[Pacemaker] user permissions to start / stop certain resource groups

Andrew Beekhof andrew at beekhof.net
Tue Jul 19 00:12:00 UTC 2011


On Mon, Jul 18, 2011 at 11:37 PM, Tegtmeier.Martin
<Martin.Tegtmeier at realtech.com> wrote:
> Hello Andrew,
>
> is it possible to create user based permissions allowing certain OS users to
> start / stop a resource group?

I believe so.

> These users should NOT be able to alter the
> cluster / resource configuration.

Well they do - that's how the cluster knows how to start/stop resources.
However, you can limit their access to the specific part (ie.
target-role) that triggers the start/stop events.

Yan should be able to point you to some additional documentation
regarding the specifics.
Yan: Can you also look at including that information into Pacemaker
Explained please?

>
> Background: Different SAP Systems running inside one cluster. The hardware,
> OS and cluster administration is separated from the SAP application
> administration (different teams). The SAP administrators should be able to
> start / stop / re-start their SAP system. They should not be able to control
> any other SAP System within the same cluster nor should they be allowed to
> change constraints, resource configurations, etc.
>
> If this is currently not possible would you consider it as an enhancement
> request?
>
> Thanks and regards,
>   -Martin Tegtmeier
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs:
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
>




More information about the Pacemaker mailing list