On 12/10/2011 10:35 AM, Larry Brigman wrote:
On Fri, Dec 9, 2011 at 3:19 PM, Andreas Kurz <andr...@hastexo.com <mailto:andr...@hastexo.com>> wrote:Hello Larry, On 12/09/2011 11:15 PM, Larry Brigman wrote: > I have installed pacemaker 1.1.5 and configure ACLs based on the info from > http://www.clusterlabs.org/doc/acls.html > > It looks like the user still does not have read access. > > Here is the acl section of config > <acls> > <acl_role id="monitor"> > <read id="monitor-read" xpath="/cib"/> > </acl_role> > <acl_user id="nvs"> > <role_ref id="monitor"/> > </acl_user> > <acl_user id="acm"> > <role_ref id="monitor"/> > </acl_user> > </acls> > > Here is what the user is getting: > [nvs@sweng0057 ~]$ crm node show > Signon to CIB failed: connection failed > Init failed, could not perform requested operations > ERROR: cannot parse xml: no element found: line 1, column 0 > [nvs@sweng0057 ~]$ crm status > > Connection to cluster failed: connection failed > > > Any ideas as to why this wouldn't work and what to fix? If you really followed exactly the guide ... did you check user nvs already is in group "haclient"? Thought of that. Adding the user to the haclient group removes any restrictions as I was able to write to the config without error.
Did you set "crm configure property enable-acl=true"? Without this, all users in the haclient group have full access.
Regards, Tim -- Tim Serong Senior Clustering Engineer SUSE tser...@suse.com _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
