[Pacemaker] Can't issue 'crm configure' commands under privileged user
Dejan Muhamedagic
dejanmm at fastmail.fm
Tue Oct 2 06:37:26 EDT 2012
Hi,
On Tue, Oct 02, 2012 at 09:52:39AM +0100, Colin McCormack wrote:
> Hi again,
>
> "OK. This seems to be a deficiency in lrmd which got fixed later. But
> there was a workaround in crm shell for almost two years (iirc since
> pacemaker v1.1.5)."
>
> What was this workaround - sorry for such low-level questions - but
> googling for this isn't very useful - they're all re-posts from this
> mailing i think
>
> "I meant the Pacemaker ACLs. But those are available starting with
> Pacemaker v1.1.6."
>
> I'm bound to CentOS 5.x - i did a yum install pacemaker corosync to get
> pacemaker - and the version the EPEL installed for me is 1.0.12 - can i
> get the latest version? yum update of course had no tagged updates.
Ah, it's v1.0.x. The workaround is here:
https://github.com/ClusterLabs/pacemaker/commit/dc015e4b9b38ca5a76f36a3245719966082dcdd4
Thanks,
Dejan
> Cheers and thanks again
>
> Col
>
>
>
> On 10/01/12 10:06, pacemaker-request at oss.clusterlabs.org wrote:
> >On Fri, Sep 28, 2012 at 04:51:36PM +0100, Colin McCormack wrote:
> >>> Hi Dejan - thanks for taking the time to respond again
> >>>
> >>>> >"Hangs? Wasn't it in the first message that "cibadmin is not
> >>> available"? If it hangs, then you should check the process list (pstree)
> >>> to see what the shell is doing at the time and take a look at the logs."
> >>>
> >>> crm configure...
> >>> Hangs
> >>>
> >>> sudo crm configure...
> >>> cibadmin is not available is issued
> >>>
> >>> When it hangs this is what i see with a grepped ps:
> >>>
> >>> 500 13710 13677 0 13:19 pts/10 00:00:00 /bin/sh -c sudo -E -u
> >>> colinlinux>/dev/null 2>&1 lrmadmin -C
> >OK. This seems to be a deficiency in lrmd which got fixed later.
> >But there was a workaround in crm shell for almost two years
> >(iirc since pacemaker v1.1.5).
> >
> >>> **********************************************************
> >>>
> >>>> > "For this, if I understood correctly, you would like to take a look
> >>> at ACLs. That doesn't require configuring sudo, i.e. the crm shell runs
> >>> all the time as the real user and the cluster should be instructed by a
> >>> set of ACL rules about users' rights."
> >>>
> >>> I haven't configured any ACLs yet - but i have given permissions (as a
> >>> test) to all of dir /var/lib/heartbeat/crm with no luck
> >That's not needed actually. And better not to change default
> >permissions.
> >
> >>> What directorie(s) should i apply ACLs on?
> >I meant the Pacemaker ACLs. But those are available starting with
> >Pacemaker v1.1.6.
>
>
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please note that any review, dissemination, disclosure, alteration, printing, circulation, retention or transmission of this e-mail and/or any file or attachment transmitted with it, is prohibited and may be unlawful. If you have received this e-mail or any file or attachment transmitted with it in error please notify postmaster at openet.com. Although Openet has taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
More information about the Pacemaker
mailing list