[Pacemaker] IPaddr resource agent on Illumos

Andrew Beekhof andrew at beekhof.net
Sat Oct 25 07:19:24 EDT 2014 

> On 25 Oct 2014, at 8:11 pm, Grüninger, Andreas (LGL Extern) <Andreas.Grueninger at lgl.bwl.de> wrote:
> 
> I guess corosync and pacemaker are started as user hacluster
>  
> The method start of the init script managed by SMF:
>> start() {
>         stop
>         su ${CLUSTER_USER} -c ${APPPATH}${COROSYNC}
>         sleep $sleep0
>         su ${CLUSTER_USER} -c ${APPPATH}${PACEMAKERD} &
>         return 0
> }
> ….
>  

As long as people know this is unsupportable

> root at zd-sol-s1:~# ps -ef|grep lrmd
> hacluster  3886  3882   0   Oct 23 ?           0:06 /opt/ha/libexec/pacemaker/lrmd
>     root 17397  3312   0 11:03:59 pts/2       0:00 grep lrmd
>  
> In this case you need sudo.
> Alternatively you may add the necessary RBAC roles.
>  
>  
> Von: Vincenzo Pii [mailto:piiv at zhaw.ch] 
> Gesendet: Freitag, 24. Oktober 2014 14:11
> An: Andrew Beekhof
> Cc: The Pacemaker cluster resource manager
> Betreff: Re: [Pacemaker] IPaddr resource agent on Illumos
>  
> I think I have a pretty custom setup, so the IPaddr script is being run by hacluster (added a whoami echo and checked the logs to be sure).
>  
> Anyway, the passwordless sudo works around the problem :)!
>  
> Thanks,
> Vincenzo.
>  
> 2014-10-24 7:37 GMT+02:00 Andrew Beekhof <andrew at beekhof.net>:
> 
> > On 24 Oct 2014, at 3:13 am, Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> >
> > В Thu, 23 Oct 2014 17:51:24 +0200
> > Vincenzo Pii <piiv at zhaw.ch> пишет:
> >
> >> I am trying to run the IPaddr resource agent on an active/passive cluster
> >> on Illumos nodes (pacemaker, corosync, crm... built from updated sources).
> >>
> >> By reading the example from Saso here
> >> http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html,
> >> this would seem straightforward and this makes me think that I am doing
> >> something wrong :)!
> >>
> >> I patched the IPaddr script to use /usr/bin/gnu/sh and to avoid finding a
> >> free interface with \" grep "^$NIC:[0-9]" \" as that is just not the case,
> >> but now I am stuck at trying to configure the ip address.
> >>
> >> This, in the script, is done with ifconfig (something like
> >>
> >>    ifconfig e1000g2 inet 10.0.100.4 && ifconfig e1000g2 netmask
> >> 255.255.255.0 && ifconfig e1000g2 up
> >>
> >> ).
> >>
> >> However, the script is run by the hacluster user, which cannot write
> >> network configuration settings.
> >>
> >
> > Unless I'm completely confused, resource scripts are launched by lrmd
> > which runs as root.
> 
> Correct
> 
> >
> >> To solve this problem, I am now looking at profiles, roles and
> >> authorizations, which seems to be a very "user friendly" way to handle
> >> permissions in Solaris.
> >>
> >> My question is: there is no mention of this in Saso's post, or other
> >> discussions (even thought old ones) that I've come across today; am I
> >> missing something obvious, or this is just the way it has to be?
> >>
> >> This is how I configure the IPaddr prmitive:
> >>
> >> # ipadm create-if e1000g2
> >> # crm configure primitive frontend_IP ocf:heartbeat:IPaddr params
> >> ip="10.0.100.4" cidr_netmask="255.255.255.0" nic="e1000g2"
> >>
> >> Many thanks,
> >> Vincenzo.
> >>
> >
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs: http://bugs.clusterlabs.org
> 
> 
> 
>  
> -- 
> Vincenzo Pii
> Researcher, InIT Cloud Computing Lab
> Zurich University of Applied Sciences (ZHAW)
> blog.zhaw.ch/icclab

More information about the Pacemaker mailing list