Hi,
I can't issue 'crm configure' commands under a designated privileged user (via:
crm options user priv_user) - pacemaker seems to be only be able to be
configured via the 'root' user. Run with sudo it gives this error: 'cibadmin
not available, check your installation'
Steps taken:
I installed pacemaker/corosync as root (details below):
Pacemaker version 1.0.12, release 1.el5.centos, x86_64
Corosync version 1.2.7, release 1.1.el5, x86_64
Started corosync under root:
service corosync start
Made config changes under root (for single-node setup):
crm configure property stonith-enabled=false
crm configure property no-quorum-policy=ignore
crm configure property start-failure-is-fatal=false
Allow user with privileged access to configure the node:
crm options user colinlinux
Now when i try to configure under my 'privileged user' a sample xclock &
gnome-calculator process dependancy - it just hangs...
colinlinux# crm configure primitive xclock ocf:tester:xclock op monitor interval=20
timeout=20 start-delay=30s params run_user=colinlinux meta
failure-timeout="360" migration-threshold=5 (HANGS HERE!)
colinlinux# crm configure primitive gnome-calculator ocf:openet:gnome-calculator op
monitor interval=60s timeout=60s start-delay=30s op start timeout=90 op stop timeout=60
params run_user=colinlinux meta failure-timeout="360" migration-threshold=5
(never executes due to hang above)
WITH SUDO:
colinlinux# sudo crm configure primitive xclock ocf:tester:xclock op monitor interval=20
timeout=20 start-delay=30s params run_user=colinlinux meta
failure-timeout="360" migration-threshold=5
error given:
# cibadmin not available, check your installation
Sudoers file:
root ALL=(ALL) ALL
colinlinux ALL=(ALL) NOPASSWD: ALL
User groups for colinlinux user:
# groups colinlinux
colinlinux : colinlinux haclient
PATH:
PATH=$PATH:$HOME/bin:/usr/sbin:/sbin
#which cibadmin
/usr/sbin/cibadmin
Corosync config file:
# Please read the corosync.conf.5 manual page
compatibility: whitetank
totem {
version: 2
secauth: off
threads: 0
interface {
ringnumber: 0
bindnetaddr: 127.0.0.1
mcastaddr: 0.0.0.0
mcastport: 4000
}
}
logging {
fileline: off
to_stderr: no
to_logfile: yes
to_syslog: no
logfile: /tmp/corosync/log/coroLog.log
debug: on
timestamp: on
logger_subsys {
subsys: AMF
debug: off
}
}
amf {
mode: disabled
}
aisexec {
user: root
group: root
}
service {
name: pacemaker
ver: 0
}
Resource files:
See attached (basically the start action starts and returns success - then all
other actions are dummies and just return success)
But we never get to the start action or any action because the first crm
command hangs
Log files?:
No activity in the log files.
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you are not the intended recipient, please note that any review, dissemination,
disclosure, alteration, printing, circulation, retention or transmission of
this e-mail and/or any file or attachment transmitted with it, is prohibited
and may be unlawful. If you have received this e-mail or any file or attachment
transmitted with it in error please notify postmas...@openet.com. Although
Openet has taken reasonable precautions to ensure no viruses are present in
this email, we cannot accept responsibility for any loss or damage arising from
the use of this email or attachments.
