Hi Larry, On 01/05/12 02:53, Larry Brigman wrote: > On Mon, Dec 12, 2011 at 9:48 PM, Larry Brigman <larry.brig...@gmail.com > <mailto:larry.brig...@gmail.com>> wrote: > > On Mon, Dec 12, 2011 at 4:38 PM, Andreas Kurz <andr...@hastexo.com > <mailto:andr...@hastexo.com>> wrote: > > On 12/12/2011 03:37 AM, Larry Brigman wrote: > > .... > [root@sweng0057 ~]# cibadmin -! > Pacemaker 1.1.5-1.1.sme (Build: > 01e86afaaa6d4a8c4836f68df80ababd6ca3902f): docbook-manpages ncurses > cs-quorum corosync > > Not enabled.... > > That explains it. The configure script doesn't enable acls by > default so it's not built with > them. > > I'll make another pass when I rebuild my rpm package. > > Testing new build still doesn't work when acl is enabled. > > cibadmin -! > Pacemaker 1.1.5-1.2.sme (Build: > 01e86afaaa6d4a8c4836f68df80ababd6ca3902f): docbook-manpages ncurses > cs-quorum corosync acl > [root@sweng0096 ~]# cibadmin --modify --xml-text '<cib > validate-with="pacemaker-1.1"/>' This is not required any more. "pacemaker-1.2" schema support ACL too.
> [root@sweng0096 ~]# crm configure property enable-acl=true > [root@sweng0096 ~]# crm > crm(live)# > role monitor \ >> read xpath:"/cib" > crm(live)configure# user nvs role:monitor > crm(live)configure# user acm role:monitor > crm(live)configure# commit > crm(live)configure# exit > bye > [root@sweng0096 ~]# su - nvs > [nvs@sweng0096 ~]$ crm status > > Connection to cluster failed: connection failed What about: # id nvs # ls -ld /var/run/crm # ls -l /var/run/crm > > > [root@sweng0096 ~]# cibadmin --query > output modified to only include relevent portions. > <cib epoch="16" num_updates="17" admin_epoch="0" > validate-with="pacemaker-1.1" crm_feature_set="3.0.5" have-quorum="0" > cib-last-written="Wed Jan 4 10:29:16 2012" > dc-uuid="sweng0096.lab.c-cor.com <http://sweng0096.lab.c-cor.com>"> > <configuration> > <crm_config> > <cluster_property_set id="cib-bootstrap-options"> > ... > <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" > value="true"/> > </cluster_property_set> > ... > <acls> > <acl_role id="monitor"> > <read id="monitor-read" xpath="/cib"/> > </acl_role> > <acl_user id="nvs"> > <role_ref id="monitor"/> > </acl_user> > <acl_user id="acm"> > <role_ref id="monitor"/> > </acl_user> > </acls> > </configuration> > ... > </cib> > -- Gao,Yan <y...@suse.com> Software Engineer China Server Team, SUSE. _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
