[Pacemaker] crmsh dosn't respect the acl read permissions

Andrew Beekhof andrew at beekhof.net
Tue Jul 9 06:41:44 UTC 2013


On 09/07/2013, at 3:29 PM, emmanuel segura <emi2fast at gmail.com> wrote:

> Hi
> 
> I compiled pacemaker using the following commands
> 
> git clone git://github.com/ClusterLabs/pacemaker.git
> cd pacemaker
> make rpm-dep
> make rpm
> 
> But the acls are not enable by default?

no

> 
> Thanks
> 
> 
> 
> 2013/7/9 Gao,Yan <ygao at suse.com>
> Hi,
> Was pacemaker built "--with-acl"? Is "acls" listed in the output of
> "cibadmin -!"?
> 
> Regards,
>   Gao,Yan
> 
> On 07/08/13 17:57, emmanuel segura wrote:
> > Hi
> >
> > I did
> >
> > Thanks
> >
> >
> > 2013/7/8 Dejan Muhamedagic <dejanmm at fastmail.fm
> > <mailto:dejanmm at fastmail.fm>>
> >
> >     Hi,
> >
> >     On Mon, Jul 08, 2013 at 12:52:07AM +0200, emmanuel segura wrote:
> >     > Hello List
> >     >
> >     > Maybe this is wrong the wrong list, but now i'm playing with pacemaker
> >     > 1.10  and a i see the crmsh dosn't respeact the read permissions
> >     like i
> >     > show below
> >     >
> >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >     > [root at nod01 ~]# id watch
> >     > uid=505(watch) gid=100(users) groups=100(users),989(haclient)
> >     >
> >     > [root at nod01 ~]# crm configure show | grep dc
> >     >     dc-version="1.1.10-1.fc18-e04c603" \
> >     >     dc-deadtime="30"
> >     >
> >     > [root at nod01 ~]# su - watch
> >     > [watch at nod01 ~]$ crm configure property dc-deadtime="60"
> >     > [watch at nod01 ~]$ crm configure show | grep dc
> >     >     dc-version="1.1.10-1.fc18-e04c603" \
> >     >     dc-deadtime="60"
> >
> >     > My acl
> >     >
> >     > role monitor \
> >     >     read cib
> >     > user watch \
> >     >     role:monitor
> >     >
> >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >     Did you also set:
> >
> >     crm configure property enable-acl=true
> >
> >     BTW, it is not crmsh but cib (the process) which evaluates the
> >     ACL.
> >
> >     Thanks,
> >
> >     Dejan
> >
> >     >
> >     >
> >     > Thanks
> >     >
> >     >
> >     > --
> >     > esta es mi vida e me la vivo hasta que dios quiera
> >
> >     > _______________________________________________
> >     > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> >     <mailto:Pacemaker at oss.clusterlabs.org>
> >     > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >     >
> >     > Project Home: http://www.clusterlabs.org
> >     > Getting started:
> >     http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> >     > Bugs: http://bugs.clusterlabs.org
> >
> >
> >     _______________________________________________
> >     Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> >     <mailto:Pacemaker at oss.clusterlabs.org>
> >     http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> >     Project Home: http://www.clusterlabs.org
> >     Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> >     Bugs: http://bugs.clusterlabs.org
> >
> >
> >
> >
> > --
> > esta es mi vida e me la vivo hasta que dios quiera
> >
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs: http://bugs.clusterlabs.org
> >
> 
> --
> Gao,Yan <ygao at suse.com>
> Software Engineer
> China Server Team, SUSE.
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
> 
> 
> 
> -- 
> esta es mi vida e me la vivo hasta que dios quiera
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org





More information about the Pacemaker mailing list