#!/bin/sh
#
#
# Incoming variables of the RA for Mediation Server
# OCF_RESKEY_port - ms port
# OCF_RESKEY_prod - FW prod path
# OCF_RESKEY_home - FW home path
# OCF_RESKEY_run_user - FW user ID
#
#######################################################################
# Initialization:
. ${OCF_ROOT}/resource.d/heartbeat/.ocf-shellfuncs
#######################################################################
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="gnome-calculator" version="0.9">
<version>1.0</version>
<longdesc lang="en">
displays gnome-calculator
</longdesc>
<shortdesc lang="en">display calc</shortdesc>
<parameters>
<parameter name="run_user" unique="0" required="1">
<longdesc lang="en">Username from which the resource action will run from, and
more importantly the environment it will run in</longdesc>
<shortdesc>Username that the resource is run under</shortdesc>
<content type="string" default="admin"/>
</parameter>
</parameters>
<actions>
<action name="start" timeout="90" interval="10" depth="5" />
<action name="stop" timeout="60" interval="10" depth="3" />
<action name="monitor" timeout="20" interval="10" depth="0"
start-delay="0" />
<action name="reload" timeout="90" />
<action name="migrate_to" timeout="90" />
<action name="migrate_from" timeout="90" />
<action name="meta-data" timeout="5" />
<action name="validate-all" timeout="60" />
</actions>
</resource-agent>
END
}
#######################################################################
ms_usage() {
cat <<END
usage: $0 {start|stop|monitor|migrate_to|migrate_from|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
END
}
ms_start()
{
gnome-calculator
return $OCF_SUCCESS
}
ms_stop() {
# dummy stop
return $OCF_SUCCESS
}
ms_monitor() {
# dummy stop
return $OCF_SUCCESS
}
ms_validate() {
# dummmy validate
return $OCF_SUCCESS
}
case $__OCF_ACTION in
meta-data) meta_data
exit $OCF_SUCCESS
;;
start) ms_start;;
stop) ms_stop;;
monitor) ms_monitor;;
migrate_to) ocf_log info "Migrating ${OCF_RESOURCE_INSTANCE} to
${OCF_RESKEY_CRM_meta_migrate_to}."
ms_stop
;;
migrate_from) ocf_log info "Migrating ${OCF_RESOURCE_INSTANCE} to
${OCF_RESKEY_CRM_meta_migrated_from}."
ms_start
;;
reload) ocf_log err "reload action started - starting resource again"
ms_start
;;
validate-all) ms_validate;;
usage|help) ms_usage
exit $OCF_SUCCESS
;;
*) ms_usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac
rc=$?
ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
exit $rc
#!/bin/sh
#######################################################################
# Initialization:
. ${OCF_ROOT}/resource.d/heartbeat/.ocf-shellfuncs
#######################################################################
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="xclock" version="0.9">
<version>1.0</version>
<longdesc lang="en">
displays xclock
</longdesc>
<shortdesc lang="en">displays xclock</shortdesc>
<parameters>
<parameter name="run_user" unique="0" required="1">
<longdesc lang="en">Username from which the resource action will run from, and
more importantly the environment it will run in</longdesc>
<shortdesc>Username that the resource is run under</shortdesc>
<content type="string" default="admin"/>
</parameter>
</parameters>
<actions>
<action name="start" timeout="60" interval="10" depth="5" />
<action name="stop" timeout="60" interval="10" depth="3" />
<action name="monitor" timeout="20" interval="10" depth="0"
start-delay="0" />
<action name="reload" timeout="60" />
<action name="migrate_to" timeout="60" />
<action name="migrate_from" timeout="60" />
<action name="meta-data" timeout="5" />
<action name="validate-all" timeout="60" />
</actions>
</resource-agent>
END
}
#######################################################################
ns_usage() {
cat <<END
usage: $0 {start|stop|monitor|migrate_to|migrate_from|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
END
}
ns_start() {
# JUST START IT UP
xclock
return $OCF_SUCCESS
}
ns_stop() {
# DUMMY STOP
return $OCF_SUCCESS
}
ns_monitor() {
# DUMMY MONITOR ACTION
return $OCF_SUCCESS
}
ns_validate() {
return $OCF_SUCCESS
}
case $__OCF_ACTION in
meta-data) meta_data
exit $OCF_SUCCESS
;;
start) ns_start;;
stop) ns_stop;;
monitor) ns_monitor;;
migrate_to) ocf_log info "Attempting Migrating ${OCF_RESOURCE_INSTANCE} to
${OCF_RESKEY_CRM_meta_migrate_to}."
ns_stop
;;
migrate_from) ocf_log info "Attempting Migrating ${OCF_RESOURCE_INSTANCE} to
${OCF_RESKEY_CRM_meta_migrated_from}."
ns_start
;;
reload) ocf_log info "reload action started - starting resource again"
ns_start
;;
validate-all) ns_validate;;
usage|help) ns_usage
exit $OCF_SUCCESS
;;
*) ns_usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac
rc=$?
ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
exit $rc
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
