<div dir="ltr">I think I have a pretty custom setup, so the IPaddr script is being run by hacluster (added a whoami echo and checked the logs to be sure).<div><br></div><div>Anyway, the passwordless sudo works around the problem :)!</div><div><br></div><div>Thanks,</div><div>Vincenzo.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-10-24 7:37 GMT+02:00 Andrew Beekhof <span dir="ltr"><<a href="mailto:andrew@beekhof.net" target="_blank">andrew@beekhof.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
> On 24 Oct 2014, at 3:13 am, Andrei Borzenkov <<a href="mailto:arvidjaar@gmail.com">arvidjaar@gmail.com</a>> wrote:<br>
><br>
> В Thu, 23 Oct 2014 17:51:24 +0200<br>
> Vincenzo Pii <<a href="mailto:piiv@zhaw.ch">piiv@zhaw.ch</a>> пишет:<br>
><br>
</span><span class="">>> I am trying to run the IPaddr resource agent on an active/passive cluster<br>
>> on Illumos nodes (pacemaker, corosync, crm... built from updated sources).<br>
>><br>
>> By reading the example from Saso here<br>
>> <a href="http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html" target="_blank">http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html</a>,<br>
>> this would seem straightforward and this makes me think that I am doing<br>
>> something wrong :)!<br>
>><br>
>> I patched the IPaddr script to use /usr/bin/gnu/sh and to avoid finding a<br>
>> free interface with \" grep "^$NIC:[0-9]" \" as that is just not the case,<br>
>> but now I am stuck at trying to configure the ip address.<br>
>><br>
>> This, in the script, is done with ifconfig (something like<br>
>><br>
>> ifconfig e1000g2 inet 10.0.100.4 && ifconfig e1000g2 netmask<br>
>> 255.255.255.0 && ifconfig e1000g2 up<br>
>><br>
>> ).<br>
>><br>
>> However, the script is run by the hacluster user, which cannot write<br>
>> network configuration settings.<br>
>><br>
><br>
</span><span class="">> Unless I'm completely confused, resource scripts are launched by lrmd<br>
> which runs as root.<br>
<br>
</span>Correct<br>
<span class=""><br>
><br>
>> To solve this problem, I am now looking at profiles, roles and<br>
>> authorizations, which seems to be a very "user friendly" way to handle<br>
>> permissions in Solaris.<br>
>><br>
>> My question is: there is no mention of this in Saso's post, or other<br>
>> discussions (even thought old ones) that I've come across today; am I<br>
>> missing something obvious, or this is just the way it has to be?<br>
>><br>
>> This is how I configure the IPaddr prmitive:<br>
>><br>
>> # ipadm create-if e1000g2<br>
>> # crm configure primitive frontend_IP ocf:heartbeat:IPaddr params<br>
>> ip="10.0.100.4" cidr_netmask="255.255.255.0" nic="e1000g2"<br>
>><br>
>> Many thanks,<br>
>> Vincenzo.<br>
>><br>
><br>
><br>
</span>> _______________________________________________<br>
> Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br>
> <a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
><br>
> Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
> Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
> Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Vincenzo Pii<br></div>Researcher, InIT Cloud Computing Lab<br>Zurich University of Applied Sciences (ZHAW)<br><a href="http://blog.zhaw.ch/icclab" style="color:rgb(17,85,204)" target="_blank">blog.zhaw.ch/icclab</a><br></div>
</div>