On Fri, Dec 9, 2011 at 3:19 PM, Andreas Kurz <andr...@hastexo.com> wrote:
> Hello Larry, > > On 12/09/2011 11:15 PM, Larry Brigman wrote: > > I have installed pacemaker 1.1.5 and configure ACLs based on the info > from > > http://www.clusterlabs.org/doc/acls.html > > > > It looks like the user still does not have read access. > > > > Here is the acl section of config > > <acls> > > <acl_role id="monitor"> > > <read id="monitor-read" xpath="/cib"/> > > </acl_role> > > <acl_user id="nvs"> > > <role_ref id="monitor"/> > > </acl_user> > > <acl_user id="acm"> > > <role_ref id="monitor"/> > > </acl_user> > > </acls> > > > > Here is what the user is getting: > > [nvs@sweng0057 ~]$ crm node show > > Signon to CIB failed: connection failed > > Init failed, could not perform requested operations > > ERROR: cannot parse xml: no element found: line 1, column 0 > > [nvs@sweng0057 ~]$ crm status > > > > Connection to cluster failed: connection failed > > > > > > Any ideas as to why this wouldn't work and what to fix? > > If you really followed exactly the guide ... did you check user nvs > already is in group "haclient"? > Thought of that. Adding the user to the haclient group removes any restrictions as I was able to write to the config without error. > > You may only need to "reload" group membership for nvs by doing a > logout/login or a "su - nvs". > > Also did a logout/login and rerun the commands. With the info as written, it doesn't work for me. At the suggestion from one of my developers I changed the role from monitor to view. This forced me to remove the user as I could not add a new role to the same user. No success.
_______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
