[Pacemaker] IPaddr resource agent on Illumos
Grüninger, Andreas (LGL Extern)
Andreas.Grueninger at lgl.bwl.de
Sat Oct 25 05:11:46 EDT 2014
I guess corosync and pacemaker are started as user hacluster
The method start of the init script managed by SMF:
…
start() {
stop
su ${CLUSTER_USER} -c ${APPPATH}${COROSYNC}
sleep $sleep0
su ${CLUSTER_USER} -c ${APPPATH}${PACEMAKERD} &
return 0
}
….
root at zd-sol-s1:~# ps -ef|grep lrmd
hacluster 3886 3882 0 Oct 23 ? 0:06 /opt/ha/libexec/pacemaker/lrmd
root 17397 3312 0 11:03:59 pts/2 0:00 grep lrmd
In this case you need sudo.
Alternatively you may add the necessary RBAC roles.
Von: Vincenzo Pii [mailto:piiv at zhaw.ch]
Gesendet: Freitag, 24. Oktober 2014 14:11
An: Andrew Beekhof
Cc: The Pacemaker cluster resource manager
Betreff: Re: [Pacemaker] IPaddr resource agent on Illumos
I think I have a pretty custom setup, so the IPaddr script is being run by hacluster (added a whoami echo and checked the logs to be sure).
Anyway, the passwordless sudo works around the problem :)!
Thanks,
Vincenzo.
2014-10-24 7:37 GMT+02:00 Andrew Beekhof <andrew at beekhof.net<mailto:andrew at beekhof.net>>:
> On 24 Oct 2014, at 3:13 am, Andrei Borzenkov <arvidjaar at gmail.com<mailto:arvidjaar at gmail.com>> wrote:
>
> В Thu, 23 Oct 2014 17:51:24 +0200
> Vincenzo Pii <piiv at zhaw.ch<mailto:piiv at zhaw.ch>> пишет:
>
>> I am trying to run the IPaddr resource agent on an active/passive cluster
>> on Illumos nodes (pacemaker, corosync, crm... built from updated sources).
>>
>> By reading the example from Saso here
>> http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html,
>> this would seem straightforward and this makes me think that I am doing
>> something wrong :)!
>>
>> I patched the IPaddr script to use /usr/bin/gnu/sh and to avoid finding a
>> free interface with \" grep "^$NIC:[0-9]" \" as that is just not the case,
>> but now I am stuck at trying to configure the ip address.
>>
>> This, in the script, is done with ifconfig (something like
>>
>> ifconfig e1000g2 inet 10.0.100.4 && ifconfig e1000g2 netmask
>> 255.255.255.0 && ifconfig e1000g2 up
>>
>> ).
>>
>> However, the script is run by the hacluster user, which cannot write
>> network configuration settings.
>>
>
> Unless I'm completely confused, resource scripts are launched by lrmd
> which runs as root.
Correct
>
>> To solve this problem, I am now looking at profiles, roles and
>> authorizations, which seems to be a very "user friendly" way to handle
>> permissions in Solaris.
>>
>> My question is: there is no mention of this in Saso's post, or other
>> discussions (even thought old ones) that I've come across today; am I
>> missing something obvious, or this is just the way it has to be?
>>
>> This is how I configure the IPaddr prmitive:
>>
>> # ipadm create-if e1000g2
>> # crm configure primitive frontend_IP ocf:heartbeat:IPaddr params
>> ip="10.0.100.4" cidr_netmask="255.255.255.0" nic="e1000g2"
>>
>> Many thanks,
>> Vincenzo.
>>
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org<mailto:Pacemaker at oss.clusterlabs.org>
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
--
Vincenzo Pii
Researcher, InIT Cloud Computing Lab
Zurich University of Applied Sciences (ZHAW)
blog.zhaw.ch/icclab<http://blog.zhaw.ch/icclab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20141025/a9b8cf56/attachment-0003.html>
More information about the Pacemaker
mailing list