[Pacemaker] Can't issue 'crm configure' commands under privileged user
Lars Marowsky-Bree
lmb at suse.com
Thu Sep 27 10:40:15 EDT 2012
On 2012-09-27T14:57:08, Colin McCormack <colin.mccormack at openet.com> wrote:
> I installed pacemaker/corosync as root (details below):
> Pacemaker version 1.0.12, release 1.el5.centos, x86_64
> Corosync version 1.2.7, release 1.1.el5, x86_64
You have the user in the haclient group, and thus it should be able to
control the cluster. Perhaps
> Allow user with privileged access to configure the node:
> crm options user colinlinux
This doesn't "allow" the user to configure the cluster, but runs all
commands from crm as this user (even if running as root). I'm not sure
this is very well tested.
> WITH SUDO:
> colinlinux# sudo crm configure primitive xclock ocf:tester:xclock op monitor interval=20 timeout=20 start-delay=30s params run_user=colinlinux meta failure-timeout="360" migration-threshold=5
> error given:
> # cibadmin not available, check your installation
I have the impression that the user colinlinux doesn't have /usr/sbin in
its path.
If you want to restrict the commands that a non-root user can execute on
the cluster, check out the CIB and the shell's ACL support.
Regards,
Lars
--
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
More information about the Pacemaker
mailing list