[Pacemaker] Can't issue 'crm configure' commands under privileged user
Andrew Beekhof
andrew at beekhof.net
Tue Oct 2 11:20:17 UTC 2012
On Tue, Oct 2, 2012 at 6:52 PM, Colin McCormack
<colin.mccormack at openet.com> wrote:
> Hi again,
>
>
> "OK. This seems to be a deficiency in lrmd which got fixed later. But
> there was a workaround in crm shell for almost two years (iirc since
> pacemaker v1.1.5)."
>
> What was this workaround - sorry for such low-level questions - but
> googling for this isn't very useful - they're all re-posts from this
> mailing i think
>
>
> "I meant the Pacemaker ACLs. But those are available starting with
> Pacemaker v1.1.6."
>
> I'm bound to CentOS 5.x - i did a yum install pacemaker corosync to get
> pacemaker - and the version the EPEL installed for me is 1.0.12 - can i
> get the latest version?
Check out http://clusterlabs.org/rpm-next for the latest pacemaker for
RHEL5 derivatives.
> yum update of course had no tagged updates.
> Cheers and thanks again
>
> Col
>
>
>
>
> On 10/01/12 10:06, pacemaker-request at oss.clusterlabs.org wrote:
>>
>> On Fri, Sep 28, 2012 at 04:51:36PM +0100, Colin McCormack wrote:
>>>
>>> > Hi Dejan - thanks for taking the time to respond again
>>> >
>>>>
>>>> > >"Hangs? Wasn't it in the first message that "cibadmin is not
>>>
>>> > available"? If it hangs, then you should check the process list
>>> > (pstree)
>>> > to see what the shell is doing at the time and take a look at the
>>> > logs."
>>> >
>>> > crm configure...
>>> > Hangs
>>> >
>>> > sudo crm configure...
>>> > cibadmin is not available is issued
>>> >
>>> > When it hangs this is what i see with a grepped ps:
>>> >
>>> > 500 13710 13677 0 13:19 pts/10 00:00:00 /bin/sh -c sudo -E -u
>>> > colinlinux>/dev/null 2>&1 lrmadmin -C
>>
>> OK. This seems to be a deficiency in lrmd which got fixed later.
>> But there was a workaround in crm shell for almost two years
>> (iirc since pacemaker v1.1.5).
>>
>>> > **********************************************************
>>> >
>>>>
>>>> > > "For this, if I understood correctly, you would like to take a
>>>> > look
>>>
>>> > at ACLs. That doesn't require configuring sudo, i.e. the crm shell
>>> > runs
>>> > all the time as the real user and the cluster should be instructed by
>>> > a
>>> > set of ACL rules about users' rights."
>>> >
>>> > I haven't configured any ACLs yet - but i have given permissions (as a
>>> > test) to all of dir /var/lib/heartbeat/crm with no luck
>>
>> That's not needed actually. And better not to change default
>> permissions.
>>
>>> > What directorie(s) should i apply ACLs on?
>>
>> I meant the Pacemaker ACLs. But those are available starting with
>> Pacemaker v1.1.6.
>
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you are not the intended recipient, please note that any review,
> dissemination, disclosure, alteration, printing, circulation, retention or
> transmission of this e-mail and/or any file or attachment transmitted with
> it, is prohibited and may be unlawful. If you have received this e-mail or
> any file or attachment transmitted with it in error please notify
> postmaster at openet.com. Although Openet has taken reasonable precautions to
> ensure no viruses are present in this email, we cannot accept responsibility
> for any loss or damage arising from the use of this email or attachments.
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
More information about the Pacemaker
mailing list