Re: [Pacemaker] ACL setup

Wed, 04 Jan 2012 11:00:17 -0800 

On Mon, Dec 12, 2011 at 9:48 PM, Larry Brigman <larry.brig...@gmail.com>wrote:

> On Mon, Dec 12, 2011 at 4:38 PM, Andreas Kurz <andr...@hastexo.com> wrote:
>
>> On 12/12/2011 03:37 AM, Larry Brigman wrote:
>>
> ....
> [root@sweng0057 ~]# cibadmin -!
> Pacemaker 1.1.5-1.1.sme (Build:
> 01e86afaaa6d4a8c4836f68df80ababd6ca3902f):  docbook-manpages ncurses
> cs-quorum corosync
>
> Not enabled....
>
> That explains it.  The configure script doesn't enable acls by default so
> it's not built with
> them.
>
> I'll make another pass when I rebuild my rpm package.
>
> Testing new build still doesn't work when acl is enabled.

cibadmin -!
Pacemaker 1.1.5-1.2.sme (Build: 01e86afaaa6d4a8c4836f68df80ababd6ca3902f):
docbook-manpages ncurses cs-quorum corosync acl
[root@sweng0096 ~]# cibadmin --modify --xml-text '<cib
validate-with="pacemaker-1.1"/>'
[root@sweng0096 ~]# crm configure property enable-acl=true
[root@sweng0096 ~]# crm
crm(live)#
role monitor \
>         read xpath:"/cib"
crm(live)configure#  user nvs role:monitor
crm(live)configure# user acm role:monitor
crm(live)configure# commit
crm(live)configure# exit
bye
[root@sweng0096 ~]# su - nvs
[nvs@sweng0096 ~]$ crm status

Connection to cluster failed: connection failed


[root@sweng0096 ~]# cibadmin --query
output modified to only include relevent portions.
<cib epoch="16" num_updates="17" admin_epoch="0"
validate-with="pacemaker-1.1" crm_feature_set="3.0.5" have-quorum="0"
cib-last-written="Wed Jan  4 10:29:16 2012" dc-uuid="sweng0096.lab.c-cor.com
">
  <configuration>
    <crm_config>
      <cluster_property_set id="cib-bootstrap-options">
...
        <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl"
value="true"/>
      </cluster_property_set>
...
    <acls>
      <acl_role id="monitor">
        <read id="monitor-read" xpath="/cib"/>
      </acl_role>
      <acl_user id="nvs">
        <role_ref id="monitor"/>
      </acl_user>
      <acl_user id="acm">
        <role_ref id="monitor"/>
      </acl_user>
    </acls>
  </configuration>
...
</cib>

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Reply via email to