[Pacemaker] pacemaker monitoring user permision denied

Michael Schwartzkopff misch at clusterbau.com
Mon Apr 22 16:55:16 UTC 2013


Am Montag, 22. April 2013, 15:45:32 schrieb Wolfgang Routschka:
> Hi everbody,
> 
> I want to monitor our pacemaker/cman cluster on scientific linux 6.4 RHEL
> clone with nagios .
> 
> After reading documentation http://clusterlabs.org/doc/acls.html and
> configuration my nagios user isn´t able to start crm_mon
> 
> "Attempting connection to the cluster...Could not establish cib_ro
> connection: Permission denied (13)"
> 
> User is in haclient group
> 
> [nagios at xx ~]$ id
> uid=510(nagios) gid=310(nagios) Gruppen=310(nagios),498(haclient)
> 
> I used Pacemaker 1.1.8-7.el6.x86_64
> 
> My CIB schema is configured for pacemaker-1.2
> 
> <cib epoch="259" num_updates="31" admin_epoch="0"
> validate-with="pacemaker-1.2"
> 
> enable acl is configured
> 
> crm configure show
> 
> property $id="cib-bootstrap-options" \
>       dc-version="1.1.8-7.el6-394e906" \
>       cluster-infrastructure="cman" \
>         no-quorum-policy="ignore" \
>         stonith-enabled="false" \
>         enable-acl="true"

>From the docs:
crm configure property enable-acl=true
Once this is done, ACLs can be configured as described below.
Note that the root and hacluster users will always have full access.

So you enable the read-only access for your user "nagios"?

-- 
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20130422/a389639b/attachment.htm>


More information about the Pacemaker mailing list