[Pacemaker] Can't issue 'crm configure' commands under privileged user

Colin McCormack colin.mccormack at openet.com
Thu Sep 27 13:57:08 UTC 2012 

Hi,

I can't issue 'crm configure' commands under a designated privileged user (via: crm options user priv_user) - pacemaker seems to be only be able to be configured via the 'root' user. Run with sudo it gives this error: 'cibadmin not available, check your installation'

Steps taken:

I installed pacemaker/corosync as root (details below):
Pacemaker version 1.0.12, release 1.el5.centos, x86_64
Corosync version 1.2.7, release 1.1.el5, x86_64

Started corosync under root:
service corosync start

Made config changes under root (for single-node setup):
crm configure property stonith-enabled=false
crm configure property no-quorum-policy=ignore
crm configure property start-failure-is-fatal=false

Allow user with privileged access to configure the node:
crm options user colinlinux

Now when i try to configure under my 'privileged user' a sample xclock & gnome-calculator process dependancy - it just hangs...

colinlinux# crm configure primitive xclock ocf:tester:xclock op monitor interval=20 timeout=20 start-delay=30s params run_user=colinlinux meta failure-timeout="360" migration-threshold=5 (HANGS HERE!)

colinlinux# crm configure primitive gnome-calculator ocf:openet:gnome-calculator op monitor interval=60s timeout=60s start-delay=30s op start timeout=90 op stop timeout=60 params run_user=colinlinux meta failure-timeout="360" migration-threshold=5 (never executes due to hang above)

WITH SUDO:
colinlinux# sudo crm configure primitive xclock ocf:tester:xclock op monitor interval=20 timeout=20 start-delay=30s params run_user=colinlinux meta failure-timeout="360" migration-threshold=5
error given:
# cibadmin not available, check your installation




Sudoers file:
root    ALL=(ALL)       ALL
colinlinux    ALL=(ALL)         NOPASSWD: ALL

User groups for colinlinux user:
# groups colinlinux
colinlinux : colinlinux haclient

PATH:
PATH=$PATH:$HOME/bin:/usr/sbin:/sbin
#which cibadmin
/usr/sbin/cibadmin

Corosync config file:
# Please read the corosync.conf.5 manual page
compatibility: whitetank

totem {
        version: 2
        secauth: off
        threads: 0
        interface {
                ringnumber: 0
bindnetaddr: 127.0.0.1
mcastaddr: 0.0.0.0
mcastport: 4000
        }
}

logging {
        fileline: off
        to_stderr: no
        to_logfile: yes
        to_syslog: no
        logfile: /tmp/corosync/log/coroLog.log
        debug: on
        timestamp: on
        logger_subsys {
                subsys: AMF
                debug: off
        }
}

amf {
        mode: disabled
}
aisexec {
    user:  root
    group: root
}
service {
    name: pacemaker
    ver: 0
}

Resource files:
See attached (basically the start action starts and returns success - then all other actions are dummies and just return success)
But we never get to the start action or any action because the first crm command hangs

Log files?:
No activity in the log files.


________________________________
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please note that any review, dissemination, disclosure, alteration, printing, circulation, retention or transmission of this e-mail and/or any file or attachment transmitted with it, is prohibited and may be unlawful. If you have received this e-mail or any file or attachment transmitted with it in error please notify postmaster at openet.com. Although Openet has taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120927/b0524828/attachment-0003.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gnome-calculator
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120927/b0524828/attachment-0006.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xclock
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120927/b0524828/attachment-0007.ksh>

More information about the Pacemaker mailing list