[Pacemaker] pacemaker monitoring user permision denied
Michael Schwartzkopff
misch at clusterbau.com
Mon Apr 22 16:55:16 UTC 2013
Am Montag, 22. April 2013, 15:45:32 schrieb Wolfgang Routschka:
> Hi everbody,
>
> I want to monitor our pacemaker/cman cluster on scientific linux 6.4 RHEL
> clone with nagios .
>
> After reading documentation http://clusterlabs.org/doc/acls.html and
> configuration my nagios user isn´t able to start crm_mon
>
> "Attempting connection to the cluster...Could not establish cib_ro
> connection: Permission denied (13)"
>
> User is in haclient group
>
> [nagios at xx ~]$ id
> uid=510(nagios) gid=310(nagios) Gruppen=310(nagios),498(haclient)
>
> I used Pacemaker 1.1.8-7.el6.x86_64
>
> My CIB schema is configured for pacemaker-1.2
>
> <cib epoch="259" num_updates="31" admin_epoch="0"
> validate-with="pacemaker-1.2"
>
> enable acl is configured
>
> crm configure show
>
> property $id="cib-bootstrap-options" \
> dc-version="1.1.8-7.el6-394e906" \
> cluster-infrastructure="cman" \
> no-quorum-policy="ignore" \
> stonith-enabled="false" \
> enable-acl="true"
>From the docs:
crm configure property enable-acl=true
Once this is done, ACLs can be configured as described below.
Note that the root and hacluster users will always have full access.
So you enable the read-only access for your user "nagios"?
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20130422/a389639b/attachment.htm>
More information about the Pacemaker
mailing list