On Sun, Dec 11, 2011 at 5:01 PM, Tim Serong <tser...@suse.com> wrote:
> On 12/10/2011 10:35 AM, Larry Brigman wrote: > >> On Fri, Dec 9, 2011 at 3:19 PM, Andreas Kurz <andr...@hastexo.com >> <mailto:andr...@hastexo.com>> wrote: >> >> Hello Larry, >> >> On 12/09/2011 11:15 PM, Larry Brigman wrote: >> > I have installed pacemaker 1.1.5 and configure ACLs based on the >> info from >> > >> http://www.clusterlabs.org/**doc/acls.html<http://www.clusterlabs.org/doc/acls.html> >> > >> > It looks like the user still does not have read access. >> > >> > Here is the acl section of config >> > <acls> >> > <acl_role id="monitor"> >> > <read id="monitor-read" xpath="/cib"/> >> > </acl_role> >> > <acl_user id="nvs"> >> > <role_ref id="monitor"/> >> > </acl_user> >> > <acl_user id="acm"> >> > <role_ref id="monitor"/> >> > </acl_user> >> > </acls> >> > >> > Here is what the user is getting: >> > [nvs@sweng0057 ~]$ crm node show >> > Signon to CIB failed: connection failed >> > Init failed, could not perform requested operations >> > ERROR: cannot parse xml: no element found: line 1, column 0 >> > [nvs@sweng0057 ~]$ crm status >> > >> > Connection to cluster failed: connection failed >> > >> > >> > Any ideas as to why this wouldn't work and what to fix? >> >> If you really followed exactly the guide ... did you check user nvs >> already is in group "haclient"? >> >> Thought of that. >> >> Adding the user to the haclient group removes any restrictions as I was >> able to >> write to the config without error. >> > > Did you set "crm configure property enable-acl=true"? Without this, all > users in the haclient group have full access. > > That was the second setting I added or changed. The first was the schema to pacemaker-1.1. Exactly like the acl page. I verified that both the schema and acl were configured in with a dump of the xml.
_______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
