[Pacemaker] Can't issue 'crm configure' commands under privileged user
Colin McCormack
colin.mccormack at openet.com
Tue Oct 2 08:52:39 UTC 2012
Hi again,
"OK. This seems to be a deficiency in lrmd which got fixed later. But
there was a workaround in crm shell for almost two years (iirc since
pacemaker v1.1.5)."
What was this workaround - sorry for such low-level questions - but
googling for this isn't very useful - they're all re-posts from this
mailing i think
"I meant the Pacemaker ACLs. But those are available starting with
Pacemaker v1.1.6."
I'm bound to CentOS 5.x - i did a yum install pacemaker corosync to get
pacemaker - and the version the EPEL installed for me is 1.0.12 - can i
get the latest version? yum update of course had no tagged updates.
Cheers and thanks again
Col
On 10/01/12 10:06, pacemaker-request at oss.clusterlabs.org wrote:
> On Fri, Sep 28, 2012 at 04:51:36PM +0100, Colin McCormack wrote:
>> > Hi Dejan - thanks for taking the time to respond again
>> >
>>> > >"Hangs? Wasn't it in the first message that "cibadmin is not
>> > available"? If it hangs, then you should check the process list (pstree)
>> > to see what the shell is doing at the time and take a look at the logs."
>> >
>> > crm configure...
>> > Hangs
>> >
>> > sudo crm configure...
>> > cibadmin is not available is issued
>> >
>> > When it hangs this is what i see with a grepped ps:
>> >
>> > 500 13710 13677 0 13:19 pts/10 00:00:00 /bin/sh -c sudo -E -u
>> > colinlinux>/dev/null 2>&1 lrmadmin -C
> OK. This seems to be a deficiency in lrmd which got fixed later.
> But there was a workaround in crm shell for almost two years
> (iirc since pacemaker v1.1.5).
>
>> > **********************************************************
>> >
>>> > > "For this, if I understood correctly, you would like to take a look
>> > at ACLs. That doesn't require configuring sudo, i.e. the crm shell runs
>> > all the time as the real user and the cluster should be instructed by a
>> > set of ACL rules about users' rights."
>> >
>> > I haven't configured any ACLs yet - but i have given permissions (as a
>> > test) to all of dir /var/lib/heartbeat/crm with no luck
> That's not needed actually. And better not to change default
> permissions.
>
>> > What directorie(s) should i apply ACLs on?
> I meant the Pacemaker ACLs. But those are available starting with
> Pacemaker v1.1.6.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please note that any review, dissemination, disclosure, alteration, printing, circulation, retention or transmission of this e-mail and/or any file or attachment transmitted with it, is prohibited and may be unlawful. If you have received this e-mail or any file or attachment transmitted with it in error please notify postmaster at openet.com. Although Openet has taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
More information about the Pacemaker
mailing list