<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h1
{mso-style-priority:9;
mso-style-link:"Überschrift 1 Zchn";
margin-top:24.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:14.0pt;
font-family:"Arial","sans-serif";
color:black;}
h2
{mso-style-priority:9;
mso-style-link:"Überschrift 2 Zchn";
margin-top:10.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:13.0pt;
font-family:"Arial","sans-serif";
color:black;}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
margin-top:0cm;
margin-right:0cm;
margin-bottom:15.0pt;
margin-left:0cm;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Arial","sans-serif";
color:#4A4A48;
letter-spacing:.25pt;}
p.MsoTitleCxSpFirst, li.MsoTitleCxSpFirst, div.MsoTitleCxSpFirst
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
mso-style-type:export-only;
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Arial","sans-serif";
color:#4A4A48;
letter-spacing:.25pt;}
p.MsoTitleCxSpMiddle, li.MsoTitleCxSpMiddle, div.MsoTitleCxSpMiddle
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
mso-style-type:export-only;
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Arial","sans-serif";
color:#4A4A48;
letter-spacing:.25pt;}
p.MsoTitleCxSpLast, li.MsoTitleCxSpLast, div.MsoTitleCxSpLast
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:15.0pt;
margin-left:0cm;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Arial","sans-serif";
color:#4A4A48;
letter-spacing:.25pt;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:39;
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Arial","sans-serif";
mso-fareast-language:EN-US;}
span.MsoIntenseEmphasis
{mso-style-priority:21;
color:#CE1126;
font-weight:bold;
font-style:italic;}
span.berschrift1Zchn
{mso-style-name:"Überschrift 1 Zchn";
mso-style-priority:9;
mso-style-link:"Überschrift 1";
font-family:"Arial","sans-serif";
color:black;
font-weight:bold;}
span.berschrift2Zchn
{mso-style-name:"Überschrift 2 Zchn";
mso-style-priority:9;
mso-style-link:"Überschrift 2";
font-family:"Arial","sans-serif";
color:black;
font-weight:bold;}
span.TitelZchn
{mso-style-name:"Titel Zchn";
mso-style-priority:10;
mso-style-link:Titel;
font-family:"Arial","sans-serif";
color:#4A4A48;
letter-spacing:.25pt;}
span.E-MailFormatvorlage23
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#646460;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Arial","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">I guess corosync and pacemaker are started as user hacluster<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">The method start of the init script managed by SMF:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">…<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">start() {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"> stop<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"> su ${CLUSTER_USER} -c ${APPPATH}${COROSYNC}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"> sleep $sleep0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"> su ${CLUSTER_USER} -c ${APPPATH}${PACEMAKERD} &<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">
</span><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">return 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">}<o:p></o:p></span></p>
<p class="MsoNormal">….<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">root@zd-sol-s1:~# ps -ef|grep lrmd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">hacluster 3886 3882 0 Oct 23 ? 0:06 /opt/ha/libexec/pacemaker/lrmd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">
</span><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">root 17397 3312 0 11:03:59 pts/2 0:00 grep lrmd<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">In this case you need sudo.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460">Alternatively you may add the necessary RBAC roles.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#646460"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Vincenzo Pii [mailto:piiv@zhaw.ch]
<br>
<b>Gesendet:</b> Freitag, 24. Oktober 2014 14:11<br>
<b>An:</b> Andrew Beekhof<br>
<b>Cc:</b> The Pacemaker cluster resource manager<br>
<b>Betreff:</b> Re: [Pacemaker] IPaddr resource agent on Illumos<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I think I have a pretty custom setup, so the IPaddr script is being run by hacluster (added a whoami echo and checked the logs to be sure).<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Anyway, the passwordless sudo works around the problem :)!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Vincenzo.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2014-10-24 7:37 GMT+02:00 Andrew Beekhof <<a href="mailto:andrew@beekhof.net" target="_blank">andrew@beekhof.net</a>>:<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
> On 24 Oct 2014, at 3:13 am, Andrei Borzenkov <<a href="mailto:arvidjaar@gmail.com">arvidjaar@gmail.com</a>> wrote:<br>
><br>
> В Thu, 23 Oct 2014 17:51:24 +0200<br>
> Vincenzo Pii <<a href="mailto:piiv@zhaw.ch">piiv@zhaw.ch</a>> пишет:<br>
><br>
>> I am trying to run the IPaddr resource agent on an active/passive cluster<br>
>> on Illumos nodes (pacemaker, corosync, crm... built from updated sources).<br>
>><br>
>> By reading the example from Saso here<br>
>> <a href="http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html" target="_blank">
http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html</a>,<br>
>> this would seem straightforward and this makes me think that I am doing<br>
>> something wrong :)!<br>
>><br>
>> I patched the IPaddr script to use /usr/bin/gnu/sh and to avoid finding a<br>
>> free interface with \" grep "^$NIC:[0-9]" \" as that is just not the case,<br>
>> but now I am stuck at trying to configure the ip address.<br>
>><br>
>> This, in the script, is done with ifconfig (something like<br>
>><br>
>> ifconfig e1000g2 inet 10.0.100.4 && ifconfig e1000g2 netmask<br>
>> 255.255.255.0 && ifconfig e1000g2 up<br>
>><br>
>> ).<br>
>><br>
>> However, the script is run by the hacluster user, which cannot write<br>
>> network configuration settings.<br>
>><br>
><br>
> Unless I'm completely confused, resource scripts are launched by lrmd<br>
> which runs as root.<br>
<br>
Correct<br>
<br>
><br>
>> To solve this problem, I am now looking at profiles, roles and<br>
>> authorizations, which seems to be a very "user friendly" way to handle<br>
>> permissions in Solaris.<br>
>><br>
>> My question is: there is no mention of this in Saso's post, or other<br>
>> discussions (even thought old ones) that I've come across today; am I<br>
>> missing something obvious, or this is just the way it has to be?<br>
>><br>
>> This is how I configure the IPaddr prmitive:<br>
>><br>
>> # ipadm create-if e1000g2<br>
>> # crm configure primitive frontend_IP ocf:heartbeat:IPaddr params<br>
>> ip="10.0.100.4" cidr_netmask="255.255.255.0" nic="e1000g2"<br>
>><br>
>> Many thanks,<br>
>> Vincenzo.<br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br>
> <a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">
http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
><br>
> Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
> Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
> Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Vincenzo Pii<o:p></o:p></p>
</div>
<p class="MsoNormal">Researcher, InIT Cloud Computing Lab<br>
Zurich University of Applied Sciences (ZHAW)<br>
<a href="http://blog.zhaw.ch/icclab" target="_blank"><span style="color:#1155CC">blog.zhaw.ch/icclab</span></a><o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>