[Pacemaker] ACL setup
Andreas Kurz
andreas at hastexo.com
Fri Dec 9 18:19:00 EST 2011
Hello Larry,
On 12/09/2011 11:15 PM, Larry Brigman wrote:
> I have installed pacemaker 1.1.5 and configure ACLs based on the info from
> http://www.clusterlabs.org/doc/acls.html
>
> It looks like the user still does not have read access.
>
> Here is the acl section of config
> <acls>
> <acl_role id="monitor">
> <read id="monitor-read" xpath="/cib"/>
> </acl_role>
> <acl_user id="nvs">
> <role_ref id="monitor"/>
> </acl_user>
> <acl_user id="acm">
> <role_ref id="monitor"/>
> </acl_user>
> </acls>
>
> Here is what the user is getting:
> [nvs at sweng0057 ~]$ crm node show
> Signon to CIB failed: connection failed
> Init failed, could not perform requested operations
> ERROR: cannot parse xml: no element found: line 1, column 0
> [nvs at sweng0057 ~]$ crm status
>
> Connection to cluster failed: connection failed
>
>
> Any ideas as to why this wouldn't work and what to fix?
If you really followed exactly the guide ... did you check user nvs
already is in group "haclient"?
You may only need to "reload" group membership for nvs by doing a
logout/login or a "su - nvs".
Regards,
Andreas
--
Need help with Pacemaker?
http://www.hastexo.com/now
>
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 286 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20111210/70d292a3/attachment-0003.sig>
More information about the Pacemaker
mailing list