \</i></div>
<div>>><i> enable-acl="true"</i></div>
<div>>><i> </i></div>
<div>>><i> Greetings</i></div>
<div>>><i> </i></div>
<div>>><i> _______________________________________________</i></div>
<div>>><i> Pacemaker mailing list: </i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>Pacemaker at oss.clusterlabs.org</u></i></font></a><i> </i></div>
<div>>><i> </i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>http://oss.clusterlabs.org/mailman/listinfo/pacemaker</u></i></font></a></div>
<div>>><i> </i></div>
<div>>><i> Project Home: </i><a href="http://www.clusterlabs.org"><font color="blue"><i><u>http://www.clusterlabs.org</u></i></font></a><i> Getting started: </i></div>
<div>>><i> </i><a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf"><font color="blue"><i><u>http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</u></i></font></a></div>
<div>>><i> Bugs: </i><a href="http://bugs.clusterlabs.org"><font color="blue"><i><u>http://bugs.clusterlabs.org</u></i></font></a></div>
<div>><i> </i></div>
<div>><i> </i></div>
<div>><i> _______________________________________________</i></div>
<div>><i> Pacemaker mailing list: </i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>Pacemaker at oss.clusterlabs.org</u></i></font></a></div>
<div>><i> </i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>http://oss.clusterlabs.org/mailman/listinfo/pacemaker</u></i></font></a></div>
<div>><i> </i></div>
<div>><i> Project Home: </i><a href="http://www.clusterlabs.org"><font color="blue"><i><u>http://www.clusterlabs.org</u></i></font></a><i> Getting started:</i></div>
<div>><i> </i><a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf"><font color="blue"><i><u>http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</u></i></font></a></div>
<div>><i> Bugs: </i><a href="http://bugs.clusterlabs.org"><font color="blue"><i><u>http://bugs.clusterlabs.org</u></i></font></a></div>
<div>><i> </i></div>
<div>><i> </i></div>
<div>><i> _______________________________________________</i></div>
<div>><i> Pacemaker mailing list: </i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>Pacemaker at oss.clusterlabs.org</u></i></font></a></div>
<div>><i> </i><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"><font color="blue"><i><u>http://oss.clusterlabs.org/mailman/listinfo/pacemaker</u></i></font></a></div>
<div>><i> </i></div>
<div>><i> Project Home: </i><a href="http://www.clusterlabs.org"><font color="blue"><i><u>http://www.clusterlabs.org</u></i></font></a></div>
<div>><i> Getting started: </i><a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf"><font color="blue"><i><u>http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</u></i></font></a></div>
<div>><i> Bugs: </i><a href="http://bugs.clusterlabs.org"><font color="blue"><i><u>http://bugs.clusterlabs.org</u></i></font></a></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
</span></font>
</body>
</html>