<div class="gmail_quote">On Mon, Dec 12, 2011 at 9:48 PM, Larry Brigman <span dir="ltr"><<a href="mailto:larry.brigman@gmail.com">larry.brigman@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="HOEnZb"><div class="h5"><div class="gmail_quote">On Mon, Dec 12, 2011 at 4:38 PM, Andreas Kurz <span dir="ltr"><<a href="mailto:andreas@hastexo.com" target="_blank">andreas@hastexo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>On 12/12/2011 03:37 AM, Larry Brigman wrote:<br></div></blockquote></div>....<br></div></div>[root@sweng0057 ~]# cibadmin -!<br>Pacemaker 1.1.5-1.1.sme (Build: 01e86afaaa6d4a8c4836f68df80ababd6ca3902f):  docbook-manpages ncurses cs-quorum corosync<br>
<br>Not enabled....<br>
<br>That explains it.  The configure script doesn't enable acls by default so it's not built with<br>them.<br><br>I'll make another pass when I rebuild my rpm package.<br><br></blockquote><div>Testing new build still doesn't work when acl is enabled.<br>
<br>cibadmin -!<br>Pacemaker 1.1.5-1.2.sme (Build: 01e86afaaa6d4a8c4836f68df80ababd6ca3902f):  docbook-manpages ncurses cs-quorum corosync acl<br>[root@sweng0096 ~]# cibadmin --modify --xml-text '<cib validate-with="pacemaker-1.1"/>'<br>
[root@sweng0096 ~]# crm configure property enable-acl=true<br>[root@sweng0096 ~]# crm <br>crm(live)# <br>role monitor \<br>>         read xpath:"/cib"<br>crm(live)configure#  user nvs role:monitor<br>crm(live)configure# user acm role:monitor<br>
crm(live)configure# commit<br>crm(live)configure# exit<br>bye<br>[root@sweng0096 ~]# su - nvs<br>[nvs@sweng0096 ~]$ crm status<br><br>Connection to cluster failed: connection failed<br><br><br>[root@sweng0096 ~]# cibadmin --query<br>
output modified to only include relevent portions.<br><cib epoch="16" num_updates="17" admin_epoch="0" validate-with="pacemaker-1.1" crm_feature_set="3.0.5" have-quorum="0" cib-last-written="Wed Jan  4 10:29:16 2012" dc-uuid="<a href="http://sweng0096.lab.c-cor.com">sweng0096.lab.c-cor.com</a>"><br>
  <configuration><br>    <crm_config><br>      <cluster_property_set id="cib-bootstrap-options"><br>...<br>        <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/><br>
      </cluster_property_set><br>...<br>    <acls><br>      <acl_role id="monitor"><br>        <read id="monitor-read" xpath="/cib"/><br>      </acl_role><br>      <acl_user id="nvs"><br>
        <role_ref id="monitor"/><br>      </acl_user><br>      <acl_user id="acm"><br>        <role_ref id="monitor"/><br>      </acl_user><br>    </acls><br>
  </configuration><br>...<br></cib><br><br></div></div><br>